The Intel® ASF Agent has configuration settings that impact the operation of the ASF solution. There are several ways to configure and enable ASF on your system. An IT Administrator may use the option listed below.
The table below lists the ASF Agent configurable settings and their default settings.
| Setting | Description |
| AlertDestinationPingInterval | When PingAlertDestination is enabled, this
setting determines the time between pings to the management station.
Default: 60 seconds |
| DestinationAddress | IP address of the management station. |
| Enable | Enables ASF.
Default: Disabled |
| EnablePresenceHeartbeats | Hardware-generated pulse from the client that
the management station may monitor to determine if the client is present
on the network.
Default: Enabled |
| PingAlertDestination | Enables sending a standard Internet Control
Message Protocol (ICMP) ping packet to
the management station.
Default: Enabled |
| PresenceHeartbeatInterval | Time between heartbeat pulses from the client.
Default: 60 seconds |
| RetryCount | Number of times the client sends an alert. Retransmission helps ensure that Simple Network Management
Protocol (SNMP) management packets, which
are low priority, reach the remote management application, and are not dropped
by an overloaded network switch or router buffer. If your network management
application is not receiving alerts, you may need to increase RetryCount.
Default: 3 |
| RetryInterval | Number of seconds between alert retransmissions.
Default: 20 seconds |
| SNMP_Community | Identifier that matches
the client computer with the remote management application.
Default: public |
To enable remote WMI on a network running with Windows 2000, Windows XP, or Windows Server 2003, you must complete a few additional steps. All of the conditions are described below.
In a network environment where the Client Systems are running Windows 2000, Service Pack 2 must be installed. The Management Console may be running on Windows 2000 with Service pack 2, Windows XP, or Windows Server 2003. This is required in a domain or non domain environment.
By default, Windows XP disables some network protocols for security reasons, including file sharing and Remote Procedure Call (RPC). In a network environment where the Client Systems are running on Windows XP, and the Management Console system is running on Windows 2000 with SP2, Windows XP, or Windows .NT, follow the steps below to enable Remote WMI. This is required for a domain or non domain environment.
Open the Control Panel and open the Network and Internet Connections.
Then select the Set up a Home or Small Business Network link. This launches an install wizard. Run through all of the wizard stages. The options are not directly relevant to remote WMI. This option is not visible in domain setup, but it is still required.
Open the Start-Run Dialog box from the Windows menu.
Enter wmimgmt.msc and run this WMI configuration utility.
Select WMI Control (local)
Select the Actions menu and the Properties menu item. It takes a few seconds for the dialog to appear.
Select the security tab and then choose the correct namespace. For a client system this is root/cimv2; for the server system running the management application select root/intel_alerting.
select the security button near the bottom.
Add a user NETWORK and allow this new user permissions: for the management application enable Remote Enable and Execute Methods. for the client system enable Remote Enable and Full Write.
|
NOTE: In a Domain Environment where the Client Systems are running with XP Professional and the Management Console is the Domain Server, you do not need to run the configuration tools above. This applies to all Management Console systems that are running with the following Operating systems: Windows 2000 Server/Professional with SP2, Windows XP Professional and Windows Server 2003. |
|
NOTE: In a Non-Domain Environment where the Client Systems are running with
Windows XP Professional, Windows XP logs in all Remote WMI access requests as
Guests and therefore refuses Secure requests. To change this default behavior
and configure XP to allow Secure Remote WMI access, you must install the ASF Agent
with the following
Installer keyword: "REMOTEWMI=1". See the installation instructions
for more information. This user-specified install option adds the following key
into the Windows Registry:
HKLM\System\CurrentControlSet\Control\LSA\forceguest ' -- Value= '0' If the Agent has already been installed, the following manual steps may be performed instead: Administrative Tools -> Local Security Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Access: Sharing And Security Model For Local Accounts ==> Guest -> Classic. |
If the Client Systems are running on Windows Server 2003, it must be configured as a domain controller in order to remotely access the machine via WMI. The IT administrator has to have the domain's security privilege, such as server operator/admin/member of the admin group. No other configuration steps are required.
|
NOTE: Enabling "required namespaces" may be dangerous. Microsoft* recommends using a domain server. With this, it is possible to enable specific users from specific remote machines in the domain. |
Follow these steps to add the domain controller functionality to the server:
Run the "Configure your Server Wizard" (Control Panel --> Administrative Tools --> Configure Your Server Wizard).
Click Next. The wizard detects the network settings.
If this is the first time you have run the wizard, it asks you to select a "Typical configuration for a first server". This selection is sufficient, as it includes the "Domain Controller" role.
If this is not the first time you run the wizard, or you selected "Custom configuration", the wizard displays a list of server roles. Select the "Domain Controller (Active Directory)" role and click Next.
