2. Computers & electronics
  3. Computers
  4. PC/workstation barebones
  5. Lenovo
  6. ThinkCentre M91p
ThinkCentre M91p

Lenovo ThinkCentre M91p Configuration manual

  • Hello! I am an AI chatbot trained to assist you with the Lenovo ThinkCentre M91p Configuration manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
ThinkCentreM91p
IntelActiveManagementTechnology
CongurationGuide
ThinkCentreM91p
IntelActiveManagementTechnology
CongurationGuide
Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixC
“Notices”onpage27.
FirstEdition(March2011)
©CopyrightLenovo2011.
LENOVOproducts,data,computersoftware,andserviceshavebeendevelopedexclusivelyatprivateexpenseandare
soldtogovernmentalentitiesascommercialitemsasdenedby48C.F.R.2.101withlimitedandrestrictedrightsto
use,reproductionanddisclosure.
LIMITEDANDRESTRICTEDRIGHTSNOTICE:Ifproducts,data,computersoftware,orservicesaredeliveredpursuant
aGeneralServicesAdministration“GSAcontract,use,reproduction,ordisclosureissubjecttorestrictionssetforth
inContractNo.GS-35F-05925.
Contents
Aboutthisdocument.........v
Chapter1.IntroductiontoIntelvPro
andIntelAMT.............1
Acronyms................1
Chapter2.Featuresandbenetsof
IntelAMT...............3
Featuresandbenets............3
Chapter3.Mainfeaturesof
computersbuiltwithIntelAMT....5
CIRA..................5
KVMredirection..............6
HostBasedProvisioning...........6
Chapter4.IntelAMTsetupand
congurationonLenovoThinkCentre
M91pdesktopcomputers......7
IntelAMTcongurationsettingsinSetupUtility..7
IntelMEBxsetupandconguration......8
EnteringtheMEBxcongurationuser
interface...............8
Intel(R)MEGeneralSettings.......8
Intel(R)AMTConguration........11
Driverdescription.............19
MEI.................19
LMS.................20
SOL.................20
Chapter5.Webuserinterface....21
AccessingtheWebuserinterface.......21
ConguringtheIntelAMTcomputer....21
Loggingontotheclient.........22
FunctionsintheWebuserinterface......22
AppendixA.Examplesofconguring
IntelAMTinmanualandautomatic
setupandcongurationmodes...23
ConguringIntelAMTinmanualsetupand
congurationmode.............23
ConguringIntelAMTinautomaticsetupand
congurationmode.............23
ZTCprovisioning............23
USBprovisioning............24
AppendixB.Factorydefaultsettings
fortheIntelMEBx...........25
AppendixC.Notices.........27
Trademarks................28
©CopyrightLenovo2011
iii
ivThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Aboutthisdocument
ThisdocumentprovidesinformationaboutIntel
®
ActiveManagementTechnology(IntelAMT)forLenovo
®
ThinkCentre
®
M91pdesktopcomputers.Thisdocumentprovidesstep-by-stepinstructionsonhowtouse
IntelAMT.
ThisdocumentisintendedfortrainedITprofessionalsorthoseresponsibleforconguringcomputers
throughouttheirorganizations.Thereadersshouldhavebasicknowledgeofnetworkandcomputer
technology,andbefamiliarwiththetermsTCP/IP,DHCP ,IDE,DNS,SubnetMask,DefaultGateway,Domain
Name,andsoon.
Thisdocumentprovidesinformationaboutthefollowingtopics:
Chapter1“IntroductiontoIntelvProandIntelAMT”onpage1:Thischapterprovidesageneralintroduction
toIntelvPro
andIntelAMT.
Chapter2“FeaturesandbenetsofIntelAMT”onpage3:Thischapterintroducesthefeaturesand
benetsofIntelAMT.
Chapter3“MainfeaturesofcomputersbuiltwithIntelAMT”onpage5:Thischapterintroducesthemain
featuresofIntelAMTbuilt-incomputers.
