You are here: Defining Intel AMT Profiles > Defining the Access Control List (ACL) > Adding a User to the ACL
Adding a User to the ACL
The User/Group Details window lets you add a new user or user group to the profile’s Access Control List.
To add a user:
- From the Access Control List (ACL) window, click Add. The User/Group Details window opens.
- In the User Type section, select the required type of user:
- Digest User – Enter the username and password (see Password Format). The usernames “admin” and “administrator” are not permitted (these names are reserved for the default admin user). The username must be unique in this profile, a maximum of 16 characters, and cannot contain these characters:
( , ), ( : ), ( “ ), ( & ), ( < ), or ( > ). Usernames starting with $$ are not permitted.
- Active Directory User/Group – Click Browse and select the user or group.
Note:You cannot select the default user groups from the Active Directory Builtin folder. Instead, either add the required users individually or create and add a new group containing the users. - Digest User – Enter the username and password (see Password Format). The usernames “admin” and “administrator” are not permitted (these names are reserved for the default admin user). The username must be unique in this profile, a maximum of 16 characters, and cannot contain these characters:
- From the Access Type drop-down list, specify an access type. This parameter defines the locations from where the user is allowed to do an action. A user might be limited to local actions or might also be able to do actions from the network. Select one of these:
- Local – The user can access the Intel AMT system only via the local host.
- Remote – The user can execute an action only via the network.
- Both – The user can execute an action either locally or from the network.
- From the Realms section, select the check boxes of the realms that you want to make available to this user. The realms define specific functional capabilities, as described in this table. Note that not all realms are available on all versions of Intel AMT.
Realm Capabilities Redirection Enables and disables the redirection capability and retrieves the redirection log PT Administration Manages security control data such as Access Control Lists, Kerberos parameters, Transport Layer Security, Configuration parameters, power saving options, and power packages. A user with PT Administration Realm privileges has access to all realms.
Note: If this user will be used to run the Configurator to do host-based configuration, the Access Type must be Local (or Both).
Hardware Asset Used to retrieve information about the hardware inventory of the Intel AMT system Remote Control Enables powering a system up or down remotely. Used in conjunction with the Redirection capability to boot remotely. Storage Used to configure, write to, and read from non-volatile user storage Event Manager Allows configuring hardware and software events to generate alerts Storage Administration Used to configure the global parameters that govern the allocation and use of non-volatile storage Agent Presence Local Used by an application designed to run on the local platform to report that it is running and to send heartbeats periodically Agent Presence Remote Used to register Local Agent applications and to specify the behavior of Intel AMT when an application is running or stops running unexpectedly Circuit Breaker Used to define filters, counters, and policies to monitor incoming and outgoing network traffic and to block traffic when a suspicious condition is detected (the System Defense feature) Network Time Used to set the clock in the Intel AMT device and synchronize it to network time General Info Returns general setting and status information. With this interface, it is possible to give a user permission to read parameters related to other interfaces without giving permission to change the parameters Firmware Update Used only by manufacturers via Intel-supplied tools to update the Intel AMT firmware EIT Implements the Embedded IT service Local User Notification Provides alerts to a user on the local interface Endpoint Access Control Returns settings associated with NAC/NAP posture Endpoint Access Control Administrator Configures and enables the NAC/NAP posture Event Log Reader Allows definition of a user with privileges only to read the Intel AMT system log Access Monitor Allows a system auditor to monitor all events. Before assigning this realm, see Using Access Monitor. User Access Control Groups several ACL management commands into a separate realm to enable users to manage their own passwords without requiring administrator privileges
