Decide Whether You Need a Customized Firmware Image From Your Computer Manufacturer
Applies To: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
If you haven't yet purchased the computers that you want to manage out of band with Configuration Manager 2007 SP1 and later, decide whether you need a customized firmware image from your computer manufacturer.
The information in this topic applies only to Configuration Manager 2007 SP1 and later.
Computers that can be managed out of band have BIOS extensions that can include options such as enabling serial over LAN and IDE redirection and that can set values such as a certificate thumbprint of a root certification authority that is used during the AMT provisioning process.
Check which BIOS extension settings are available from your computer manufacturer, and decide whether you need a customized image to enable or disable options and specify your choice of values.
Some typical examples of why you might need a customized firmware image include the following:
You want to specify an alternative external certification authority to issue the AMT provisioning certificate, or you want to use your own internal certification authority to issue the AMT provisioning certificate.
If you want to use your own internal certification authority, you will need to supply the certificate thumbprint of your root certification authority. If you need more information about how to do this, see How to Locate the Certificate Thumbprint of Your Internal Root Certificate for AMT Provisioning.
The default firmware image enables serial over LAN and IDE redirection, but to comply with your internal security policies, computers on your company network must not support these highly privileged management options. For more information about serial over LAN and IDE redirection, see Overview of Out of Band Management.
The default firmware image does not enable bypassing the BIOS password, and you want to be able to use this option when powering up or restarting computers out of band with the out of band management console.
The default firmware image has the value of ProvisionServer for the provisioning server name, but you want to use either a different name or the IP address of the server that will host the out of band service point role. For more information about this scenario, see Decide Whether You Should Register an Alias for the Out of Band Service Point in DNS.
You want your AMT-based computers to use a MEBx password that is different from the default value of admin.
If you think you might benefit from a customized firmware image, discuss the available BIOS extensions with your computer manufacturer or supplier.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.