Chapter4“IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers”on
page7:ThischapterprovidesdetailedinstructionsonhowtocongureIntelAMTsettingsonLenovo
ThinkCentreM91pdesktopcomputers.
Chapter5“Webuserinterface”onpage21:Thischapterprovidesinstructionsonhowtoaccessthe
IntelAMTWebuserinterface.
©CopyrightLenovo2011
v
viThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Chapter1.IntroductiontoIntelvProandIntelAMT
IntelvProisabusinesscomputerplatformthatprovidesbusinesscomputerswithenhancedremote
managementcapabilities.ForcomputersbuiltwithIntelvPro,ITadministratorscanuseathirdpartysoftware
toremotelycollectinventoryinformation,diagnoseproblems,andprovidevariousservicesregardlessof
thecomputerpowerstateortheoperatingsystemstate.ITadministratorscanalsoisolateandprotect
individualcomputersandthenetworkfromthreats.
AsafeatureofIntelvPro,IntelAMTisdesignedtoprovideremotemanagementofcomputersregardless
ofthecomputerpowerstateortheoperatingsystemstateaslongasthecomputersareconnectedtoan
electricaloutletandanetwork.
IntelAMTisdesignedasabuildingblockandnotacompletesolution.ThisenablesOriginalEquipment
Manufacturers(OEMs)toincorporateIntelAMTintotheirclientandserverhardwareplatforms.Competent
andauthorizedthirdpartyapplicationsprovidemanagementandsecurityservicesthattakeadvantageof
theIntelAMTfeatures,suchasout-of-bandaccesstoassetinformation,eventlogs,hardwareandsoftware
tables,andembeddedcapabilities.
Acronyms
Thefollowingtablelistsandexplainssomeacronymsusedinthisdocument.
AcronymDescription
ACLAccessControlList
AMTActiveManagementTechnology
ASFAlertStandardFormat
BIOSBasicInputOutputSystem
CIRAClientInitiatedRemoteAccess
DHCPDynamicHostCongurationProtocol
DNSDomainNameServer
FQDNFullyQualiedDomainName
FWFirmware
HBPHostBasedProvisioning
HECIHostEmbeddedControllerInterface
IDE-RIntegratedDeviceElectronics-Redirection
IPInternetProtocol
ISVIndependentSoftwareVendor
KVMKeyboard-Video-Mouse
LMSLocalManageabilityService
MEManagementEngine
MEBx
ManagementEngineBIOSExtension
MEI
ManagementEngineInterface
NVMNonvolatilememory
OEMOriginalEquipmentManufacturer
©CopyrightLenovo2011
1
AcronymDescription
OOBOut-of-band
PID/PPS
ProvisioningIDandProvisioningPre-sharedKey
PKI
PublicKeyInfrastructure
PRTCProtectedRealTimeClock
PSK
Pre-sharedKey
PXEPrebootExecutionEnvironment
RCFGRemoteConguration
SHASecureHashAlgorithm
SMBSmallandMediumBusinesses
SOLSerial-over-LAN
TCPTransmissionControlProtocol
TLSTransportLayerSecurity
WOL
WakeonLan
ZTCZeroTouchConguration
2ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Chapter2.FeaturesandbenetsofIntelAMT
ThischapterintroducesthefeaturesandbenetsofIntelAMT.
ThefollowingtableliststheLenovobusinesscomputerswithIntelAMTinstalled.
LenovocomputerIntelAMTversion
ThinkCentreM91p
IntelAMT7.X
ThinkCentreM90p
IntelAMT6.X
ThinkCentreM58p
IntelAMT5.X
ThinkCentreM57p
IntelAMT3.X
ThinkCentreM55p
IntelAMT2.X
Featuresandbenets
ThinkCentreM91pcomputersbuiltwithIntelAMTenableITadministratorstobetterdiscover,heal,and
protectthenetworkedcomputingassets.
Discover:IntelAMTstoreshardwareandsoftwareinformationinnonvolatilememory(NVM).Withbuilt-in
manageability,IntelAMTenablesITadministratorstodiscoverassetsremotely,evenwhencomputersare
turnedoff.
