Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 1

November 27, 2009 at 7:35 pm in Uncategorized by Kenny Buntinx [MVP]

Today I finally finalized my Intel VPro configuration on a SCCM 2007 SP2 box.In this blog post I try to explain all the details on how to provision clients with Vpro and what infrastructure steps are needed to make it work.

My fellow MVP Kim Oppalfens has already presented a great session on this topic at one of our SCUG events …You could find his session online here :

Assumptions :

  1. Everything has been executed on a SCCM 2007 Primary site server with Service Pack 2 installed on a Windows 2003 x86 SP2 box.
  2. We will work with one of the five trusted certificate vendors.
  3. You have a Intel Vpro capable machine


First the important stuff  : Summary of Prerequisites required for OOB Management !

The list below describes the necessary client, server, and infrastructure elements required in order to
manage your Intel vPro technology based systems Out-of-Band using Microsoft Configuration Manager

You will need :

• An Enterprise Certificate Authority to issue Web Server certificates to each Intel vPro technology based system for encrypted communications with ConfigMgr 2007 SP1 Management Console (Standalone CA is insufficient).
• Active Directory OU to store Intel AMT objects for each Intel vPro technology based system that will be managed by OOB.
• ConfigMgr 2007 SP2 Out of Band Service point installed and configured to support Intel vPro technology based systems.
• OOB Service Point installed on Windows 2003 Server requires Windows 2003 SP2 with hotfix 942841.
• Windows Remote Management (WinRM) installed on each ConfigMgr 2007 server that the OOB Service Point installed with hotfix:
• 3rd Party Remote Configuration Certificate on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield) – Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will use a third party vendor from

• Enable OOB network discovery of Intel vPro technology based systems
• Intel vPro technology and firmware of 3.2.1 or higher are required for native support from ConfigMgr 2007 SP2
• Intel HECI Driver installed on the OS (see OEM for latest driver)
• Configuration Manager Client agent installed on each Intel vPro system to initiate the provisioning process (there are alternative methods available in the help file but this is the most effective and easiest method)
• Intel vPro technology based systems joined to the same domain as the OOB Service point provisioning and managing these devices
• Open Intel vPro technology related network ports on routers and firewalls: 9971 – Provisioning Port; and 16992 through 16995 – OOB Management Ports


Lets keep the rest for Part 2 …


Hope it Helps ,

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest