-
Notifications
You must be signed in to change notification settings - Fork 83
/
Copy pathscriptblocks.txt
947 lines (947 loc) · 75.2 KB
/
scriptblocks.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
{
"blocks": {
"_start": {
"name": "Start",
"desc": "Starting Block",
"code": "print \"Script Started\""
},
"_end": {
"name": "End",
"desc": "Ending Block",
"code": ":end\r\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\r\nPullSystemStatus\r\n:SkipPullSystemStatus\r\njump :SkipPullEventLog PullEventLog \"!=\" 1\r\nPullEventLog\r\n:SkipPullEventLog\r\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\r\nPullAuditLog\r\n:SkipPullAuditLog\r\njump :SkipPullCertificates PullCertificates \"!=\" 1\r\nPullCertificates\r\n:SkipPullCertificates\r\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\r\nPullWatchdog\r\n:SkipPullWatchdog\r\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\r\nPullSystemDefense\r\n:SkipPullSystemDefense\r\njump :SkipPullHardware PullHardware \"!=\" 1\r\nPullHardware\r\n:SkipPullHardware\r\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\r\nPullUserInfo\r\n:SkipPullUserInfo\r\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\r\nPullRemoteAccess\r\n:SkipPullRemoteAccess\r\njump :SkipPullEventSubscriptions PullEventSubscriptions \"!=\" 1\r\npulleventsubscriptions\r\n:SkipPullEventSubscriptions\r\nprint \"Script Completed\""
},
"AMT-Accounts-AddDigestUser": {
"name": "Accounts - Add Digest User",
"desc": "Add a new digest user account to Intel AMT",
"code": "# Get the DigestRealm\r\njump :SkipDigestRealm-%%%~%%% DigestRealm \"!=\"\r\nprint \"Fetching digest realm...\"\r\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset DigestRealm wsman_answer.AMT_GeneralSettings.response.DigestRealm\r\n:SkipDigestRealm-%%%~%%%\r\n\r\n# Create account\r\nset AccountName \"%%%name%%%\"\r\nset AccountPass \"%%%password%%%\"\r\nset digest \"{AccountName}:{DigestRealm}:{AccountPass}\"\r\nmd5 digestmd5 digest\r\nbtoa digestmd5 digestmd5\r\njsonparse wsargs \"%7B %22DigestUsername%22:%22{AccountName}%22, %22DigestPassword%22:%22{digestmd5}%22, %22AccessPermission%22:%%%accessPermission%%%, %22Realms%22:[%%%realms%%%] %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {AccountName} create: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"name": {
"name": "Name",
"desc": "Name of the user account to create",
"type": 1,
"maxlength": 30,
"value": ""
},
"password": {
"name": "Password",
"desc": "Password of the user account to create",
"type": 4,
"maxlength": 30,
"value": ""
},
"accessPermission": {
"name": "Access Permission",
"desc": "Set account to be local, remote or both",
"type": 3,
"values": {
"0": "Local only",
"1": "Network only",
"2": "All (Local & Network)"
},
"value": "2"
},
"realms": {
"name": "Realms",
"desc": "Set account permissions",
"type": 5,
"values": {
"2": "Redirection",
"3": "PT Administration",
"4": "Hardware Asset",
"5": "Remote Control",
"6": "Storage",
"7": "Event Manager",
"8": "Storage Admin",
"9": "Agent Presence Local",
"10": "Agent Presence Remote",
"11": "Circuit Breaker",
"12": "Network Time",
"13": "General Information",
"14": "Firmware Update",
"15": "EIT",
"16": "LocalUN",
"17": "Endpoint Access Control",
"18": "Endpoint Access Control Admin",
"19": "Event Log Reader",
"20": "Audit Log",
"21": "ACL Realm",
"24": "Local System"
},
"value": [ "3" ]
}
}
},
"AMT-Accounts-RemoveDigestUser": {
"name": "Accounts - Remove Digest User",
"desc": "Remove a digest user account from Intel AMT",
"code": "set ToggleAccount \"%%%name%%%\"\r\n\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.DigestUsername\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account {ToggleAccount} found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account {ToggleAccount} deleted.\"\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n\r\n# End of script\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"name": {
"name": "Name",
"desc": "Name of the user account to remove",
"type": 1,
"maxlength": 30,
"value": ""
}
}
},
"AMT-Accounts-AddKerberosUser": {
"name": "Accounts - Add Kerberos User",
"desc": "Add a new kerberos user account to Intel AMT",
"code": "# Set kerberos sid value as a byte array string\r\nset KerberosUserString \"%%%sid%%%\"\r\nGetSidByteArray x KerberosUserString\r\nbtoa KerberosUserSid x\r\njsonparse wsargs \"%7B%22KerberosUserSid%22:%22{KerberosUserSid}%22,%22AccessPermission%22:%%%accessPermission%%%,%22Realms%22:[%%%realms%%%]%7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {KerberosUserString} return value: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"sid": {
"name": "Sid",
"desc": "The Security ID (SID) of the user account to create",
"type": 1,
"maxlength": 45,
"value": ""
},
"accessPermission": {
"name": "Access Permission",
"desc": "Set account to be local, remote or both",
"type": 3,
"values": {
