Manualshelf

Product guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
51525354555657585960
Unconfigure Intel
®
AMT systems using policy
You can unconfigure your Intel
®
AMT systems using the Intel
®
AMT configuration policy.
Task
For option definitions, click ? in the interface.
1
In the McAfee ePO console, navigate to Policy Catalog, select ePO Deep Command 2.1.0 as the product and
AMT Configuration Policies as the category, then click New Policy.
2
In the New Policy dialog box, perform these steps:
a
Select McAfee Default, type a name for the unconfiguration policy and any notes, then click OK.
b
Select Allow ePO to enforce these settings, then perform one of these steps based on configuration
mode of systems.
Admin Control mode — Select Remote configure to enable Admin Control Mode, select Unconfigure (if
currently configured by ePO), and then select the Intel
®
RCS server and profile used for the
configuration.
Client Control mode — Select Host-based configure to enable Client Control Mode, select Unconfigure (if
currently configured by ePO), and then select the profile used for the configuration. The Intel
®
AMT
systems in this mode do not require an Intel
®
RCS server. They use the host-based profile to
configure or unconfigure the client.
c
Select the appropriate unconfigure options.
Also remove the pre-shared keys or hash data of self-signed CA certificates configured on the client systems manually.
— To remove the configuration completely (recommended).
Force unconfigure even if it is not configured by ePO — To remove the configuration from a system that
was not configured using McAfee ePO.
d
Save the policy.
3
In the System Tree, assign the policy to the required systems or group.
Systems — Click Actions | Agent | Set Policies & Inheritance, select ePO Deep Command 2.1 as the product,
select AMT Configuration Policies as the category, select the unconfiguration policy, select Break
Inheritance, then save the policy assignment.
Group — Select the group, select ePO Deep Command 2.1 as the product, click Edit Assignment next to
AMT Configuration Policies, select the unconfiguration policy under Assigned policy, then save the policy
assignment.
4
Enforce the policy using one of these methods:
Wait for the next agent-server communication or send an agent wake-up call.
From the Intel
®
AMT systems, click McAfee Agent Status Monitor, then click Collect and Send Properties,
Check New Policies, and Enforce Policies.
Click Actions | AMT Actions | Enforce AMT Firmware Configuration Policy.
On successful policy enforcement, the selected Intel
®
AMT system is unconfigured. To verify, navigate
to the System Properties page, click the Deep Command tab, and make sure that the Configuration State is Pre
Configuration.
See also
Create a policy to unconfigure Intel AMT systems on page 94
Identify unconfigured systems
Create and execute a query, which retrieves a list of Intel
®
AMT systems that are unconfigured.
Configuring Intel AMT systems
Unconfigure Intel AMT systems through McAfee ePO
4
McAfee ePO Deep Command 2.1.0 Product Guide
55