Heal:Thebuilt-inmanageabilityofIntelAMTprovidesout-of-band(OOB)managementcapabilities,which
enableITadministratorstoremotelydiagnosecomputerproblemsandrecovercomputersevenifthe
operatingsystemsareinoperable.ProactivealertingandeventlogginghelpITadministratorsdetect
problemsquicklytoreducecomputerdowntime.
Protect:TheIntelAMTsystemdefensefeatureenablesbetterprotectionforcomputersbyproactively
blockingincomingthreats,controllinginfectedcomputersbeforethecomputerscauseproblemsinthe
network,andalertingITadministratorswhencriticalsoftwareagentsareremovedfromthecomputers.
ThefollowingtableshowsthefeaturesandbenetsofIntelAMT.
Table1.FeaturesandbenetsofIntelAMT
FeaturesBenets
OOBsystemaccess
Enablesremotemanagementofclientsregardlessof
clientpowerstateandoperatingsystemstate
Remotetroubleshootingandrecovery
SignicantlyreducesIThelpdeskvisitsandincreasesIT
serviceefciency
ProactivealertingDecreasescomputerdowntimeandminimizesITservice
time
RemotehardwareassettrackingIncreasesspeedandaccuracywithreducedaccounting
costs,comparedwithmanualinventorytracking
©CopyrightLenovo2011
3
4ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Chapter3.MainfeaturesofcomputersbuiltwithIntelAMT
ComputersbuiltwithIntelAMTversion2.0orlaterhavethefollowingfeaturesandimprovements:
Remotepowercontrol
Poweron
Poweroff
Powerreset
Powercycle
Assetmanagement
E-Assettag
OOBhardwareinventory
IntegratedDeviceElectronics-Redirection(IDE-R)
Floppyredirection
CDredirection
Serial-over-LAN(SOL)
Screenredirectionbasedontext
Keyboardredirection
Networkredirection
Remoterestart
Restartfromalocalharddiskdrive
RestartfromalocalCDorDVDdrive
RestartfromalocalPrebootExecutionEnvironment(PXE)
Eventmanagement
Eventalerting
Eventlogging
Auditlog
Agentpresence
Systemdefense
ClientInitiatedRemoteAccess(CIRA)
Keyboard-Video-Mouse(KVM)redirection
HostBasedProvisioning(HBP)
CIRA
ThinkCentreM91pcomputersbuiltwithIntelAMTsupporttheClientInitiatedRemoteAccess(CIRA)
function.YoucanperformthisfunctionthroughISVapplications..
TheCIRAfunctionenablesclient-initiated,secureOOBcommunicationtothemanageabilityconsole,
whichincludes:
User-initiatedcall-homefeature
©CopyrightLenovo2011
5
Scheduled,automatedcall-homefeature(nouserinputrequired)
TransportLayerSecurity(TLS)sessionestablishedthroughclientinitiation
KVMredirection
ThinkCentreM91pcomputersbuiltwithIntelAMT7.XsupportKeyboard-Video-Mouse(KVM)redirection
overInternetProtocol(IP).KVMredirectionenablesITadministratorstoremotelycontrolthekeyboard,video
orvisualdisplayunit,andmouseofthemanagedclients.KVMredirectionhasthefollowingadvantages:
Workstably
Basedonhardware
Note:KVMredirectionisbasedonhardwaresothatitcanworkcorrectlyregardlessoftheoperating
systemstateofthemanagedclients.
Manageclientsthroughmanagementserversremotely
Healing,installationandapplicationssupport
Notes:
1.KVMredirectioninIntelAMT7.XcanbeusedonlyoncomputerswithIntelintegratedgraphics.For
computerswithdiscretegraphicscards,theSerial-over-LAN(SOL)functioncanbeusedtosupport
remotediagnosticsandrepair.
2.TheKVMuserinterfacesareonlyavailableoncomputersthatsupportKVMredirection.Formore
informationaboutKVMuserinterfaces,see“SOL/IDER/KVM”onpage12.