Follow the wizard instructions.
To launch the Intel ASF Agent WMI Console, double-click winapp.exe or it's shortcut in the directory where it was saved. When the program is launched, a login window is displayed.
If you are accessing the local computer, check the Login to local machine dialog box. Otherwise, enter the target computer's Windows computer name in the Connect To dialog box, and a valid Windows Username and Password.
After a successful login, the ASF Agent WMI Console Settings tab is displayed.
|
NOTE: Windows XP WMI Core Provider currently does not support the ability to logon to a remote server because of issues with the operating system. Contact Microsoft for additional information. |
This tab contains all of the basic information necessary to configure the integrated ASF-capable LAN on Motherboard (LOM) or network interface controller (NIC) and enable alerting. The required steps are:
When configuration of the software is complete, the Status button turns green and the Alerting Enabled text appears.
The ASF Agent WMI Console General tab provides the ability to enable or disable ASF, as well as the ability to select the adapter to use. This contains all of the information required to enable ASF on a system. The rest of the tabs in the application are advanced settings that the IT Administrator to optimize network performance.
Enable ASF, when selected, enables ASF. The Status light at the bottom of the screen indicates if ASF is Enabled and running or disabled. Intel Safe Mode which indicates that ASF is enabled, however it has been temporarily disabled. Typically a reason for this condition is provided below the status light.
Select Adapter lists LOM or NIC, for use with ASF. If none of the adapters in the system support ASF, the combo box is empty, and the “Apply” button and all the option selections are disabled. If there is at least one ASF-capable adapter or LOM included in the system, the list containing LOMs and adapter has a default entry. By choosing this entry, the WMIApp automatically selects the adapter that best fits the configuration. In this case, after pressing the Apply button, the combo box shows the selected adapter. If a manual selection process is preferred, the Preferences menu contains a single item - “Identify adapter by” which includes several options to select an adapter. The supported formats include: “MAC address”, “Local area connection name”, “adapter description”, and “Miniport instance”.
The Trap Destination address indicates the IP address of the Management Console where the alerts are sent.
The SNMP Community string field indicates the SNMP Community to use, the default is "public".
The Timers Settings tab enables the IT Administrator to view, enable, and adjust the heartbeat interval, the OS Hang Watchdog Timer, ping settings, and the retransmission settings. To modify any of the timer settings, select the desired timer and adjust the slider bar. When the updates are complete, click Apply.
When enabled (EnablePresenceHeartbeats), this timer provides a hardware-generated pulse from a client system to a Management Console for it to monitor the system, and verify it is present and functional. The Interval is the number of seconds (PresenceHeartbeatInterval) between heartbeats. The timer is implemented in hardware, and is independent of the operating system.
The OS Hang Interval configures how often ASF checks the (Watchdog) timer to verify the system is running. The Interval is the number of seconds between each system check.
When enabled (PingAlertDestination), this timer sends a standard Internet Control Message Protocol (ICMP) ping packet to the management console. The Interval value is the time between pings (AlertDestinationPingInterval).
ASF Polling sets the interval at which the system polls the ASF sensors. This timer is always enabled per the ASF Specification.
The ability to remotely power-up, power-down, re-boot and power cycle a system may be enable or disabled by the IT Administrator. This capability is both an ASF V1.0 and ASF V2.0 feature. However ASF V2.0 adds an authentication security scheme to verify the Management console has the right credentials to remotely control a system. The Control Function tab provides the ability to enable and disable each remote control feature individually. An IT Administrator may specify the boot media, such as boot to: "A:", "C:", "PXE Server", etc. Furthermore the boot attributes may also be specified, the IT Administrator may specify to lock-out the keyboard or disable the Front panel buttons on the system. See the ASF specification for all of the supported features.
|
NOTE: The Management Console and the client systems must support the Remote Control features to be able utilize these features. |
This tab allows the IT Administrator to set security keys and random-number seed. This information is only visible on ASF2.0 systems. The IT Administrator can either set custom keys manually, or load the keys from a distribution file. The keys themselves are shown as labels on the tab. Note, that for security reasons, the keys cannot be read back from the alerting device. Therefore, after applying the keys, a string of asterisks appear instead of the actual keys. Before applying the keys, verify they were entered correctly and allow any necessary repairs.
This tab shows information about the local machine
ASF may be configured using an existing users login script, thus leveraging the existing infrastructure to configuring ASF clients. See the ASF sample login configuration script. IT administrators who are familiar with scripting can modify the example file. To save the file to your hard drive, right-click the link and save the file, using a .xxx extension.
|
NOTE: The sample script is provided as an example only, and has not been tested, nor is warranted in any way by Intel; Intel disclaims any liability in connection therewith. Intel provides no technical support with regard to such scripting. For more information on scripting, refer to applicable Microsoft documentation. |
Below are several possible options for using the login script to configure ASF throughout an enterprise:
Have the user's login script run a script to enable and configure ASF.
