2017-08-28 19:27:45 +03:00
{
2017-10-15 09:22:19 +03:00
"scriptText": "##### Starting Block #####\nprint \"Script Started\"\n\n##### Block: Remote - Remove Trigger #####\nHighlightBlock __t 0\njsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\nsplit policiesArr \"0,1,2\" \",\"\nlength policiesArrLen policiesArr\nset i 0\n:loop-0\nset curPolicy hMapPolicies.{policiesArr.{i}}\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\nadd i i 1\njump :loop-0 i \"<\" policiesArrLen\nprint \"Policies removed successfully\"\nset PullRemoteAccess 1\nset AMT_RemoteAccessPolicyRule\nset curPolicy\nset hMapPolicies\nset i\nset policiesArr\nset policiesArrLen\nset ws_args\nset wsman_result\n\n##### Block: Remote - Remove All MPS #####\nHighlightBlock __t 1\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-1\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-1 i \"<\" arr_len\n:end-1\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n\n\n##### Block: Security - Add Certificate #####\nHighlightBlock __t 2\njsonparse wsargs \"%7B%7D\"\nset wsargs.CertificateBlob \"MIIDKDCCAhCgAwIBAgIDBVZ2MA0GCSqGSIb3DQEBCwUAMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDAeFw0xNTA3MTkxODE3NTVaFw00NjA3MTkxODE3NTVaMEQxHzAdBgNVBAMTFk1lc2hDZW50cmFsUm9vdC1mYWM4NGUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtNZXNoQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyN61TmYjDS8PJQGQ8OB2V0ccJ3kKZ4LkrwPhx+qRpZBqQ1MpUfjhjjMngjiEwVu04t729xekRjamwU6sorNZbp2l1OZNA2TIs5WCg1llXyxTkRqtfim83rwXQNu+6ivz5dAux46zKFGOcVdtMlyKEjZj16zuAQ/2xg6qgyQFYwwArq9Cy5qzWMA5cjqugqA106adkOQRCatdWHYxaMXRJaBJuKQnp1HGPefyITK1UEshEZYqmBKnbD9NwxqsC+Sp/diRWrGIEKkx1GsrepQcEXIzIMSdq7+LApwhl84pgNkzKJXHTPHqQaQSejPj3FprsQh2bgsbRJUwBTWIBru/MCAwEAAaMjMCEwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAUwDQYJKoZIhvcNAQELBQADggEBAA+eOSMF7b82S3faGV7jKAFzkRwOUoZnCVFV6eGBK1iyPC/xrIbWncSc59DjnHMyXWCmc0OVknTgfeyqIS2OD2DkW1zU1gNuQksDbETzV6Db3ExQyv1BXCasLPop2CkC3WCwLFa2bXG7AEheFFfqwZz1mRwPnr8AiHS2zG6RjepZts+zQvVhTftiW1aFmYVHDWlhHFIVJ4xw2KHPfuufSxyOO7YOosjzGHUYiEP1zOQKmwm1Rcz+QZRmj/O8PfQsiKnUHpHAhx0GTqwgoL7hi2bkbC9IX04pDX8Vd5uABDLfU3+S3vjBvUe+XYSRknDnFiivOtAY6fFwLqu+OnbwiIA=\"\njump :certroot 1 \"=\" 1\nprint \"Adding certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :certdone\n:certroot\nprint \"Adding root certificate...\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\n:certdone\nset wsargs\nset AMT_PublicKeyManagementService\nset PullCertificates 1\n\n\n##### Block: Remote - Add MPS IP/User #####\nHighlightBlock __t 3\n# Set method parameters\njsonparse wsargs \"%7B%22AccessInfo%22:%22192.168.2.133%22,%22InfoFormat%22:%223%22,%22Port%22:4433,%22AuthMethod%22:%222%22,%22Username%22:%22B6367516FC563665%22,%22Password%22:%22P@ssw0rd%22%7D\"\nset wsargs.CN \"devbox.mesh.meshcentral.com\"\n# Execute call to AddMpServer\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\njump :error-3 wsman_result \"!=\" 200\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\nset PullRemoteAccess 1\njump :end-3\n:error-3\nprint \"Call failed: {wsman_result_str}\"\n:end-3\nset AMT_RemoteAccessService\nset wsargs\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset wsman_ans_length\n\n##### Block: Remote - Add Trigger (Periodic) #####\nHighlightBlock __t 4\n# *** Verify valid input ***\nsplit period_arr \"10\" \":\"\nlength period_arr_len period_arr\njump
2017-08-28 19:27:45 +03:00
"mescript": "JH0pRQABAAMAFwABAA8BU2NyaXB0IFN0YXJ0ZWROKQATAAIABABfX3QABQIAAAAAAAsAdgACAA0AaE1hcFBvbGljaWVzAF8BJTdCJTIyMCUyMjolMjAlMjJVc2VyJTIwSW5pdGlhdGVkJTIyLCUwOSUyMjElMjI6JTIwJTIyQWxlcnQlMjIsJTIwJTIyMiUyMjolMjAlMjJQZXJpb2RpYyUyMiU3RAAIACAAAwAMAHBvbGljaWVzQXJyAAYBMCwxLDIAAgEsAAoAJQACAA8AcG9saWNpZXNBcnJMZW4ADABwb2xpY2llc0FycgACABEAAgACAGkABQIAAAAAAAIAMwACAAoAY3VyUG9saWN5AB8AaE1hcFBvbGljaWVzLntwb2xpY2llc0Fyci57aX19AAsAPwACAAgAd3NfYXJncwAtASU3QiUyMlBvbGljeVJ1bGVOYW1lJTIyOiUyMntjdXJQb2xpY3l9JTIyJTdEABMALQACABsBQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUACAB3c19hcmdzAA0AFQADAAIAaQACAGkABQIAAAABAAEAJgAEAAUDAAAA9gACAGkAAgE8AA8AcG9saWNpZXNBcnJMZW4AAwAsAAEAJAFJTkZPOiBQb2xpY2llcyByZW1vdmVkIHN1Y2Nlc3NmdWxseQACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABAAIAIwABABsAQU1UX1JlbW90ZUFjY2Vzc1BvbGljeVJ1bGUAAgASAAEACgBjdXJQb2xpY3kAAgAVAAEADQBoTWFwUG9saWNpZXMAAgAKAAEAAgBpAAIAFAABAAwAcG9saWNpZXNBcnIAAgAXAAEADwBwb2xpY2llc0FyckxlbgACABAAAQAIAHdzX2FyZ3MAAgAVAAEADQB3c21hbl9yZXN1bHROKQATAAIABABfX3QABQIAAAABAAgAPwADABEAd3NfZ2VuZXJhbF9xdWVyeQAgAUFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAAAgAsABAAKAACAA0Bd3NtYW5fYW5zd2VyABEAd3NfZ2VuZXJhbF9xdWVyeQACABEAAgACAGkABQIAAAAAAAIARQACAAQAYXJyADcAd3NtYW5fYW5zd2VyLkFNVF9NYW5hZ2VtZW50UHJlc2VuY2VSZW1vdGVTQVAucmVzcG9uc2VzAAoAFgACAAgAYXJyX2xlbgAEAGFycgACAFcAAgANAGluc3RhbmNlTmFtZQBAAHdzbWFuX2Fuc3dlci5BTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQLnJlc3BvbnNlcy57aX0uTmFtZQACAHwAAgAJAHNlbGVjdG9yAGkBJTNDdzpTZWxlY3RvclNldCUzRSUzQ3c6U2VsZWN0b3IlMjBOYW1lPSUyMk5hbWUlMjIlM0V7aW5zdGFuY2VOYW1lfSUzQy93OlNlbGVjdG9yJTNFJTNDL3c6U2VsZWN0b3JTZXQlM0UAEwAzAAIAIAFBTVRfTWFuYWdlbWVudFByZXNlbmNlUmVtb3RlU0FQAAkAc2VsZWN0b3IADQAVAAMAAgBpAAIAaQAFAgAAAAEAAQAfAAQABQMAAAOmAAIAaQACATwACABhcnJfbGVuAAIAKAABACAAQU1UX01hbmFnZW1lbnRQcmVzZW5jZVJlbW90ZVNBUAACAAwAAQAEAGFycgACAAoAAQACAGkAAgAVAAEADQBpbnN0YW5jZU5hbWUAAgARAAEACQBzZWxlY3RvcgACABkAAQARAHdzX2dlbmVyYWxfcXVlcnkAAgAVAAEADQB3c21hbl9hbnN3ZXIAAgAVAAEADQB3c21hbl9yZXN1bHQAAgAZAAEAEQB3c21hbl9yZXN1bHRfc3RyAAIAEAABAAgAYXJyX2xlbgACACAAAgARAFB1bGxSZW1vdGVBY2Nlc3MABQIAAAABTikAEwACAAQAX190AAUCAAAAAgALABgAAgAHAHdzYXJncwAHASU3QiU3RAACBF4AAgAXAHdzYXJncy5DZXJ0aWZpY2F0ZUJsb2IEPQFNSUlES0RDQ0FoQ2dBd0lCQWdJREJWWjJNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FUXhIekFkQmdOVkJBTVRGazFsYzJoRFpXNTBjbUZzVW05dmRDMW1ZV000TkdVeEN6QUpCZ05WQkFZVEFsVlRNUlF3RWdZRFZRUUtFd3ROWlhOb1EyVnVkSEpoYkRBZUZ3MHhOVEEzTVRreE9ERTNOVFZhRncwME5qQTNNVGt4T0RFM05UVmFNRVF4SHpBZEJnTlZCQU1URmsxbGMyaERaVzUwY21Gc1VtOXZkQzFtWVdNNE5HVXhDekFKQmdOVkJBWVRBbFZUTVJRd0VnWURWUVFLRXd0TlpYTm9RMlZ1ZEhKaGJEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUp5TjYxVG1ZakRTOFBKUUdROE9CMlYwY2NKM2tLWjRMa3J3UGh4K3FScFpCcVExTXBVZmpoampNbmdqaUV3VnUwNHQ3Mjl4ZWtSamFtd1U2c29yTlpicDJsMU9aTkEyVElzNVdDZzFsbFh5eFRrUnF0ZmltODNyd1hRTnUrNml2ejVkQXV4NDZ6S0ZHT2NWZHRNbHlLRWpaajE2enVBUS8yeGc2cWd5UUZZd3dBcnE5Q3k1cXpXTUE1Y2pxdWdxQTEwNmFka09RUkNhdGRXSFl4YU1YUkphQkp1S1FucDFIR1BlZnlJVEsxVUVzaEVaWXFtQktuYkQ5Tnd4cXNDK1NwL2RpUldyR0lFS2t4MUdzcmVwUWNFWEl6SU1TZHE3K0xBcHdobDg0cGdOa3pLSlhIVFBIcVFhUVNlalBqM0ZwcnNRaDJiZ3NiUkpVd0JUV0lCcnUvTUNBd0VBQWFNak1DRXdEQVlEVlIwVEJBVXdBd0VCL3pBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQUFVd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBK2VPU01GN2I4MlMzZmFHVjdqS0FGemtSd09Vb1puQ1ZGVjZlR0JLMWl5UEMveHJJYlduY1NjNTlEam5ITXlYV0NtYzBPVmtuVGdmZXlxSVMyT0QyRGtXMXpVMWdOdVFrc0RiRVR6VjZEYjNFeFF5djFCWENhc0xQb3AyQ2tDM1dDd0xGYTJiWEc3QUVoZUZGZnF3WnoxbVJ3UG5yOEFpSFMyekc2UmplcFp0cyt6UXZWaFRmdGlXMWFGbVlWSERXbGhIRklWSjR4dzJLSFBmdXVmU3h5T083WU9vc2p6R0hVWWlFUDF6T1FLbXdtMVJjeitRWlJtai9POFBmUXNpS25VSHBIQWh4MEdUcXdnb0w3aGkyYmtiQzlJWDA0cERYOFZkNXVBQkRMZlUzK1MzdmpCdlVlK1hZU1JrbkRuRmlpdk90QVk2ZkZ3THF1K09uYndpSUE9AAEAHwAEAAUDAAAK5AAFAgAAAAEAAgE9AAUCAAAAAQADAB4AAQAWAUFkZGluZyBjZXJ0aWZpY2F0ZS4uLgAUAEEAAwAfAUFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQAPAUFkZENlcnRpZmljYXRlAAcAd3NhcmdzAAEADQABAAUDAAALUwADACMAAQAbAUFkZGluZyByb290IGNlcnRpZmljYXRlLi4uABQATAADAB8BQU1UX1B1YmxpY0tleU1hbmFnZW1lbnRTZXJ2aWNlABoBQWRkVHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQAHAHdzYXJncwACAA8AAQAHAHdzYXJncwACACcAAQAfAEFNVF9QdWJsaWNLZXlNYW5hZ2VtZW50U2VydmljZQACACAAAgARAFB1bGxDZXJ0aWZpY2F0ZXMABQIAAAABTikAEwACAAQAX190AAUCAAAAAwALAMIAAgAHAHdzYXJncwCxASU3QiUyMkFjY2Vzc0luZm8lMjI6JTIyMTkyLjE2OC4y
"blocks": {
"_start": {
"name": "Start",
"desc": "Starting Block",
"code": "print \"Script Started\""
},
"_end": {
"name": "End",
"desc": "Ending Block",
"code": ":end\r\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\r\nPullSystemStatus\r\n:SkipPullSystemStatus\r\njump :SkipPullEventLog PullEventLog \"!=\" 1\r\nPullEventLog\r\n:SkipPullEventLog\r\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\r\nPullAuditLog\r\n:SkipPullAuditLog\r\njump :SkipPullCertificates PullCertificates \"!=\" 1\r\nPullCertificates\r\n:SkipPullCertificates\r\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\r\nPullWatchdog\r\n:SkipPullWatchdog\r\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\r\nPullSystemDefense\r\n:SkipPullSystemDefense\r\njump :SkipPullHardware PullHardware \"!=\" 1\r\nPullHardware\r\n:SkipPullHardware\r\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\r\nPullUserInfo\r\n:SkipPullUserInfo\r\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\r\nPullRemoteAccess\r\n:SkipPullRemoteAccess\r\nprint \"Script Completed\""
},
"AMT-Accounts-AddDigestUser": {
"name": "Accounts - Add Digest User",
"desc": "Add a new digest user account to Intel AMT",
"code": "# Get the DigestRealm\r\njump :SkipDigestRealm-%%%~%%% DigestRealm \"!=\"\r\nprint \"Fetching digest realm...\"\r\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset DigestRealm wsman_answer.AMT_GeneralSettings.response.DigestRealm\r\n:SkipDigestRealm-%%%~%%%\r\n\r\n# Create account\r\nset AccountName \"%%%name%%%\"\r\nset AccountPass \"%%%password%%%\"\r\nset digest \"{AccountName}:{DigestRealm}:{AccountPass}\"\r\nmd5 digestmd5 digest\r\nbtoa digestmd5 digestmd5\r\njsonparse wsargs \"%7B %22DigestUsername%22:%22{AccountName}%22, %22DigestPassword%22:%22{digestmd5}%22, %22AccessPermission%22:%%%accessPermission%%%, %22Realms%22:[%%%realms%%%] %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {AccountName} create: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"name": {
"name": "Name",
"desc": "Name of the user account to create",
"type": 1,
"maxlength": 30,
"value": ""
},
"password": {
"name": "Password",
"desc": "Password of the user account to create",
"type": 4,
"maxlength": 30,
"value": ""
},
"accessPermission": {
"name": "Access Permission",
"desc": "Set account to be local, remote or both",
"type": 3,
"values": {
"0": "Local only",
"1": "Network only",
"2": "All (Local & Network)"
},
"value": "2"
},
"realms": {
"name": "Realms",
"desc": "Set account permissions",
"type": 5,
"values": {
"2": "Redirection",
"3": "PT Administration",
"4": "Hardware Asset",
"5": "Remote Control",
"6": "Storage",
"7": "Event Manager",
"8": "Storage Admin",
"9": "Agent Presence Local",
"10": "Agent Presence Remote",
"11": "Circuit Breaker",
"12": "Network Time",
"13": "General Information",
"14": "Firmware Update",
"15": "EIT",
"16": "LocalUN",
"17": "Endpoint Access Control",
"18": "Endpoint Access Control Admin",
"19": "Event Log Reader",
"20": "Audit Log",
"21": "ACL Realm",
"24": "Local System"
},
"value": [
"3"
]
}
}
},
"AMT-Accounts-RemoveDigestUser": {
"name": "Accounts - Remove Digest User",
"desc": "Remove a digest user account from Intel AMT",
"code": "set ToggleAccount \"%%%name%%%\"\r\n\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.DigestUsername\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account {ToggleAccount} found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account {ToggleAccount} deleted.\"\r\nset PullUserInfo 1\r\njump :end\r\n\r\n# End of script\r\njump :end\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"name": {
"name": "Name",
"desc": "Name of the user account to remove",
"type": 1,
"maxlength": 30,
"value": ""
}
}
},
"AMT-Accounts-AddKerberosUser": {
"name": "Accounts - Add Kerberos User",
"desc": "Add a new kerberos user account to Intel AMT",
"code": "# Set kerberos sid value as a byte array string\r\nset KerberosUserString \"%%%sid%%%\"\r\nGetSidByteArray x KerberosUserString\r\nbtoa KerberosUserSid x\r\njsonparse wsargs \"%7B%22KerberosUserSid%22:%22{KerberosUserSid}%22,%22AccessPermission%22:%%%accessPermission%%%,%22Realms%22:[%%%realms%%%]%7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {KerberosUserString} return value: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"sid": {