"0": "Local only",
"1": "Network only",
"2": "All (Local & Network)"
},
"value": "2"
},
"realms": {
"name": "Realms",
"desc": "Set account permissions",
"type": 5,
"values": {
"2": "Redirection",
"3": "PT Administration",
"4": "Hardware Asset",
"5": "Remote Control",
"6": "Storage",
"7": "Event Manager",
"8": "Storage Admin",
"9": "Agent Presence Local",
"10": "Agent Presence Remote",
"11": "Circuit Breaker",
"12": "Network Time",
"13": "General Information",
"14": "Firmware Update",
"15": "EIT",
"16": "LocalUN",
"17": "Endpoint Access Control",
"18": "Endpoint Access Control Admin",
"19": "Event Log Reader",
"20": "Audit Log",
"21": "ACL Realm",
"24": "Local System"
},
"value": [ "3" ]
}
}
},
"AMT-Accounts-RemoveKerberosUser": {
"name": "Accounts - Remove Kerberos User",
"desc": "Remove a digest user account from Intel AMT",
"code": "GetSidByteArray ToggleAccount \"%%%sid%%%\"\r\nbtoa ToggleAccount ToggleAccount\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.KerberosUserSid\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account %%%sid%%% found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account %%%sid%%% deleted.\"\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n\r\n# End of script\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
"vars": {
"sid": {
"name": "Sid",
"desc": "Sid of the user account to remove",
"type": 1,
"maxlength": 45,
"value": ""
}
}
},
"AMT-Accounts-PrintAll": {
"name": "Accounts - Print Users",
"desc": "Display all digest user accounts from Intel AMT",
"code": "# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"AMT-ACCOUNT: {AMT_AuthorizationService.Body.DigestUsername}, {AMT_AuthorizationService.Body.AccessPermission}, [{AMT_AuthorizationService.Body.Realms}]\"\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# End of script\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%"
},
"Basic-Add": {
"name": "Basic - Add",
"desc": "Add a value to a given variable",
"code": "add %%%var%%% %%%var%%% %%%value%%%",
"vars": {
"var": {
"name": "Name",
"desc": "Name of the variable to add to",
"type": 1,
"maxlength": 20,
"value": "SampleVariable"
},
"value": {
"name": "Value",
"desc": "Value to add to the variable",
"type": 1,
"value": "1"
}
}
},
"Basic-Disconnect": {
"name": "Basic - Disconnect",
"desc": "Disconnect from Intel AMT",
"code": "Disconnect"
},
"Basic-JumpLabel": {
"name": "Basic - Jump Target",
"desc": "Set a jump label. Other blocks can jump here.",
"code": ":%%%label%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
}
}
},
"Basic-Jump": {
"name": "Basic - Jump",
"desc": "Jump to a given label",
"code": "jump :%%%label%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
}
}
},
"Basic-JumpIf": {
"name": "Basic - Jump if",
"desc": "Jump to a given label if the condition is met",
"code": "jump :%%%label%%% %%%arg1%%% \"%%%comparator%%%\" %%%arg2%%%",
"vars": {
"label": {
"name": "Label",
"desc": "Name of the jump target label",
"type": 1,
"maxlength": 50,
"value": "SampleLabel"
},
"arg1": {
"name": "arg1",
"desc": "First variable to compare, use \"x\" for a string",
"type": 1,
"value": ""
},
"comparator": {
"name": "Comparator",
"desc": "How to compare both arguments",
"type": 3,
"values": {
"=": "=",
"!=": "!=",
"<": "<",
">": ">",
"<=": "<=",
">=": ">="
},
"value": "="
},
"arg2": {
"name": "arg2",
"desc": "Second variable to compare, use \"x\" for a string",
"type": 1,
"value": ""
}
}
},
"Basic-Print": {
"name": "Basic - Print",
"desc": "Print a string to the console",
"code": "print \"%%%printstring%%%\"",
"vars": {
"printstring": {
"name": "Value",
"desc": "String that will be printed to console, use urlescaping for special chars and use {x} to print variable x.",
"type": 1,
"value": "Sample String"
}
}
},
"Basic-ScriptSpeed": {
"name": "Basic - Script Speed",
"desc": "Set the speed of the script",
"code": "scriptspeed %%%delay%%%",
"vars": {
"delay": {
"name": "Delay",
"desc": "The delay in millisecond between execution of each script step. 200ms is 5 steps per second.",
"type": 2,
"maxlength": 4,
"value": 200
}
}
},
"Basic-Set": {
"name": "Basic - Set",
"desc": "Set a variable to a given value",
"code": "set %%%var%%% %%%value%%%",
"vars": {
"var": {
"name": "Name",
"desc": "Name of the variable to set",
"type": 1,
"maxlength": 20,
"value": "SampleVariable"
},
"value": {
"name": "Value",
"desc": "The new value to set to the variable",
"type": 1,
"value": "0"
}
}
},
"AMT-Event-RemoveAllSubscription": {
"name": "Event - Remove All Subscriptions",
"desc": "Remove all subscriptions.",
"vars": { },