HostBasedProvisioning
ThinkCentreM91pcomputersbuiltwithIntelAMTsupporttheHostBasedProvisioning(HBP)function.As
anewfeatureinIntelAMT7.X,thisfunctionprovidesnewinterfacesforsystemsetupandconguration
throughoperatingsystems.Italsohelpsreducecostandeffortsrelatedtosystemsetup,conguration,
andmaintenance.
ByenablingHBPfunction,youcansimplifyIntelvProtechnologyactivationthroughthefollowingways:
FullyactivatevProthroughsoftware
RemotelyndandactivateIntelvProtechnologyinanautomaticmanner
6ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Chapter4.IntelAMTsetupandcongurationonLenovo
ThinkCentreM91pdesktopcomputers
TheIntelManagementEngine(ME)isanisolatedandprotectedcomputingresourcethatrunsonanIntel
AMTcomputer.TheIntelManagementEngineBIOSExtension(MEBx)providesauserinterfacetochangeor
conguresettingsthatcontroltheoperationoftheIntelManagementEngine(ME).
AllchangestotheMEplatformcongurationsettingsarenotcachedintheMEBx,butcommittedtotheME
nonvolatilememoryuntilyouexittheMEBx.IftheIntelMEBxcrashesintheprocessoftheconguration,the
changesthatyouhavemadewillnotbesaved.
Note:ToperformtheCIRAfunction,congureyourcomputerintheMEBxformanualsetupand
congurationmodeorautomaticsetupandcongurationmode,andthenusetheCIRAfunctionthroughISV
applications.YoudonotneedtodoanyadditionalsetupandcongurationintheMEBx.
IntelAMTcongurationsettingsinSetupUtility
TheSetupUtilityprogramenablesyoutoviewandchangetheIntelAMTrelatedcongurationsettings
foryourcomputer.
TovieworchangetheIntelAMTcongurationsettings,dothefollowing:
1.RepeatedlypressandreleasetheF1keywhenturningonthecomputer.Whenyouhearmultiplebeeps
orseealogoscreen,releasetheF1key.TheSetupUtilityprogramstarts.
2.FromtheSetupUtilityprogrammainmenu,selectAdvancedIntel(R)Managebility.Thefollowing
windowwillbedisplayed.
Figure1.Intel(R)ManageabilitycongurationsettingsinSetupUtility
Inthewindow,youcanviewthefollowingIntelAMTcongurationsettings:
©CopyrightLenovo2011
7
Option
DefaultsettingDescription
Intel(R)ManageabilityControl
Enabled
UsedtoenableordisabletheIntel(R)
Manageabilityinterface.
Intel(R)AMTReset
DisabledUsedtoenableordisabletheIntel
AMTresetfunction.
Press<Ctrl-P>toEnterMEBx
EnabledUsedtoenableordisablethe
entranceoftheMEBxsetup
congurationmenu.
Formoreinformation,seetheinstructionsandthehelpmessagesonthescreen.
IntelMEBxsetupandconguration
ThissectionprovidesinstructionsonhowtosetupandcongureIntelAMTforyourcomputer.
EnteringtheMEBxcongurationuserinterface
RepeatedlypressandreleaseCtrl+Pwhenturningonthecomputer.WhenyouseetheIntelManagement
EngineBIOSExtensionwindow,releasetheCtrlandPkeys.Youwillbepromptedtopress1toenterthe
IntelMEBxMAINMENUwindow(Figure2)Press1toenterMEcongurationscreenswindow.Youwillbe
promptedtoentertheIntelMEpassword.TypetheIntelMEdefaultpasswordadminandthenyouwillbe
promotedtotypeanewpassword.TosetanewIntelMEpassword,see“ChangeMEPassword”onpage9
.
Figure2.IntelMEBxMAINMENUwindow
Intel(R)MEGeneralSettings
SelectIntel(R)MEGeneralSettingsintheIntelMEBxMAINMENUwindowandpressEnter.TheINTEL(R)ME
PLATFORMCONFIGURATIONwindowopens(Figure3).Thiswindowenablesyoutocongurethegeneral
settingsoftheIntelME,suchasMEstate,MEpassword,powercontrol,andsoon.
8ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Figure3.INTEL(R)MEPLATFORMCONFIGURATIONwindow
ThefollowingoptionsarelistedintheINTEL(R)MEPLATFORMCONFIGURATIONwindow:
ChangeMEPassword
TheChangeMEPasswordoptionenablesyoutochangetheIntelMEpassword.
TochangetheIntelMEpassword,selectChangeMEPasswordandpressEnter.Typeyournewpassword
andpressEnter.Whenpromptedtoconrmthenewpassword,typeyournewpasswordagain.
Passwordconsiderations:Forsecurityreasons,itisrecommendedtouseastrongpasswordthatcannot
beeasilycompromised.Tosetastrongpassword,usethefollowingguidelines:
Haveeightto32charactersinlength
Containatleastonealphabeticcharacter,onenumericcharacter,andonesymbol
(!@#$%^&*andsoon)
Containatleastoneuppercaseletterandonelowercaseletter
Youcanalsousethespacebarandunderscore(_).
Notes:
TheIntelMEpasswordhasalengthlimitof32characters.Ifyouentermorethan32characters,the
32ndcharacterwillbereplacedbythelastcharacteryouenter.Thus,thepasswordwillbecomprised
oftherst31charactersandthelastcharacter.
TheIntelMEpasswordcanberesettothedefaultoneadminintheSetupUtilityprogram.Ifyouwant
toresetthepassword,settheIntel(R)AMTResetoptionfromDISABLEDtoENABLED.See“Intel
AMTcongurationsettingsinSetupUtility”onpage7.Whenthesystemrestarts,amessageFound
uncongurationofIntel(R)MEContinuewithunconguration(Y/N)willbedisplayed.PressY.When
youentertheMEBxagain,youwillndthatthepasswordhasbeensuccessfullyresettoadmin.
FWUpdateSettings
SelectFWUpdateSettingsandpressEnter.TheFWUpdateSettingswindowopens.
Chapter4.IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers9
Option
Description
LocalFWUpdateYoucanenable,disable,orusetheMEBxpasswordto
protecttheIntelMErmwarelocalupdate.Whenthe
LocalFWUpdateoptionissettoENABLED,theIT
administratorcanupdatetheIntelMErmwarelocally
throughthelocalIntelMEinterfaceorthroughthelocal
secureinterface.WhentheLocalFWUpdateoptionis
settoDISABLED,thelocalIntelMErmwareupdateis
notallowed.WhentheLocalFWUpdateoptionissetto
PasswordProtected,LocalFWupdateisprotectedby
theMEBxpassword.
SetPRTC
SelectSetPRTCintheINTEL(R)MEPLATFORMCONFIGURATIONwindowandpressEnter.Youare
promptedtoentertheProtectedRealTimeClock(PRTC)valueinCoordinatedUniversalTime(UTC)format
(YYYY:MM:DD:HH:MM:SS).SettingaPRTCvaluehelpsmaintainthePRTCwhenyourcomputeristurned
off.ThevalidPRTCdaterangesfromJanuary1,2004toJanuary4,2021.
PowerControl
ThePowerControlmenuenablesyoutoconguretheMEpowercontrolpolicies.Toconformwiththe
ENERGYSTARprogramandtheEuPLot6requirements,theIntelMEcanbeturnedoffinvarioussleep
states.SelectPowerControlandpressEnter.TheINTEL(R)MEPOWERCONTROLwindowopens.Inthe
INTEL(R)MEPOWERCONTROLwindow,thefollowingoptionswillbedisplayed.
10ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
Option
Description
Intel(R)MEONinHostSleepStates
UsedtospecifywhentheIntelMEwillbeturnedon.
SelectIntel(R)MEONinHostSleepStatesandpress
Enter.Youcanchoosewhichpowerpackagewillbeused.
Desktop:ONinS0Thisoptionmeansonlywhen
yourcomputeristurnedonandoperationalwillthe
IntelMEbeturnedon.