"name": "Sid",
"desc": "The Security ID (SID) of the user account to create",
"type": 1,
"maxlength": 45,
"value": ""
},
"accessPermission": {
"name": "Access Permission",
"desc": "Set account to be local, remote or both",
"type": 3,
"values": {
"0": "Local only",
"1": "Network only",
"2": "All (Local & Network)"
},
"value": "2"
},
"realms": {
"name": "Realms",
"desc": "Set account permissions",
"type": 5,
"values": {
"2": "Redirection",
"3": "PT Administration",
"4": "Hardware Asset",
"5": "Remote Control",
"6": "Storage",
"7": "Event Manager",
"8": "Storage Admin",
"9": "Agent Presence Local",
"10": "Agent Presence Remote",
"11": "Circuit Breaker",
"12": "Network Time",
"13": "General Information",
"14": "Firmware Update",
"15": "EIT",
"16": "LocalUN",
"17": "Endpoint Access Control",
"18": "Endpoint Access Control Admin",
"19": "Event Log Reader",
"20": "Audit Log",
"21": "ACL Realm",
"24": "Local System"
},
"value": [
"3"
]
}
}
},
"AMT-Accounts-RemoveKerberosUser": {
"name": "Accounts - Remove Kerberos User",
"desc": "Remove a digest user account from Intel AMT",
"code": "GetSidByteArray ToggleAccount \"%%%sid%%%\"\r\nbtoa ToggleAccount ToggleAccount\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.KerberosUserSid\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account %%%sid%%% found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account %%%sid%%% deleted.\"\r\nset PullUserInfo 1\r\njump :end\r\n\r\n# End of script\r\njump :end\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"sid": {
"name": "Sid",
"desc": "Sid of the user account to remove",
"type": 1,
"maxlength": 45,
"value": ""
}
}
},
"AMT-Accounts-PrintAll": {
"name": "Accounts - Print Users",
"desc": "Display all digest user accounts from Intel AMT",
"code": "# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"AMT-ACCOUNT: {AMT_AuthorizationService.Body.DigestUsername}, {AMT_AuthorizationService.Body.AccessPermission}, [{AMT_AuthorizationService.Body.Realms}]\"\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# End of script\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%"
},
"Basic-Add": {
"name": "Basic - Add",
"desc": "Add a value to a given variable",
"code": "add %%%var%%% %%%var%%% %%%value%%%",
"vars": {
"var": {
"name": "Name",
"desc": "Name of the variable to add to",
"type": 1,
"maxlength": 20,
"value": "SampleVariable"
},
"value": {
"name": "Value",
"desc": "Value to add to the variable",
"type": 1,
"value": "1"
}
}
},
"Basic-Disconnect": {
"name": "Basic - Disconnect",
"desc": "Disconnect from Intel AMT",
"code": "Disconnect"
},
"Basic-JumpLabel": {
"name": "Basic - Jump Target",
"desc": "Set a jump label. Other blocks can jump here.",
"code": ":%%%label%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
}
}
},
"Basic-Jump": {
"name": "Basic - Jump",
"desc": "Jump to a given label",
"code": "jump :%%%label%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
}
}
},
"Basic-JumpIf": {
"name": "Basic - Jump if",
"desc": "Jump to a given label if the condition is met",
"code": "jump :%%%label%%% %%%arg1%%% \"%%%comparator%%%\" %%%arg2%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
},
"arg1": {
"name": "arg1",
"desc": "First variable to compare, use \"x\" for a string",
"type": 1,
"value": ""
},
"comparator": {
"name": "Comparator",
"desc": "How to compare both arguments",
"type": 3,
"values": {
"=": "=",
"!=": "!=",
"<": "<",
">": ">",
"<=": "<=",
">=": ">="
},
"value": "="
},
"arg2": {
"name": "arg2",
"desc": "Second variable to compare, use \"x\" for a string",
"type": 1,
"value": ""
}
}
},
"Basic-Print": {
"name": "Basic - Print",
"desc": "Print a string to the console",
"code": "print \"%%%printstring%%%\"",
"vars": {
"printstring": {
"name": "Value",
"desc": "String that will be printed to console, use urlescaping for special chars and use {x} to print variable x.",
"type": 1,
"value": "Sample String"
}
}
},
"Basic-ScriptSpeed": {
"name": "Basic - Script Speed",
"desc": "Set the speed of the script",
"code": "scriptspeed %%%delay%%%",
"vars": {
"delay": {
"name": "Delay",
"desc": "The delay in millisecond between execution of each script step. 200ms is 5 steps per second.",
"type": 2,
"maxlength": 4,
"value": 200
}
}
},
"Basic-Set": {
"name": "Basic - Set",
"desc": "Set a variable to a given value",
"code": "set %%%var%%% %%%value%%%",
"vars": {
"var": {
"name": "Name",
"desc": "Name of the variable to set",
"type": 1,
"maxlength": 20,
"value": "SampleVariable"
},
"value": {
"name": "Value",
"desc": "The new value to set to the variable",
"type": 1,
"value": "0"
}
}
},
"AMT-General-SetUserConsent": {
"name": "General - Set User Consent",
"desc": "Set the Intel AMT user consent mode",
"code": "split ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.IPS_OptInService.response.OptInRequired %%%consentMode%%%\r\nwsput \"IPS_OptInService\" wsman_answer.IPS_OptInService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"consentMode": {
"name": "Consent Mode",
"desc": "Intel AMT user consent mode",
"type": 3,
"values": {
"0": "Not Required",
"1": "Required for KVM only",
"0xFFFFFFFF": "Always Required"
},
"value": "0"
}
}
},
"AMT-General-ActiveFeatures": {
"name": "General - Set Active Features",
"desc": "Set the Intel AMT active features",
"code": "split ws_optIn_query \"*AMT_RedirectionService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.AMT_RedirectionService.response.ListenerEnabled \"%%%listenerEnabled%%%\"\r\nset wsman_answer.AMT_RedirectionService.response.EnabledState \"%%%enabledState%%%\"\r\njsonparse wsargs \"%7B %22RequestedState%22:%22%%%enabledState%%%%22 %7D\"\r\nwsexec \"AMT_RedirectionService\" \"RequestStateChange\" wsargs\r\nwsput \"AMT_RedirectionService\" wsman_answer.AMT_RedirectionService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"listenerEnabled": {
"name": "Redirection Port",
"desc": "Enable or disable the Intel AMT redirection port (TCP:16993/16995)",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
},
"enabledState": {
"name": "SOL/IDER Feature",
"desc": "Enable or disable the Intel AMT Serial-over-LAN and IDER features",
"type": 3,
"values": {
"32768": "Disabled",
"32769": "IDER only",
"32770": "Serial-over-LAN only",
"32771": "IDER & SOL enabled"
},
"value": "32771"
}
}
},
"AMT-General-GetCoreVersion": {
"name": "General - Get Version",
"desc": "Retrieves the Intel AMT release version, prints it to the console and stores it in variable AmtCoreVersion",
"code": "split ws_general_query \"CIM_SoftwareIdentity\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.CIM_SoftwareIdentity.responses\r\nlength arr_len arr\r\n:loop-%%%~%%%\r\nset curInstanceId arr.{i}.InstanceID\r\njump :AmtCoreVersionFound-%%%~%%% curInstanceId \"=\" \"AMT FW Core Version\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"Error: Intel AMT version was not found\"\r\njump :end-%%%~%%%\r\n:AmtCoreVersionFound-%%%~%%%\r\nset AmtCoreVersion arr.{i}.VersionString\r\nprint \"Intel AMT version: {AmtCoreVersion}\"\r\n:end-%%%~%%%\r\nset arr\r\nset arr_len\r\nset curInstanceId\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-General-GetPlatformType": {
"name": "General - Get Platform Type",
"desc": "Retrieves the platfrom type of the target, prints it to the console and stores it in variable PlatformType",
"code": "jsonparse sysTypeHmap \"%7B%2232%22:%22Desktop%22,%2233%22:%22Notebook%22%7D\"\r\nsplit ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset i wsman_answer.CIM_ComputerSystem.responses.{i}.Dedicated\r\nset PlatformType sysTypeHmap.{i}\r\nprint \"Platform Type: {PlatformType}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset sysTypeHmap"
},
"AMT-General-GetProvState": {
"name": "General - Get Provisisoning State",
"desc": "Retrieves the current Provisioning State of Intel AMT, prints it to the console and stores it in variable AmtProvState",
"code": "jsonparse provStateHmap \"%7B%220%22:%22Pre%22,%221%22:%22In%22,%222%22:%22Post%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningState\r\nset AmtProvState provStateHmap.{key}\r\nadd AmtProvState AmtProvState \"-Provisioning\"\r\nprint \"Intel AMT Provisioning State: {AmtProvState}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provStateHmap\r\nset key"
},
"AMT-General-GetProvMode": {
"name": "General - Get Provisisoning Mode",
"desc": "Retrieves the current Provisioning Mode of Intel AMT, prints it to the console and stores it in variable AmtProvMode",
"code": "jsonparse provModeHmap \"%7B%221%22:%22Admin%20Control%20Mode%20(ACM)%22,%222%22:%22Reserved1%22,%223%22:%22Client%20Control%20Mode%20(CCM)%22,%224%22:%22Reserved2%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningMode\r\nset AmtProvMode provModeHmap.{key}\r\nprint \"Intel AMT Provisioning Mode: {AmtProvMode}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provModeHmap\r\nset key"
},
"AMT-General-PrintUserConsent": {
"name": "General - Print User Consent",
"desc": "Display the Intel AMT user consent mode",
"code": "jsonparse OptInStateEnum \"%7B%220%22:%22Not Required%22,%221%22:%22Required for KVM only%22,%224294967295%22:%22Always Required%22%7D\"\r\nsplit ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"User Consent mode: {OptInStateEnum.{wsman_answer.IPS_OptInService.response.OptInRequired}}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n"
},
"AMT-General-SetHostname": {
"name": "General - Set Hostname",
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-2 wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.HostName \"%%%hostname%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.DomainName \"%%%domainname%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-2 wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-2\r\n:error-2\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-2\r\n",
"vars": {
"hostname": {
"name": "Hostname",
"desc": "The hostname Intel AMT will use while in Sx state",
"type": 1,
"maxlength": 30,
"value": ""
},
"domainname": {
"name": "Domain",
"desc": "The domain name Intel AMT will use while in Sx state",
"type": 1,
"maxlength": 30,
"value": ""
}
}
},
"AMT-General-SetPingResponse": {
"name": "General - Set Ping Response",
"desc": "Set the Intel AMT response to ICMP and RMCP ping requests",
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-2 wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.PingResponseEnabled \"%%%icmpPingResponse%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.RmcpPingResponseEnabled \"%%%rmcpPingResponse%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-2 wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-2\r\n:error-2\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-2\r\n",
"vars": {
"icmpPingResponse": {
"name": "ICMP Ping",
"desc": "Enable or disable the Intel AMT response to ICMP ping",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
},
"rmcpPingResponse": {
"name": "RMCP Ping",
"desc": "Enable or disable the Intel AMT response to RMCP ping",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
}
}
},
"AMT-General-GetAmtUuid": {
"name": "General - Get UUID",
"desc": "Retrieves the Intel AMT UUID, prints it to the console and stores it in variable AmtUuid",
"code": "split ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset AmtUuid wsman_answer.CIM_ComputerSystem.responses.{i}.OtherIdentifyingInfo\r\nprint \"Intel AMT UUID: {AmtUuid}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-KVM-SetState": {
"name": "KVM - Set State",
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
"code": "jsonparse wsargs \"%7B %22RequestedState%22:%22%%%kvmEnabled%%%%22 %7D\"\r\nwsexec \"CIM_KVMRedirectionSAP\" \"RequestStateChange\" wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"kvmEnabled": {
"name": "KVM State",
"desc": "Enable or disable the Intel AMT KVM feature",
"type": 3,
"values": {
"2": "Enabled",
"3": "Disabled"
},
"value": "2"
}
}
},
"AMT-KVM-SetSessionTimeout": {
"name": "KVM - Set Session Timeout",
"desc": "Set the Intel AMT KVM session timeout",
"vars": {
"kvmTimeout": {
"name": "KVM Timeout",
"desc": "Intel AMT KVM session timeout in minutes",
"type": "2",
"value": "4"
}
},
"code": "split ws_general_query \"*IPS_KVMRedirectionSettingData\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset wsman_answer.IPS_KVMRedirectionSettingData.response.SessionTimeout \"%%%kvmTimeout%%%\"\nwsput \"IPS_KVMRedirectionSettingData\" wsman_answer.IPS_KVMRedirectionSettingData.response\njump :error-%%%~%%% wsman_result \"!=\" 200\nset PullSystemStatus \"1\"\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\n\n"
},
"AMT-Network-DetectWiredNic": {
"name": "Network - Wired NIC",
"desc": "Detects if the platfrom has a wired Intel AMT network interface controller (NIC), logs to the console and stores the result in WiredAmtNic",
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 0\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiredAmtNic \"true\"\r\nprint \"Wired AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wired AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-DetectWifiNic": {
"name": "Network - Wireless NIC",
"desc": "Detects if the platfrom has a WiFi interface, logs to the console and stores the result in WiFiAmtNic",
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 1\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiFiAmtNic \"true\"\r\nprint \"WiFi AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wifi AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-GetAmtFqdn": {
"name": "Network - Get FQDN",
"desc": "Retrieves the FQDN of Intel AMT, prints it to the console and stores it in variable AmtFqdn",
"code": "split ws_general_query \"*AMT_GeneralSettings\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AmtFqdn wsman_answer.AMT_GeneralSettings.response.HostName\r\nadd AmtFqdn AmtFqdn \".\"\r\nadd AmtFqdn AmtFqdn wsman_answer.AMT_GeneralSettings.response.DomainName\r\nprint \"Intel AMT FQDN: {AmtFqdn}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-AddEnvDetection": {
"name": "Network - Set Environment Detection",
"desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in",
2017-10-15 09:22:19 +03:00
"code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result",
2017-08-28 19:27:45 +03:00
"vars": {
"DetectionStrings": {
"name": "Detection Strings",
"desc": "A comma separated list of up to 4 strings to use in the environment detection algorithm (e.g. intel.com,contoso.com)",
"type": 1,
"maxlength": 255,
"value": ""
},
"DetectionIPv6LocalPrefixes": {
"name": "IPv6 Local Prefixes",
"desc": "A comma separated list of IPv6 local prefixes (strings) to use independently of or in conjunction with Detection Strings. (e.g. 1234::/64,4321::/46)",
"type": 1,
"maxlength": 255,
"value": ""
}
}
},
"AMT-Power-PowerAction": {
"name": "Power - Power Action",
"desc": "Perform an Intel AMT power action",
"code": "set ManagedElementXml \"%3CAddress xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3E%3CResourceURI xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3Ehttp://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ComputerSystem%3C/ResourceURI%3E%3CSelectorSet xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3E%3CSelector Name=\\%22CreationClassName\\%22%3ECIM_ComputerSystem%3C/Selector%3E%3CSelector Name=\\%22Name\\%22%3EManagedSystem%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njsonparse wsargs \"%7B %22PowerState%22:%22%%%powerAction%%%%22, %22ManagedElement%22:%22{ManagedElementXml}%22 %7D\"\r\nset ManagedElementXml\r\nwsexec \"CIM_PowerManagementService\" \"RequestPowerStateChange\" wsargs\r\nset wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\nprint \"Power action completed\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"powerAction": {
"name": "Power Action",
"desc": "Indicate the power action to perform",
"type": 3,
"values": {
"2": "Power on",
"5": "Power cycle",
"8": "Power down",
"10": "Reset"
},
"value": "2"
}
}
},
"AMT-RemoteAccess-AddMpsServerFqdnCert": {
"name": "Remote - Add MPS FQDN/Cert",
"desc": "Add a new CIRA server (MPS) using the server's hostname and authentication using certificate",
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:%22201%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed with error {wsman_result}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"FQDN": {
"name": "MPS Hostname",
"desc": "The Fully Qualified Domain Name of the MPS to add",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"CN": {
"name": "Certificate CN",
"desc": "The common name of the authentication certificate",
"type": 1,
"maxlength": 100,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsServerFqdnUpa": {
"name": "Remote - Add MPS FQDN/User",
"desc": "Add a new CIRA server (MPS) using the server's hostname authentication using username/password",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:201,%22Port%22:%%%Port%%%,%22AuthMethod%22:2,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"FQDN": {
"name": "MPS Hostname",
"desc": "The Fully Qualified Domain Name of the MPS to add",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"username": {
"name": "Username",
"desc": "A Username to be used for the connection with the MPS",
"type": 1,
"maxlength": 16,
"value": ""
},
"password": {
"name": "Password",
"desc": "The Password matching the username above",
"type": 4,
"maxlength": 16,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsIpCertServer": {
"name": "Remote - Add MPS IP/Cert",
"desc": "Add a new CIRA server (MPS) using the server's IP address and authentication using certificate",
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"IP": {
"name": "IPv4 Address",