"code": "# Fetch all of subscriptions handles\nprint \"Deleting all event subscriptions...\"\nsplit ws_query \"CIM_ListenerDestination,CIM_FilterCollectionSubscription\" \",\"\nwsbatchenum \"wsman_answer\" ws_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nlength i wsman_answer.CIM_ListenerDestination.responses\n:loop-%%%~%%%\njump :end-%%%~%%% i \"<=\" 0\nsubstract i i 1\nprint \"Delete {i}\"\nset name wsman_answer.CIM_ListenerDestination.responses.{i}.Name\nset filter wsman_answer.CIM_FilterCollectionSubscription.responses.{i}.Filter.ReferenceParameters.SelectorSet.Selector.Value\njsonparse r \"%7B%22Filter%22:%22<a:EndpointReference><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address><a:ReferenceParameters><w:ResourceURI>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_FilterCollection</w:ResourceURI><w:SelectorSet><w:Selector Name=%5C%22InstanceID%5C%22>{filter}</w:Selector></w:SelectorSet></a:ReferenceParameters></a:EndpointReference>%22, %22Handler%22:%22<a:EndpointReference><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address><a:ReferenceParameters><w:ResourceURI>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ListenerDestinationWSManagement</w:ResourceURI><w:SelectorSet><w:Selector Name=%5C%22CreationClassName%5C%22>CIM_ListenerDestinationWSMAN</w:Selector><w:Selector Name=%5C%22Name%5C%22>{name}</w:Selector><w:Selector Name=%5C%22SystemCreationClassName%5C%22>CIM_ComputerSystem</w:Selector><w:Selector Name=%5C%22SystemName%5C%22>Intel(r) AMT</w:Selector></w:SelectorSet></a:ReferenceParameters></a:EndpointReference>%22%7D\"\nwsunsubscribe \"CIM_FilterCollectionSubscription\" r\nprint \"Result: {wsman_result}\"\njump :loop-%%%~%%% i \"!=\" 0\n# End of script\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset i\nset r\nset name\nset filter\nset ws_query\nset wsman_answer\nset PullEventSubscriptions 1\n##!BLOCK!##"
},
"AMT-Event-AddSubscription": {
"name": "Event - Add Subscription",
"desc": "Add a subscription event to Intel AMT.",
"vars": {
"SubscriptionType": {
"name": "Type",
"desc": "Type of subscription",
"type": "3",
"value": "Push",
"values": {
"Push": "Push",
"PushWithAck": "Push with ACK"
}
},
"SubscriptionFilter": {
"name": "Filter",
"desc": "Event filter, only the selected event types will be sent.",
"type": "3",
"value": "1",
"values": {
"0": "ME Presence Events",
"1": "User Notification",
"2": "All Events",
"3": "Platform Events",
"4": "Core Platform Events",
"5": "Features",
"6": "System Firmware Progress Events"
}
},
"SubscriptionUrl": {
"name": "URL",
"desc": "URL used to send events to.",
"type": "1",
"maxlength": "255",
"value": "http://"
},
"SubscriptionArgs": {
"name": "Arguments",
"desc": "Extra arguments sent when sending the event.",
"type": "1",
"maxlength": "255",
"value": ""
}
},
"code": "print \"Adding subscription: %%%SubscriptionUrl%%%\"\nsplit filters \"Intel(r) AMT:ME Presence,Intel(r) AMT:User,Intel(r) AMT:All,Intel(r) AMT:Platform,Intel(r) AMT:CorePlatform,Intel(r) AMT:Features,Intel(r) AMT:FW ProgressEvents\" \",\"\nset filter filters.%%%SubscriptionFilter%%%\njsonparse subfilter \"%7B%22InstanceID%22:%22{filter}%22%7D\"\nwssubscribe \"CIM_FilterCollection\" \"%%%SubscriptionType%%%\" \"%%%SubscriptionUrl%%%\" subfilter \"%%%SubscriptionArgs%%%\"\n\n# End of script\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset filters\nset filter\nset subfilter\nset PullEventSubscriptions 1\n"
},
"AMT-General-SetUserConsent": {
"name": "General - Set User Consent",
"desc": "Set the Intel AMT user consent mode",
"code": "split ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.IPS_OptInService.response.OptInRequired %%%consentMode%%%\r\nwsput \"IPS_OptInService\" wsman_answer.IPS_OptInService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"consentMode": {
"name": "Consent Mode",
"desc": "Intel AMT user consent mode",
"type": 3,
"values": {
"0": "Not Required",
"1": "Required for KVM only",
"0xFFFFFFFF": "Always Required"
},
"value": "0"
}
}
},
"AMT-General-ActiveFeatures": {
"name": "General - Set Active Features",
"desc": "Set the Intel AMT active features",
"code": "split ws_optIn_query \"*AMT_RedirectionService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.AMT_RedirectionService.response.ListenerEnabled \"%%%listenerEnabled%%%\"\r\nset wsman_answer.AMT_RedirectionService.response.EnabledState \"%%%enabledState%%%\"\r\njsonparse wsargs \"%7B %22RequestedState%22:%22%%%enabledState%%%%22 %7D\"\r\nwsexec \"AMT_RedirectionService\" \"RequestStateChange\" wsargs\r\nwsput \"AMT_RedirectionService\" wsman_answer.AMT_RedirectionService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"listenerEnabled": {
"name": "Redirection Port",
"desc": "Enable or disable the Intel AMT redirection port (TCP:16993/16995)",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
},
"enabledState": {
"name": "SOL/IDER Feature",
"desc": "Enable or disable the Intel AMT Serial-over-LAN and IDER features",
"type": 3,
"values": {
"32768": "Disabled",
"32769": "IDER only",
"32770": "Serial-over-LAN only",
"32771": "IDER & SOL enabled"
},
"value": "32771"
}
}
},
"AMT-General-GetCoreVersion": {
"name": "General - Get Version",