Desktop:ONinS0,MEWakeinS3,S4-5This
optionmeanstheIntelMEwillbeturnedonwhenyour
computeristurnedonandoperational.TheIntelME
canberemotelywokenupwhenyourcomputerisin
sleepmode,hibernationmode,orturnedoff.
Notes:
S0:Poweronstate
S3:Standbysleepstate
S4:Hibernatesleepstate
S5:Shutdownsleepstate
WithIntelMEWakeonLan(WOL),afterthetime-outtimer
expires,theIntelMEremainsintheM-off
1
stateuntila
commandissenttotheIntelME.Afterthiscommandis
sent,theIntelMEwilltransitiontotheM0
2
orM3
3
state
andwillrespondtothenextcommand.Apingtothe
IntelMEcanalsomaketheIntelMEtransitiontoanM0
orM3state.IntelMEtakesashorttimetotransitionfrom
theM-offstatetotheM0orM3state.Duringthistime,
thesystemwillnotrespondtoanyIntelMEcommands.
WhentheIntelMEisintheM0orM3state,thesystem
willrespondtoIntelMEcommands.
IdleTimeout
UsedtoenabletheIntelMEtowakeupanddenethe
IntelMEidletimeoutintheM3state.Theidletimeout
valueindicatestheamountoftimethattheIntelMEis
allowedtoremainidleintheM3statebeforetransitioning
totheM-offstate.Theidletimeoutvalueshouldbe
enteredinminutes.
Note:IftheIntelMEisintheM0state,itwillnottransition
totheM-offstate.
Intel(R)AMTConguration
TheIntel(R)AMTCongurationmenuenablesyoutocongureanIntelAMTcapablecomputertosupport
theIntelAMTmanagementfeatures.
SelectIntel(R)AMTCongurationfromtheIntelMEBxMAINMENUwindowandpressEnter.Amessage
willbedisplayedindicatingthatyoucanupdatenetworksettingsfromtheIntel(R)MEGeneralSettings
menu.PressEnterandtheINTEL(R)AMTCONFIGURATIONwindowopens(Figure4).
1.M-off:AnIntelMEFWpowerstatewhentheIntelMEFWisshutdown.
2.M0:AnIntelMEFWpowerstatewhentheIntelAMTcomputeristurnedonandoperational.
3.M3:AnIntelMEFWpowerstatewhentheIntelAMTcomputerisinsleepmode,hibernationmode,orturnedoff.
Chapter4.IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers11
Figure4.INTEL(R)AMTCONFIGURATIONwindow
ThefollowingoptionsarelistedintheINTEL(R)AMTCONFIGURATIONwindow:
“ManageabilityFeatureSelection”onpage12
“SOL/IDER/KVM”onpage12
“UserConsentonpage13
“PasswordPolicy”onpage14
“NetworkSetup”onpage14
ActivateNetworkAccess”onpage16
“UncongureNetworkAccess”onpage16
“RemoteSetupAndConguration”onpage17
ManageabilityFeatureSelection
TheManageabilityFeatureSelectionoptionisusedtoenableordisabletheIntelMEmanageability
feature.ThedefaultsettingisENABLED.
Note:IfyoudisabletheManageabilityFeatureSelectionfunction,allthenetworksettingsincludingACLs
willberesettofactorydefaultsettings.
SOL/IDER/KVM
SelectSOL/IDER/KVMintheINTEL(R)AMTCONFIGURATIONwindowandpressEnter.TheSOL/IDER/KVM
windowopens.Thefollowingoptionswillbedisplayed.
Option
Description
Username&Password
Usedtoenableordisabletheusernameandpassword
fortheSOL/IDERsession.IftheKerberosnetwork
authenticationprotocolisused,thisoptionshouldbe
settoDISABLEDbecausetheuserauthenticationis
managedthroughKerberos.IftheKerberosnetwork
authenticationprotocolisnotused,theITadministrator
canchoosetoenableordisabletheusernameand
passwordfortheSOL/IDERsession.
12ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide
/