"desc": "The IPv4 address of the MPS server",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"ServerName": {
"name": "Server Name",
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
"type": 1,
"maxlength": 255,
"value": ""
},
"CN": {
"name": "Certificate CN",
"desc": "The common name of the authentication certificate",
"type": 1,
"maxlength": 100,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsIpUpa": {
"name": "Remote - Add MPS IP/User",
"desc": "Add a new CIRA server (MPS) using the servers IP address and authenticating using a username/password",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%222%22,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset wsman_ans_length",
"vars": {
"IP": {
"name": "IPv4 Address",
"desc": "The IPv4 address of the MPS server",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"ServerName": {
"name": "Server Name",
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
"type": 1,
"maxlength": 255,
"value": ""
},
"username": {
"name": "Username",
"desc": "A Username to be used for the connection with the MPS",
"type": 1,
"maxlength": 16,
"value": ""
},
"password": {
"name": "Password",
"desc": "The Password matching the username above",
"type": 4,
"maxlength": 16,
"value": ""
}
}
},
"AMT-RemoteAccess-Remove-MPS": {
"name": "Remote - Remove MPS",
"desc": "Remove MPS identified by its IP/FQDN and port",
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :mpsFound-%%%~%%% curAccessInfo \"=\" \"%%%AccessInfo%%%:%%%Port%%%\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"No MPS was found matching the input parameters\"\r\njump :end-%%%~%%%\r\n:mpsFound-%%%~%%%\r\nprint \"Found matching MPS, starting removal process\"\r\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\r\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\r\n:end-%%%~%%%\r\nset AMT_ManagementPresenceRemoteSAP\r\nset arr\r\nset curAccessInfo\r\nset i\r\nset instanceName\r\nset selector\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset arr_len\r\nset PullRemoteAccess 1",
"vars": {
"AccessInfo": {
"name": "FQDN/Address",
"desc": "The FQDN/IPv4 address of the MPS server to be deleted",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
}
}
},
"AMT-RemoteAccess-RemoveAll-MPS": {
"name": "Remote - Remove All MPS",
"desc": "Remove all MPS",
"vars": {},
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-%%%~%%%\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-%%%~%%% i \"<\" arr_len\n:end-%%%~%%%\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n"
},
"AMT-RemoteAccess-AddRemoteAccessPolicyRule": {
"name": "Remote - Add Trigger (User / Alert)",
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
2017-10-15 09:22:19 +03:00
"code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer",
2017-08-28 19:27:45 +03:00
"vars": {
"AccessInfo1": {
"name": "MPS 1 Address",
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
"type": 1,
"maxlength": 255,
"value": ""
},
"AccessInfo2": {
"name": "MPS 2 Address",
"desc": "Optional, leave empty value if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
"type": 1,
"maxlength": 255,
"value": ""
},
"Trigger": {
"name": "Trigger",
"desc": "The event that will trigger the establishment of the remote connection to the MPS.",
"type": 3,
"values": {
"0": "User Initiated",
"1": "Alert"
},
"value": "0"
},
"tLifeTime": {
"name": "Tunnel Lifetime",
"desc": "Defines the tunnel<65> s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the server, the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
"type": 2,
"maxlength": 5,
"value": "0"
}
}
},
"AMT-RemoteAccess-AddRemoteAccessPolicyRule2": {
"name": "Remote - Add Trigger (Periodic)",
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
2017-10-15 09:22:19 +03:00
"code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t<MAX_INT, aborting operation...\"\r\njump :end-%%%~%%%\r\n:SET_PERIOD\r\n# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%222%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\nbtoa extendedData extendedData\r\nset ws_args.ExtendedData extendedData\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22
2017-08-28 19:27:45 +03:00
"vars": {
"AccessInfo1": {
"name": "MPS 1 Address",
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
"type": 1,
"maxlength": 255,
"value": ""
},
"AccessInfo2": {
"name": "MPS 2 Address",
"desc": "Optional, leave empty if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
"type": 1,
"maxlength": 255,
"value": ""
},
"PeriodType": {
"name": "Interval Type",
"desc": "Defines the idle periods of the connection. Data can be in one of two formats: periodic interval (seconds) or daily interval (HH:MM).",
"type": 3,
"values": {
"0": "Periodic (Seconds)",
"1": "Daily (HH:MM)"
},
"value": "0"
},
"Period": {
"name": "Interval Value",
"desc": "Set the interval to an integer value (0 <= t < MAX_INT in seconds) or a time format (HH:MM s.t 0 <= HH < 24, 0 <= MM < 60) depending on the selection above",
"type": 1,
"maxlength": 11,
"value": ""
},
"tLifeTime": {
"name": "Tunnel Lifetime",
"desc": "Defines the tunnel<65> s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
"type": 2,
"maxlength": 5,
"value": "0"
}
}
},
"AMT-RemoteAccess-RemoveAccessPolicyRule": {
"name": "Remote - Remove Trigger",
"desc": "Removes the remote access trigger policies",
2017-10-15 09:22:19 +03:00
"code": "jsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\r\nsplit policiesArr \"%%%policies%%%\" \",\"\r\nlength policiesArrLen policiesArr\r\nset i 0\r\n:loop-%%%~%%%\r\nset curPolicy hMapPolicies.{policiesArr.{i}}\r\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\r\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" policiesArrLen\r\nprint \"Policies removed successfully\"\r\nset PullRemoteAccess 1\r\nset AMT_RemoteAccessPolicyRule\r\nset curPolicy\r\nset hMapPolicies\r\nset i\r\nset policiesArr\r\nset policiesArrLen\r\nset ws_args\r\nset wsman_result",