"desc": "Retrieves the Intel AMT release version, prints it to the console and stores it in variable AmtCoreVersion",
"code": "split ws_general_query \"CIM_SoftwareIdentity\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.CIM_SoftwareIdentity.responses\r\nlength arr_len arr\r\n:loop-%%%~%%%\r\nset curInstanceId arr.{i}.InstanceID\r\njump :AmtCoreVersionFound-%%%~%%% curInstanceId \"=\" \"AMT FW Core Version\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"Error: Intel AMT version was not found\"\r\njump :end-%%%~%%%\r\n:AmtCoreVersionFound-%%%~%%%\r\nset AmtCoreVersion arr.{i}.VersionString\r\nprint \"Intel AMT version: {AmtCoreVersion}\"\r\n:end-%%%~%%%\r\nset arr\r\nset arr_len\r\nset curInstanceId\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-General-GetPlatformType": {
"name": "General - Get Platform Type",
"desc": "Retrieves the platfrom type of the target, prints it to the console and stores it in variable PlatformType",
"code": "jsonparse sysTypeHmap \"%7B%2232%22:%22Desktop%22,%2233%22:%22Notebook%22%7D\"\r\nsplit ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset i wsman_answer.CIM_ComputerSystem.responses.{i}.Dedicated\r\nset PlatformType sysTypeHmap.{i}\r\nprint \"Platform Type: {PlatformType}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset sysTypeHmap"
},
"AMT-General-GetProvState": {
"name": "General - Get Provisisoning State",
"desc": "Retrieves the current Provisioning State of Intel AMT, prints it to the console and stores it in variable AmtProvState",
"code": "jsonparse provStateHmap \"%7B%220%22:%22Pre%22,%221%22:%22In%22,%222%22:%22Post%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningState\r\nset AmtProvState provStateHmap.{key}\r\nadd AmtProvState AmtProvState \"-Provisioning\"\r\nprint \"Intel AMT Provisioning State: {AmtProvState}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provStateHmap\r\nset key"
},
"AMT-General-GetProvMode": {
"name": "General - Get Provisisoning Mode",
"desc": "Retrieves the current Provisioning Mode of Intel AMT, prints it to the console and stores it in variable AmtProvMode",
"code": "jsonparse provModeHmap \"%7B%221%22:%22Admin%20Control%20Mode%20(ACM)%22,%222%22:%22Reserved1%22,%223%22:%22Client%20Control%20Mode%20(CCM)%22,%224%22:%22Reserved2%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningMode\r\nset AmtProvMode provModeHmap.{key}\r\nprint \"Intel AMT Provisioning Mode: {AmtProvMode}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provModeHmap\r\nset key"
},
"AMT-General-PrintUserConsent": {
"name": "General - Print User Consent",
"desc": "Display the Intel AMT user consent mode",
"code": "jsonparse OptInStateEnum \"%7B%220%22:%22Not Required%22,%221%22:%22Required for KVM only%22,%224294967295%22:%22Always Required%22%7D\"\r\nsplit ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"User Consent mode: {OptInStateEnum.{wsman_answer.IPS_OptInService.response.OptInRequired}}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n"
},
"AMT-General-SetHostname": {
"name": "General - Set Hostname",
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.HostName \"%%%hostname%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.DomainName \"%%%domainname%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"hostname": {
"name": "Hostname",
"desc": "The hostname Intel AMT will use while in Sx state",
"type": 1,
"maxlength": 30,
"value": ""
},
"domainname": {
"name": "Domain",
"desc": "The domain name Intel AMT will use while in Sx state",
"type": 1,
"maxlength": 30,
"value": ""
}
}
},
"AMT-General-SetPingResponse": {
"name": "General - Set Ping Response",
"desc": "Set the Intel AMT response to ICMP and RMCP ping requests",
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-2 wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.PingResponseEnabled \"%%%icmpPingResponse%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.RmcpPingResponseEnabled \"%%%rmcpPingResponse%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-2 wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-2\r\n:error-2\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-2\r\n",
"vars": {
"icmpPingResponse": {
"name": "ICMP Ping",
"desc": "Enable or disable the Intel AMT response to ICMP ping",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
},
"rmcpPingResponse": {
"name": "RMCP Ping",
"desc": "Enable or disable the Intel AMT response to RMCP ping",
"type": 3,
"values": {
"true": "Enabled",
"false": "Disabled"
},
"value": "true"
}
}
},
"AMT-General-GetAmtUuid": {
"name": "General - Get UUID",
"desc": "Retrieves the Intel AMT UUID, prints it to the console and stores it in variable AmtUuid",
"code": "split ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset AmtUuid wsman_answer.CIM_ComputerSystem.responses.{i}.OtherIdentifyingInfo\r\nprint \"Intel AMT UUID: {AmtUuid}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-KVM-SetState": {
