I can see why people want to have this and AMD's PSP disabled, it's creepy in personal environments but at the same time probably super handy in professional environments.
AMT has just again been hit with a serious security issue. Opening up to persistent malware/rootkits that go beyond the os and unless you flash, and that is almost impossible unless you know exactly what you're doing as it's not easy to reflash Minix as there is no software provided. That's what they get for taking Minix OS and putting a backdoor in it. I would advise it for non production and behind some real firewalls as software firewall on this thing will be bypassed. AMT is very dangerous for someone who doesn't know. CVE-2020-8758 for those interested. It's at almost 10/10 severity. 10/10 is RARE and is the UPMOST critical, intel has just published this but no one is reporting on it. It's a VERY SEVERE stop everything you're doing critical. CVE-2020-8758 - Year 2020
Mesh Commander is *outdated* and highly dependent on tonnes of npm libraries with *critical* *vulnerabilities* . Giving it God-like remote access to your servers is a bit risky.
I have Windows and Linux and they are unable to boot up, half way into the booting, the laptop will cut off and shut down, is this caused by the IME? Do I need to replace the CMOS battery as IME runs directly from it and not the main battery.
I know this vid is older but is there any vid you have done on what occurs differently when you install software using ESXi console vs RDP to a windows OS? We have a situation where an integrator installed some industrial control software and I had to manually add missing registry keys just to make all of it work. It's so random in what it missed that all are baffled. The manf now says that installing over RDP is not supported... but how to determine what was done incorrectly is of interest.
It’s very very nice.. the question is, do all(!) platform and devices with Intel vPro this capability? How do i know before buying whether it works or not? IIRC amd DASH needs specially boards which are virtually non existent and the pro CPUs. Even consumer chips finally even from Intel do support ecc.. bringing a pc in the basement as a home server without speeding crazy amount for sever with management modules would be nice. I bought used server as I run everything fully headless most of the time I am even in a different country yet I do so some housekeeping
@@ChrisTitusTech we all have em, some are just more public than others! You had me doubting myself even though I work with them every day 😂 Keep up the good work sir
@@ChrisTitusTech I have the same keyboard, with the M705 'marathon' mouse . Thoroughly impressed with the battery endurance on both peripherals. I bought the combo in 2012, still using the first set in the keyboard, now at 65% charge.
Practically, it is not possible to get remote access of a computer without using any software. One has to use remote access tools like logmein, R-HUB remote support servers etc. or something else for remotely accessing computers from anywhere anytime.
IPMI is some what addressed in the video with HP iLO or Dell iDrac which are true IPMI. Intel vPro is like the poor man's IPMI without a seperate management interface.
I’m watching from an iPhone 7 Plus. And I’m unable to see anything useful because you keep the camera focused on yourself. Or too wide of an angle to see the part of the screen that has relevant content. Please focus on your editing and use zoom tools. Also choose voiceovers more often. Your content choices are great. The info you provide is great. But stop making it about you visually. Let the content come to the front and you need to disappear into the background while you’re showing stuff in this visual medium.
I'll try to do more zooms and such for phone users. A lot of times I am just moving so fast trying to get daily videos out. I need to just take my time and spend more time on editing doing the proper zooms and if I don't get a daily video out so be it. Hopefully here in the future I can just hire an editor and then just push all that work off.
I only know of this as 'out of band management'. 'in-band' management is the term I've used for software based management, such as RDP, SSH, et al. Looking at the intel AMT wiki page it refers to the same definitions. (en.wikipedia.org/wiki/Intel_Active_Management_Technology) Just thought I'd mention that, just in case people get confused on the terminology. Out of band management is management solutions that allow you to manage a system as if you're sitting in front of it. You can access the whole system, including BIOS. It's incredibly useful, especially if an upgrade arses up and you lose ssh access, for example. Or remotely provisioning new servers, etc.
No, it should be nuked from orbit! Or at minimum, disabled - There have been numerous vulnerabilities discovered in vPro/MeBX over the past several years, and unless you constantly keep your BIOS updated each month, simply don't do it!
Awesome video! As a fellow sysadmin i always wanted to play with this but i could never find an easy and free way to do so. It is however my reason to avoid Intel as much as i can in my personal systems, because this management engine that has THIS much low level access is present in any cheap including the non vPro ones. The vPro stuff is just disabled on those. This does require a follow up video though, because i notice most MeshCommander video's do not touch on Intel AMT at all. What i did find is a cool firmware loader tool they built so it can run directly from the target machine. So it would be cool to show a vPro machine that is not initialized, how to initialize it and then how to load MeshCommander with the Firmware loader. That way you don't even need software installed and can manage it directly from the target machine in the future including the remote desktop.
Thanks Henk! I'll have to dig deeper on this as you are right and Intel ME is scary as hell as this was just a surface level video that only addressed vPro.
Do NOT use Solus as your first distro. It is an obscure distro that doesn't have any support outside of the official site and forums. Pop OS would be my choice or Kubuntu. Manjaro would make for a good distro to roll if those don't fit your needs.
You kind of skipped over a really important step when you said enter the other computer's information. I want to be able to use this on my relatives' computer to help him with programs - so need to be able to remote into his computer with very little work on his part... so - what do I need from him to be able to enter his computer information into the Mesh software?
I saw Your recomandation of chrome remote desktop. I installed it om my Manjaro server. I have been using nomachine for several years. Is this still Your reccomandation? I have a headless Linux server, the nomachine dosent work well With my Magic keyboard, therfore I am checing out Other solutions. I have usedLinux sinne 2006, but the 5 last years I have been lazy, forgot a lot from When I was setting up postfix etc.. Basically my server runs plex and acts as a filserver over ssh/sftp. I wish to have a smooth experience when connecting to my server (Manjaro Xfce) from work.
I have 3 Intel mult-icore machines. As far as I know only one has Vpro on the box. I will have to look very closely at it, before assigning it critical network duties. I will have to dig into my systems to see if this is a feature I want to use. It may be something I want to disable if possible. I am new to remote system management. Knowing about this backdoor may inform my choice of future machines. I I was thinking of adding another NIC to this machine anyway. That should bypass this "Feature" even if I lose a little speed. The new NIC would be in a PCI slot. Is this feature only on Desktops? Could it be buried in a Gaming Laptop? I know a few people who would sorry if it is. Thanks for more great work.
So true, typically only need iLO for firmware updates and host maintenance. Most times I needed to use iLO it was due to hardware failure in virtualized environments and had to run and grab a crash cart anyhow.
Practically, it is not possible to get remote access of a computer without using any software. One has to use remote access tools like logmein, R-HUB remote support servers etc. or something else for remotely accessing computers from anywhere anytime.
Very helpful video.... I was looking for the StarTrek screen saver and found this: "PopOS 20 - MacOS Theme Image". Will this image work on an intel Macbook?