2017-08-28 19:27:45 +03:00
"vars": {
"policies": {
"name": "Policies",
"desc": "Set policies to be removed",
"type": 5,
"values": {
"0": "User Initiated",
"1": "Alert",
"2": "Periodic"
},
"value": [
""
]
}
}
},
"AMT-RemoteAccess-SetUserInterface": {
"name": "Remote - Set User Initiation",
"desc": "A local or user or application may initiation the Intel AMT Client Initiation Remote Access (CIRA) connection to the server. Use this script block to enabled or disable this feature.",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22RequestedState%22:%22%%%ReqState%%%%22%7D\"\r\njsonparse EnumState \"%7B%2232768%22:%22Disabled%22,%2232769%22:%22BIOS Enabled%22,%2232770%22:%22OS enable%22,%2232771%22:%22BIOS & OS Enabed%22%7D\"\r\n# Execute call to change the state\r\nwsexec \"AMT_UserInitiatedConnectionService\" \"RequestStateChange\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"SUCCESS: Remote Access user interfaces set to: {EnumState.%%%ReqState%%%}\"\r\n\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset wsargs\r\nset wsman_result\r\nset wsman_result_str\r\nset EnumState\r\nset AMT_UserInitiatedConnectionService",
"vars": {
"ReqState": {
"name": "User Initiation",
"desc": "Select the configuration to be set for Remote Access user initiated interface",
"type": 3,
"values": {
"32768": "Disabled",
"32769": "BIOS only",
"32770": "OS only",
"32771": "BIOS & OS"
},
"value": "32771"
}
}
},
"AMT-Security-AddCertificate": {
"name": "Security - Add Certificate",
"desc": "Add a trusted or chain certificate to Intel AMT certificate store.",
"code": "jsonparse wsargs \"%7B%7D\"\r\nset wsargs.CertificateBlob \"%%%CertBin%%%\"\r\njump :certroot %%%CertType%%% \"=\" 1\r\nprint \"Adding certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\r\njump :certdone\r\n:certroot\r\nprint \"Adding root certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\r\n:certdone\r\nset wsargs\r\nset AMT_PublicKeyManagementService\r\nset PullCertificates 1\r\n",
"vars": {
"CertType": {
"name": "Certificate Type",
"desc": "Select if this is a certificate that should be used by Intel AMT as trusted root.",
"type": 3,
"values": {
"0": "Chain Certificate",
"1": "Trusted Root Certificate"
},
"value": "0"
},
"CertBin": {
"name": "Certificate",
"desc": "A .cer file, this is the certificate that will be uploaded to Intel AMT.",
"type": 6
}
}
},
"AMT-Security-IssueUntrustedCertificate": {
"name": "Security - Issue Untrusted Certificate",
"desc": "Create a run Intel AMT certificate with private key that is signed by an untrusted dummy root.",
"code": "jump :certificateSupport-%%%~%%% _certificates \"=\" 1\nprint \"ERROR: No certificate support, this script block can't run in thei environment\"\njump :end2-%%%~%%%\n:certificateSupport-%%%~%%%\n\nset CommonName \"%%%CommonName%%%\"\"\nlength x CommonName \njump :skipSetCommonName-%%%~%%% x \"!=\" 0\n\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}\"\nlength x CommonName \njump :skipSetDomainName-%%%~%%% x \"=\" 0\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}.{wsman_answer.AMT_GeneralSettings.response.DomainName}\"\n:skipSetDomainName-%%%~%%%\n:skipSetCommonName-%%%~%%%\n\njsonparse certattributes \"%7B %22CN%22:%22{CommonName}%22, %22O%22:%22%%%Organization%%%%22, %22ST%22:%22%%%StateProvince%%%%22, %22C%22:%22%%%Country%%%%22 %7D\"\njsonparse wsargs \"%7B %22KeyAlgorithm%22:%220%22, %22KeyLength%22:%222048%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"GenerateKeyPair\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\nset selector AMT_PublicKeyManagementService.Body.KeyPair.ReferenceParameters.SelectorSet.Selector.Value\nsplit ws_query \"AMT_PublicPrivateKeyPair\" ,\nwsbatchenum \"wsman_answer\" ws_query\njump :error-%%%~%%% wsman_result \"!=\" 200\ngetitem i wsman_answer.AMT_PublicPrivateKeyPair.responses \"InstanceID\" selector\nset DERKey wsman_answer.AMT_PublicPrivateKeyPair.responses.{i}.DERKey\nsignwithdummyca DERKey certattributes\njsonparse wsargs \"%7B %22CertificateBlob%22:%22{signed_cert}%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset PullCertificates 1\n:end2-%%%~%%%\n\nset i\nset x\nset wsman_answer\nset selector\nset AMT_PublicKeyManagementService\nset ws_query\nset AMT_PublicKeyManagementService\nset DERKey\nset wsargs\n",
"vars": {
"CommonName": {
"name": "Common Name",
"desc": "Common name of the certificate, leave blank to use the Intel AMT host and domain name",
"type": 1,
"maxlength": 255,
"value": ""
},
"Organization": {
"name": "Organization",
"desc": "Certificate organization name",
"type": 1,
"maxlength": 255,
"value": ""
},
"StateProvince": {
"name": "State/Province",
"desc": "Certificate state or province name",
"type": 1,
"maxlength": 255,
"value": ""
},
"Country": {
"name": "Country",
"desc": "Certificate country name",
"type": 1,
"maxlength": 255,
"value": ""
}
}
}
},
"scriptBlocks": [
{
"name": "Remote - Remove Trigger",
"desc": "Removes the remote access trigger policies",
2017-10-15 09:22:19 +03:00
"code": "jsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\r\nsplit policiesArr \"%%%policies%%%\" \",\"\r\nlength policiesArrLen policiesArr\r\nset i 0\r\n:loop-%%%~%%%\r\nset curPolicy hMapPolicies.{policiesArr.{i}}\r\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\r\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" policiesArrLen\r\nprint \"Policies removed successfully\"\r\nset PullRemoteAccess 1\r\nset AMT_RemoteAccessPolicyRule\r\nset curPolicy\r\nset hMapPolicies\r\nset i\r\nset policiesArr\r\nset policiesArrLen\r\nset ws_args\r\nset wsman_result",
2017-08-28 19:27:45 +03:00
"vars": {
"policies": {
"name": "Policies",
"desc": "Set policies to be removed",
"type": 5,
"values": {
"0": "User Initiated",
"1": "Alert",
"2": "Periodic"
},
"value": [
"0",
"1",
"2"
]
}
},
"id": 0.25368680036626756,
"xname": "AMT-RemoteAccess-RemoveAccessPolicyRule"
},
{
"name": "Remote - Remove All MPS",