"name": "KVM - Set State",
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
"code": "jsonparse wsargs \"%7B %22RequestedState%22:%22%%%kvmEnabled%%%%22 %7D\"\r\nwsexec \"CIM_KVMRedirectionSAP\" \"RequestStateChange\" wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"kvmEnabled": {
"name": "KVM State",
"desc": "Enable or disable the Intel AMT KVM feature",
"type": 3,
"values": {
"2": "Enabled",
"3": "Disabled"
},
"value": "2"
}
}
},
"AMT-KVM-SetSessionTimeout": {
"name": "KVM - Set Session Timeout",
"desc": "Set the Intel AMT KVM session timeout",
"vars": {
"kvmTimeout": {
"name": "KVM Timeout",
"desc": "Intel AMT KVM session timeout in minutes",
"type": "2",
"value": "4"
}
},
"code": "split ws_general_query \"*IPS_KVMRedirectionSettingData\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset wsman_answer.IPS_KVMRedirectionSettingData.response.SessionTimeout \"%%%kvmTimeout%%%\"\nwsput \"IPS_KVMRedirectionSettingData\" wsman_answer.IPS_KVMRedirectionSettingData.response\njump :error-%%%~%%% wsman_result \"!=\" 200\nset PullSystemStatus \"1\"\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\n\n"
},
"AMT-Network-DetectWiredNic": {
"name": "Network - Wired NIC",
"desc": "Detects if the platfrom has a wired Intel AMT network interface controller (NIC), logs to the console and stores the result in WiredAmtNic",
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 0\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiredAmtNic \"true\"\r\nprint \"Wired AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wired AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-DetectWifiNic": {
"name": "Network - Wireless NIC",
"desc": "Detects if the platfrom has a WiFi interface, logs to the console and stores the result in WiFiAmtNic",
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 1\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiFiAmtNic \"true\"\r\nprint \"WiFi AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wifi AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-GetAmtFqdn": {
"name": "Network - Get FQDN",
"desc": "Retrieves the FQDN of Intel AMT, prints it to the console and stores it in variable AmtFqdn",
"code": "split ws_general_query \"*AMT_GeneralSettings\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AmtFqdn wsman_answer.AMT_GeneralSettings.response.HostName\r\nadd AmtFqdn AmtFqdn \".\"\r\nadd AmtFqdn AmtFqdn wsman_answer.AMT_GeneralSettings.response.DomainName\r\nprint \"Intel AMT FQDN: {AmtFqdn}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
},
"AMT-Network-AddEnvDetection": {
"name": "Network - Set Environment Detection",
"desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in",
"code": "# *** Validate user input ***\r\nprint \"Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result",
"vars": {
"DetectionStrings": {
"name": "Detection Strings",
"desc": "A comma separated list of up to 4 strings to use in the environment detection algorithm (e.g. intel.com,contoso.com)",
"type": 1,
"maxlength": 255,
"value": ""
},
"DetectionIPv6LocalPrefixes": {
"name": "IPv6 Local Prefixes",
"desc": "A comma separated list of IPv6 local prefixes (strings) to use independently of or in conjunction with Detection Strings. (e.g. 1234::/64,4321::/46)",
"type": 1,
"maxlength": 255,
"value": ""
}
}
},
"AMT-Network-ClearEnvDetection": {
"name": "Network - Clear Environment Detection",
"desc": "Clears the DNS information that is used by Intel AMT to dynamically determine the network it is operating in",
"vars": { },
"code": "split ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\nwsbatchenum \"wsman_answer\" ws_general_query\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\nset envDetectionInstance.DetectionStrings undefined\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-%%%~%%% wsman_result \"==\" 200\nprint \"Cleared environment detection\"\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-%%%~%%%\n:end-%%%~%%%\nset envDetectionInstance\nset ws_general_query\nset AMT_EnvironmentDetectionSettingData\nset PullRemoteAccess \"1\"\nset wsman_answer \nset wsman_result\n"
},
"AMT-SetBoot-PowerAction": {
"name": "Power - Power Action",
"desc": "Perform an Intel AMT power action",
"code": "set ManagedElementXml \"%3CAddress xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3E%3CResourceURI xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3Ehttp://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ComputerSystem%3C/ResourceURI%3E%3CSelectorSet xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3E%3CSelector Name=\\%22CreationClassName\\%22%3ECIM_ComputerSystem%3C/Selector%3E%3CSelector Name=\\%22Name\\%22%3EManagedSystem%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njsonparse wsargs \"%7B %22PowerState%22:%22%%%powerAction%%%%22, %22ManagedElement%22:%22{ManagedElementXml}%22 %7D\"\r\nset ManagedElementXml\r\nwsexec \"CIM_PowerManagementService\" \"RequestPowerStateChange\" wsargs\r\nset wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\nprint \"Power action completed\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
