Copyright (C) 2007 Intel Corporation Intel(R) Active Management Technology (Intel AMT): A short description of the SDK's WS-Management C++ samples for developers. Introduction: ------------- Intel AMT SDK WS-Management C++ Samples implement different usages of AMT features. Samples use these dlls as infrastructure: CPPCimFramework.dll CPPCimFramework_x64.dll CPPCimFrameworkUntyped.dll CPPCimFrameworkUntyped_x64.dll Dlls source code can be found in the WS-ManagementCpp module. Intel AMT SDK WS-Management C++ Samples directory includes the following sample applications; see readme file provided with each sample for additional information. Note: To ensure that security is maintained, the samples should be run from a directory that can be accessed only by the Administrator user. This is to prevent unauthorized manipulation of files in the directory. ACL: A C++ sample that demonstrates building and retrieving ACL entries. AssetDisplayTyped: A C++ sample applications that demonstrates the use of the Hardware Asset interface. AccessMonitor: A C++ sample that demonstrates management of the Intel AMT Access Monitor. EventLogReader: A C++ sample that demonstrates reading of the event log. EventManager: A C++ sample that demonstrates configuring events and receipt of event notifications. GeneralInfo: A C++ sample that demonstrates reading Intel AMT status using the GeneralInfo structures. RemoteAccessAdmin: A C++ sample application that demonstrates the use of the Intel Amt RemoteAccessAdmin interface. RemoteControl: A C++ sample application that demonstrates the use of the Remote Control interface. WirelessConfiguration: A C++ sample application that demonstrates the use of the Wireless Configuration interface. WS-Eventing: A C++ sample that demonstrates configuring events and receipt of event notification using the WS-Eventing mechanism. How to Build: ------------- In order to compile the sources: 1) Use Visual Studio and the latest windows SDK toolkit. 2) Open the VS project from the Src folder\Sample. Each sample has its own VS project. 3) Invoke build from the Visual Studio menu. Usage: ------ -host [-user -pass ] [-krb] [-tls -certname –acceptselfsignedcert] [-proxy [-proxyUser -proxyPass ]] name of executable [Option] sample options as defined for each sample [-verbose] printing in verbose mode [-host] the Intel AMT machines's host name or IP address [-user] the Intel AMT machine's username [-pass] the Intel AMT machine's password [-tls] in order to work over TLS [-krb] in order to work via kerberos authentication [-certname] specifies the client certificate's Common Name [-acceptselfsignedcert] is used to accept self signed certificate. If set, in case that the certificate is self-signed, the sample application will ignore certificate errors [-proxy] the proxy server IP address or host name [-proxyUser] proxy username (if it was defined) [-proxyPass] proxy password (if it was defined) Notes: 1. If -user -pass are defined the Digest authentication scheme is used, if -krb is used the Kerberos authentication scheme will be attempted. If specified, the kerberos user should be given in domain\name format 2. If -certname option is defined, specifies the client certificate's Common Name (CN). If this option is not specified, the sample application will search the certificate store for a client certificate matching Intel AMT requirements. The first such certificate found will be used for authentication. 3. The –acceptselfsignedcert option is used to accept self signed certificate. If set, in case the certificate is self-signed, the sample application will ignore any certificate errors. 4. If -proxy option defined the connection with Intel AMT will be through the proxy server. If the proxy server username and password were defined the options and should be defined. Examples: how to run samples from the command line: 1. Using username and password -host 10.0.0.1 -user AMTusername -pass AMTpassword 2. Kerberos -host 10.0.0.1 3. TLS mode mutual authentication -host desktop.demo.intel.com -certName management_console.intel.com -user AMTusername -pass AMTpassword 4. TLS mode server authentication -host desktop.demo.intel.com -tls -user AMTusername -pass AMTpassword 5. Using proxy -host 10.0.0.1 -user AMTusername -pass AMTpassword -proxy 10.0.0.1:9090 -proxyUser proxyusername -proxyPass proxyPassword Adittional information: ----------------------- The C++ samples use an abstraction layer that allows working with WinRM, OpenWSMAN or gSOAP. See the GeneralInfo sample which demonstrates how to use either 3rd party layer. Notes: ------ 1. When using C++ WS-Management sample in Kerberos mode, you should verify first that the WinHTTP proxy configured properly by using "netsh" command. 2. When using the C++ WS-Management sample over openwsman, windows error codes can be returned. For more information concerning these errors see the HRESULT Values in Microsoft MSDN library. MSDN can be founded at: http://msdn.microsoft.com/he-il/default(en-us).aspx Microsoft WinRM*: ----------------- For the samples to work, make sure that WinRM has been activated and that a WinRM listener is working. Be sure you have proper permissions to run the following commands (try running from an administrator account). Use the following steps to perform initial configuration of WinRM: 1. Type the following line in the command window: winrm quickconfig (The command questions whether you really want to enable Windows Remote Management: "WinRM is not set up to allow remote access to this machine for management. The following changes must be made: Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine" press 'y' to continue) To see the configuration type: winrm get winrm/config To see the list of Listeners: winrm enumerate winrm/config/Listener 2. UnEncryption: To set UnEncryption, either use the GPO GUI or the command line. To use the Group Policy GUI, enter the following on the command line: gpedit.msc Select Computer Configuration -> Administrative Templates -> -> Windows Components -> Windows Remote Management and update the following: WinRM client: Allow Basic Authentication: Enabled Allow unencrypted traffic: Enabled These and other changes can also be done in the command line. For example if you want to set the "Allow Unencrypted" to "true" then type: winrm set winrm/config/client @{AllowUnencrypted="true"} 3. Address: enter the target IP (Intel AMT device IP) to the trusted hosts type: winrm set winrm/config/client @{TrustedHosts="IP"} (Where 'IP' is the IP address of the Intel AMT device) (When running a WS-Management sample, set the -host parameter to the same value of the WinRM TrustedHost parameter; a hostname cannot substitute the IP address if an IP address has been supplied to WinRM, and vice versa.) 4. To configure MPS as the proxy, follow the instructions on configuring a proxy for WinRM at: http://msdn2.microsoft.com/en-us/library/aa384372(VS.85).aspx 5. The default encoding of WinRM is UTF-16, however, Intel AMT works only with UTF-8. To do so it is required to add "-encoding:utf-8" option. 6. Example of winRM command: winrm identify -remote:10.10.10.20:16992/wsman -u:admin -p:Admin!23 -a:Digest -encoding:utf-8 To use WinRM with Kerberos follow the steps: -------------------------------------------- 1. Set the authentication to Kerberos: WinRM service: winrm set winrm/config/service/auth @{Kerberos="true"} WinRM client: winrm set winrm/config/client/auth @{Kerberos="true"} 2. Port: -SPNPort Specifies a port number to append to the Service Principal Name (SPN) of the remote service. The utility uses the SPN for authentication purposes when using Negotiate or Kerberos authentication. Use -SPNPort flag when execute command via WinRM. 3. UnEncryption: Use -unencrypted flag when executing the command via WinRM. 4. Example of winRM command: winrm enumerate http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ComputerSystem -r:http://10.10.10.20:16992/wsman -u:admin -p:Admin!98 -encoding:utf-8 -a:Kerberos -SPNPort -unencrypted For more help on this issue type WinRM -? on the command line. ------------------------------------------------------------------- * Other names and brands may be claimed as the property of others.