"desc": "Remove all MPS",
"vars": {},
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-%%%~%%%\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-%%%~%%% i \"<\" arr_len\n:end-%%%~%%%\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n",
"id": 0.9684545958880335,
"xname": "AMT-RemoteAccess-RemoveAll-MPS"
},
{
"name": "Security - Add Certificate",
"desc": "Add a trusted or chain certificate to Intel AMT certificate store.",
"code": "jsonparse wsargs \"%7B%7D\"\r\nset wsargs.CertificateBlob \"%%%CertBin%%%\"\r\njump :certroot %%%CertType%%% \"=\" 1\r\nprint \"Adding certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\r\njump :certdone\r\n:certroot\r\nprint \"Adding root certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\r\n:certdone\r\nset wsargs\r\nset AMT_PublicKeyManagementService\r\nset PullCertificates 1\r\n",
"vars": {
"CertType": {
"name": "Certificate Type",
"desc": "Select if this is a certificate that should be used by Intel AMT as trusted root.",
"type": 3,
"values": {
"0": "Chain Certificate",
"1": "Trusted Root Certificate"
},
"value": "1"
},
"CertBin": {
"name": "Certificate",
"desc": "A .cer file, this is the certificate that will be uploaded to Intel AMT.",
"type": 6,
"value": ""
}
},
"id": 0.1299614377785474,
"xname": "AMT-Security-AddCertificate"
},
{
"name": "Remote - Add MPS IP/User",
"desc": "Add a new CIRA server (MPS) using the servers IP address and authenticating using a username/password",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%222%22,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset wsman_ans_length",
"vars": {
"IP": {
"name": "IPv4 Address",
"desc": "The IPv4 address of the MPS server",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"ServerName": {
"name": "Server Name",
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
"type": 1,
"maxlength": 255,
"value": ""
},
"username": {
"name": "Username",
"desc": "A Username to be used for the connection with the MPS",
"type": 1,
"maxlength": 16,
"value": ""
},
"password": {
"name": "Password",
"desc": "The Password matching the username above",
"type": 4,
"maxlength": 16,
"value": ""
}
},
"id": 0.9974830092396587,
"xname": "AMT-RemoteAccess-AddMpsIpUpa"
},
{
"name": "Remote - Add Trigger (Periodic)",
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
2017-10-15 09:22:19 +03:00
"code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t<MAX_INT, aborting operation...\"\r\njump :end-%%%~%%%\r\n:SET_PERIOD\r\n# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%222%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\nbtoa extendedData extendedData\r\nset ws_args.ExtendedData extendedData\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22
2017-08-28 19:27:45 +03:00
"vars": {
"AccessInfo1": {
"name": "MPS 1 Address",
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
"type": 1,
"maxlength": 255,
"value": ""
},
"AccessInfo2": {
"name": "MPS 2 Address",
"desc": "Optional, leave empty if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
"type": 1,
"maxlength": 255,
"value": ""
},
"PeriodType": {
"name": "Interval Type",
"desc": "Defines the idle periods of the connection. Data can be in one of two formats: periodic interval (seconds) or daily interval (HH:MM).",
"type": 3,
"values": {
"0": "Periodic (Seconds)",
"1": "Daily (HH:MM)"
},
"value": "0"
},
"Period": {
"name": "Interval Value",
"desc": "Set the interval to an integer value (0 <= t < MAX_INT in seconds) or a time format (HH:MM s.t 0 <= HH < 24, 0 <= MM < 60) depending on the selection above",
"type": 1,
"maxlength": 11,
"value": "10"
},
"tLifeTime": {
"name": "Tunnel Lifetime",
"desc": "Defines the tunnel�s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
"type": 2,
"maxlength": 5,
"value": "0"
}
},
"id": 0.12209012731909752,
"xname": "AMT-RemoteAccess-AddRemoteAccessPolicyRule2"
},
{
"name": "Remote - Set User Initiation",
"desc": "A local or user or application may initiation the Intel AMT Client Initiation Remote Access (CIRA) connection to the server. Use this script block to enabled or disable this feature.",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22RequestedState%22:%22%%%ReqState%%%%22%7D\"\r\njsonparse EnumState \"%7B%2232768%22:%22Disabled%22,%2232769%22:%22BIOS Enabled%22,%2232770%22:%22OS enable%22,%2232771%22:%22BIOS & OS Enabed%22%7D\"\r\n# Execute call to change the state\r\nwsexec \"AMT_UserInitiatedConnectionService\" \"RequestStateChange\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"SUCCESS: Remote Access user interfaces set to: {EnumState.%%%ReqState%%%}\"\r\n\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset wsargs\r\nset wsman_result\r\nset wsman_result_str\r\nset EnumState\r\nset AMT_UserInitiatedConnectionService",
"vars": {
"ReqState": {
"name": "User Initiation",
"desc": "Select the configuration to be set for Remote Access user initiated interface",
"type": 3,
"values": {
"32768": "Disabled",
"32769": "BIOS only",
"32770": "OS only",
"32771": "BIOS & OS"
},
"value": "32771"
}
},
"id": 0.3209191190544516,
"xname": "AMT-RemoteAccess-SetUserInterface"
},
{
"name": "Network - Set Environment Detection",
"desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in",
2017-10-15 09:22:19 +03:00
"code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result",
2017-08-28 19:27:45 +03:00
"vars": {
"DetectionStrings": {
"name": "Detection Strings",
"desc": "A comma separated list of up to 4 strings to use in the environment detection algorithm (e.g. intel.com,contoso.com)",
"type": 1,
"maxlength": 255,
"value": "aabbccddeeffgg"
},
"DetectionIPv6LocalPrefixes": {
"name": "IPv6 Local Prefixes",
"desc": "A comma separated list of IPv6 local prefixes (strings) to use independently of or in conjunction with Detection Strings. (e.g. 1234::/64,4321::/46)",
"type": 1,
"maxlength": 255,
"value": ""
}
},
"id": 0.6941413183230907,
"xname": "AMT-Network-AddEnvDetection"
}
]
}