"vars": {
"powerAction": {
"name": "Power Action",
"desc": "Indicate the power action to perform",
"type": 3,
"values": {
"2": "Power on",
"5": "Power cycle",
"8": "Power down",
"10": "Reset"
},
"value": "2"
}
}
},
"AMT-Power-SetBootSettings": {
"name": "Power - Set Boot Settings",
"desc": "Set next boot parameters",
"code": "split ws_general_query \"*AMT_BootSettingData\"\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset bootoptions wsman_answer.AMT_BootSettingData.response\nset bootoptions.BIOSSetup \"%%%bootBiosSetup%%%\"\nset bootoptions.UseSOL \"%%%bootSerialOverLan%%%\"\nwsput \"AMT_BootSettingData\" bootoptions\nset AMT_BootSettingData\njump :error-%%%~%%% wsman_result \"!=\" 200\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"WSMAN call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\n#set bootoptions\n\n",
"vars": {
"bootBiosSetup": {
"name": "BIOS Setup",
"desc": "On next boot go to BIOS setup screen",
"type": "3",
"value": "false",
"values": {
"true": "Enabled",
"false": "Disabled"
}
},
"bootSerialOverLan": {
"name": "Serial-over-LAN",
"desc": "Enable Serial-over-LAN on next boot",
"type": "3",
"value": "false",
"values": {
"true": "Enabled",
"false": "Disabled"
}
}
}
},
"AMT-Power-GetBootSettings": {
"name": "Power - Get Boot Settings",
"desc": "Get next boot parameters",
"code": "split ws_general_query \"*AMT_BootSettingData\"\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset bootoptions wsman_answer.AMT_BootSettingData.response\nprint bootoptions\nset AMT_BootSettingData\njump :error-%%%~%%% wsman_result \"!=\" 200\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"WSMAN call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\n#set bootoptions\n",
"vars": { }
},
"AMT-RemoteAccess-AddMpsServerFqdnCert": {
"name": "Remote - Add MPS FQDN/Cert",
"desc": "Add a new CIRA server (MPS) using the server's hostname and authentication using certificate",
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:%22201%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed with error {wsman_result}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"FQDN": {
"name": "MPS Hostname",
"desc": "The Fully Qualified Domain Name of the MPS to add",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"CN": {
"name": "Certificate CN",
"desc": "The common name of the authentication certificate",
"type": 1,
"maxlength": 100,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsServerFqdnUpa": {
"name": "Remote - Add MPS FQDN/User",
"desc": "Add a new CIRA server (MPS) using the server's hostname authentication using username/password",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:201,%22Port%22:%%%Port%%%,%22AuthMethod%22:2,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"FQDN": {
"name": "MPS Hostname",
"desc": "The Fully Qualified Domain Name of the MPS to add",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"username": {
"name": "Username",
"desc": "A Username to be used for the connection with the MPS",
"type": 1,
"maxlength": 16,
"value": ""
},
"password": {
"name": "Password",
"desc": "The Password matching the username above",
"type": 4,
"maxlength": 16,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsIpCertServer": {
"name": "Remote - Add MPS IP/Cert",
"desc": "Add a new CIRA server (MPS) using the server's IP address and authentication using certificate",
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
"vars": {
"IP": {
"name": "IPv4 Address",
"desc": "The IPv4 address of the MPS server",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"ServerName": {
"name": "Server Name",
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
"type": 1,
"maxlength": 255,
"value": ""
},
"CN": {
"name": "Certificate CN",
"desc": "The common name of the authentication certificate",
"type": 1,
"maxlength": 100,
"value": ""
}
}
},
"AMT-RemoteAccess-AddMpsIpUpa": {
"name": "Remote - Add MPS IP/User",
"desc": "Add a new CIRA server (MPS) using the servers IP address and authenticating using a username/password",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%222%22,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset wsman_ans_length",
"vars": {
"IP": {
"name": "IPv4 Address",
"desc": "The IPv4 address of the MPS server",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
},
"ServerName": {
"name": "Server Name",
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
"type": 1,
"maxlength": 255,
"value": ""
},
"username": {
"name": "Username",
"desc": "A Username to be used for the connection with the MPS",
"type": 1,
"maxlength": 16,
"value": ""
},
"password": {
"name": "Password",
"desc": "The Password matching the username above",
"type": 4,
"maxlength": 16,
"value": ""
}
}
},
"AMT-RemoteAccess-Remove-MPS": {
"name": "Remote - Remove MPS",
"desc": "Remove MPS identified by its IP/FQDN and port",
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :mpsFound-%%%~%%% curAccessInfo \"=\" \"%%%AccessInfo%%%:%%%Port%%%\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"No MPS was found matching the input parameters\"\r\njump :end-%%%~%%%\r\n:mpsFound-%%%~%%%\r\nprint \"Found matching MPS, starting removal process\"\r\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\r\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\r\n:end-%%%~%%%\r\nset AMT_ManagementPresenceRemoteSAP\r\nset arr\r\nset curAccessInfo\r\nset i\r\nset instanceName\r\nset selector\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset arr_len\r\nset PullRemoteAccess 1",
"vars": {
"AccessInfo": {
"name": "FQDN/Address",
"desc": "The FQDN/IPv4 address of the MPS server to be deleted",
"type": 1,
"maxlength": 255,
"value": ""
},
"Port": {
"name": "Port Number",
"desc": "The MPS server port number",
"type": 2,
"maxlength": 5,
"value": ""
}
}
},
"AMT-RemoteAccess-RemoveAll-MPS": {
"name": "Remote - Remove All MPS",
"desc": "Remove all MPS",
"vars": { },
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-%%%~%%%\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-%%%~%%% i \"<\" arr_len\n:end-%%%~%%%\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n"
},
"AMT-RemoteAccess-AddRemoteAccessPolicyRule": {
"name": "Remote - Add Trigger (User / Alert)",
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
"code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy added successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer",
"vars": {
"AccessInfo1": {
"name": "MPS 1 Address",
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
"type": 1,
"maxlength": 255,
"value": ""
},
"AccessInfo2": {
"name": "MPS 2 Address",
"desc": "Optional, leave empty value if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
"type": 1,
"maxlength": 255,
"value": ""
},
"Trigger": {
"name": "Trigger",
"desc": "The event that will trigger the establishment of the remote connection to the MPS.",
"type": 3,
"values": {
"0": "User Initiated",
"1": "Alert"
},
"value": "0"
},
"tLifeTime": {
"name": "Tunnel Lifetime",
"desc": "Defines the tunnels lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the server, the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
"type": 2,
"maxlength": 5,
"value": "0"
}
}
},
"AMT-RemoteAccess-AddRemoteAccessPolicyRule2": {
"name": "Remote - Add Trigger (Periodic)",
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
"code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t<MAX_INT, aborting operation...\"\r\njump :end-%%%~%%%\r\n:SET_PERIOD\r\n# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%222%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\nbtoa extendedData extendedData\r\nset ws_args.ExtendedData extendedData\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy added successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer\r\nset bPeriod\r\nset extendedData\r\nset period_arr\r\nset period_arr_len\r\nset bPeriodHour\r\nset bPeriodMinute",
"vars": {
"AccessInfo1": {
"name": "MPS 1 Address",
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
"type": 1,
"maxlength": 255,
"value": ""
},
"AccessInfo2": {
"name": "MPS 2 Address",
"desc": "Optional, leave empty if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
"type": 1,
"maxlength": 255,
"value": ""
},
"PeriodType": {
"name": "Interval Type",
"desc": "Defines the idle periods of the connection. Data can be in one of two formats: periodic interval (seconds) or daily interval (HH:MM).",
"type": 3,
"values": {
"0": "Periodic (Seconds)",
"1": "Daily (HH:MM)"
},
"value": "0"
},
"Period": {
"name": "Interval Value",
"desc": "Set the interval to an integer value (0 <= t < MAX_INT in seconds) or a time format (HH:MM s.t 0 <= HH < 24, 0 <= MM < 60) depending on the selection above",
"type": 1,
"maxlength": 11,
"value": ""
},
"tLifeTime": {
"name": "Tunnel Lifetime",
"desc": "Defines the tunnels lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
"type": 2,
"maxlength": 5,
"value": "0"
}
}
},
"AMT-RemoteAccess-RemoveAccessPolicyRule": {
"name": "Remote - Remove Trigger",
"desc": "Removes the remote access trigger policies",
"code": "jsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\r\nsplit policiesArr \"%%%policies%%%\" \",\"\r\nlength policiesArrLen policiesArr\r\nset i 0\r\n:loop-%%%~%%%\r\nset curPolicy hMapPolicies.{policiesArr.{i}}\r\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\r\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" policiesArrLen\r\nprint \"Policies removed successfully\"\r\nset PullRemoteAccess 1\r\nset AMT_RemoteAccessPolicyRule\r\nset curPolicy\r\nset hMapPolicies\r\nset i\r\nset policiesArr\r\nset policiesArrLen\r\nset ws_args\r\nset wsman_result",
"vars": {
"policies": {
"name": "Policies",
"desc": "Set policies to be removed",
"type": 5,
"values": {
"0": "User Initiated",
"1": "Alert",
"2": "Periodic"
},
"value": [ "" ]
}
}
},
"AMT-RemoteAccess-SetUserInterface": {
"name": "Remote - Set User Initiation",
"desc": "A local or user or application may initiation the Intel AMT Client Initiation Remote Access (CIRA) connection to the server. Use this script block to enabled or disable this feature.",
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22RequestedState%22:%22%%%ReqState%%%%22%7D\"\r\njsonparse EnumState \"%7B%2232768%22:%22Disabled%22,%2232769%22:%22BIOS Enabled%22,%2232770%22:%22OS enable%22,%2232771%22:%22BIOS & OS Enabed%22%7D\"\r\n# Execute call to change the state\r\nwsexec \"AMT_UserInitiatedConnectionService\" \"RequestStateChange\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"SUCCESS: Remote Access user interfaces set to: {EnumState.%%%ReqState%%%}\"\r\n\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset wsargs\r\nset wsman_result\r\nset wsman_result_str\r\nset EnumState\r\nset AMT_UserInitiatedConnectionService",
"vars": {
"ReqState": {
"name": "User Initiation",
"desc": "Select the configuration to be set for Remote Access user initiated interface",
"type": 3,
"values": {
"32768": "Disabled",
"32769": "BIOS only",
"32770": "OS only",
"32771": "BIOS & OS"
},
"value": "32771"
}
}
},
"AMT-Security-AddCertificate": {
"name": "Security - Add Certificate",
"desc": "Add a trusted or chain certificate to Intel AMT certificate store.",
"code": "jsonparse wsargs \"%7B%7D\"\r\nset wsargs.CertificateBlob \"%%%CertBin%%%\"\r\njump :certroot %%%CertType%%% \"=\" 1\r\nprint \"Adding certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\r\njump :certdone\r\n:certroot\r\nprint \"Adding root certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\r\n:certdone\r\nset wsargs\r\nset AMT_PublicKeyManagementService\r\nset PullCertificates 1\r\n",
"vars": {
"CertType": {
"name": "Certificate Type",
"desc": "Select if this is a certificate that should be used by Intel AMT as trusted root.",
"type": 3,
"values": {
"0": "Chain Certificate",
"1": "Trusted Root Certificate"
},
"value": "0"
},
"CertBin": {
"name": "Certificate",
"desc": "A .cer file, this is the certificate that will be uploaded to Intel AMT.",
"type": 6
}
}
},
"AMT-Security-IssueUntrustedCertificate": {
"name": "Security - Issue Untrusted Certificate",
"desc": "Create a run Intel AMT certificate with private key that is signed by an untrusted dummy root.",
"code": "jump :certificateSupport-%%%~%%% _certificates \"=\" 1\nprint \"ERROR: No certificate support, this script block can't run in thei environment\"\njump :end2-%%%~%%%\n:certificateSupport-%%%~%%%\n\nset CommonName \"%%%CommonName%%%\"\"\nlength x CommonName \njump :skipSetCommonName-%%%~%%% x \"!=\" 0\n\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}\"\nlength x CommonName \njump :skipSetDomainName-%%%~%%% x \"=\" 0\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}.{wsman_answer.AMT_GeneralSettings.response.DomainName}\"\n:skipSetDomainName-%%%~%%%\n:skipSetCommonName-%%%~%%%\n\njsonparse certattributes \"%7B %22CN%22:%22{CommonName}%22, %22O%22:%22%%%Organization%%%%22, %22ST%22:%22%%%StateProvince%%%%22, %22C%22:%22%%%Country%%%%22 %7D\"\njsonparse wsargs \"%7B %22KeyAlgorithm%22:%220%22, %22KeyLength%22:%222048%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"GenerateKeyPair\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\nset selector AMT_PublicKeyManagementService.Body.KeyPair.ReferenceParameters.SelectorSet.Selector.Value\nsplit ws_query \"AMT_PublicPrivateKeyPair\" ,\nwsbatchenum \"wsman_answer\" ws_query\njump :error-%%%~%%% wsman_result \"!=\" 200\ngetitem i wsman_answer.AMT_PublicPrivateKeyPair.responses \"InstanceID\" selector\nset DERKey wsman_answer.AMT_PublicPrivateKeyPair.responses.{i}.DERKey\nsignwithdummyca DERKey certattributes\njsonparse wsargs \"%7B %22CertificateBlob%22:%22{signed_cert}%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset PullCertificates 1\n:end2-%%%~%%%\n\nset i\nset x\nset wsman_answer\nset selector\nset AMT_PublicKeyManagementService\nset ws_query\nset AMT_PublicKeyManagementService\nset DERKey\nset wsargs\n",
"vars": {
"CommonName": {
"name": "Common Name",
"desc": "Common name of the certificate, leave blank to use the Intel AMT host and domain name",
"type": 1,
"maxlength": 255,
"value": ""
},
"Organization": {
"name": "Organization",
"desc": "Certificate organization name",
"type": 1,
"maxlength": 255,
"value": ""
},
"StateProvince": {
"name": "State/Province",
"desc": "Certificate state or province name",
"type": 1,
"maxlength": 255,
"value": ""
},
"Country": {
"name": "Country",
"desc": "Certificate country name",
"type": 1,
"maxlength": 255,
"value": ""
}
}
}
}
}