Use deployment software, such as SMS, to deploy and run a login script to enable and configure ASF.
Create a batch file that serially runs a script on each machine on the network to enable and configure ASF.
WMI provides a scripting interface. Using VBScript, you can write scripts that connect to the WMI service locally or remotely, retrieve information, or execute methods. Since ASF is implemented through WMI, you can script ASF configuration values. This section includes a sample Visual Basic Script that can remotely enable/disable and configure alerting on a client from the command prompt. This script allows you to configure all of the configurable settings. By using a software tool such as the Microsoft System Management Services (SMS) to deliver the script, you can remotely enable and configure ASF on any client system.
The following text file contains the sample script. If you are familiar with scripting, you can modify this file for use in your organization. To save the file to your hard drive, right-click the link and save the file in the location you desire, with a .vbs extension.
|
NOTE: The ASF sample configuration script is provided as an example only, and has not been tested, nor is warranted in any way by Intel; Intel disclaims any liability in connection therewith. Intel provides no technical support with regard to such scripting. For more information on WMI scripting, refer to applicable Microsoft documentation. |
Among the options for using Visual Basic scripts to configure ASF throughout the enterprise are the following:
Have the user's login script run a script to enable and configure ASF
Use deployment software, such as SMS, to deploy and run a script to enable and configure ASF
Create a batch file that serially runs a script on each machine on the network to enable and configure ASF
|
NOTE: To connect remotely to WMI services, you must have administrative rights for both the local and the remote systems. |
To execute the script, open a command prompt. In the directory to which you saved the .vbs file, type cscript.exe <script name> and the appropriate parameters. The parameters, described in the sample script file, are as follows:
[/target:<systemname>] [/user:<username>] [/password:<password>] [/enable:true|false] [/destinationip:<destinationip>] [/ping:true|false] [/pinginterval:<interval>] [/heartbeat:true|false] [/heartbeatinterval:<interval>] [/snmpcommunity:<snmpcommunity>] [/retrycount:<retrycount>] [/retryinterval:<retryinterval>]
For example, the command cscript.exe asf.vbs /target:frank /user:steve /password:foo /enable:true enables ASF on a target computer named frank. Other examples are provided in the sample script file.
If the you do not specify a /target parameter, the script is applied to the local computer. If you do not specify any of the other parameters, the script retrieves the current configuration settings from the target computer or, if a target is not specified, from the local computer.
Microsoft's Group Policy enables the IT Administrator to configure there client systems in the background using Microsoft's registry available on each client system. The Group Policy editor is used to create an ASF policy that may be assigned to a group, site, a domain or an organizational unit. Furthermore Microsoft's Group Policy may be used to force the installation of the ASF Agent, a configuration script such as a login or VBScript. Next, an administrative template is created that defines the configuration settings and is applied to the network.
Microsoft's Group Policy may be configured to re-apply the configuration to all of the client systems, and lock down the client systems so that end users cannot modify configuration settings. For additional details on Group Policy consult Microsoft at www.microsoft.com.
Microsoft Install (MSI) supports Transforms, which represents the differences between two Microsoft Installer (MSI) databases. When downloaded to a client system a Transform modifies information in the target database. The IT Administrator creates a transform that includes the configuration changes required to transform the initial install into a install that is desired. Once the transform is generated, a package is created that includes both the initial ASF install as well as the generated transform. Using the software provisioning features from tools such as Microsoft Systems Management Server (SMS), the files are deployed and configure ASF to with a single package.
For additional details on transforms, please consult Microsoft at www.microsoft.com. For tools to assist you in creating transforms, you may wish to consult with InstallShield* Corporation at www.installshield.com
Intel ASF software supports Microsoft's WMI, and as such the ASF properties and configurable settings may be changed using a WMI browser, such as Microsoft's CIM Studio or WBEMTEST.
From the root/cimv2 namespace, navigate to the class name IA_ASF_OOBAlertService. Perform a search for this class name if your browser supports searches. Otherwise, use the following derivation:
root\cimv2\CIM_ManagedSystemElement\CIM_LogicalElement\CIM_Service\
CIM_OOBAlertService\IA_ASF_OOBAlertService
The managed object format is part of the Common Information Model (CIM) standard. The .mof files play the same role in CIM that management information format (.mif) files play in the Desktop Management Interface (DMI) standard. A .mof file contains compliable definitions of CIM classes and includes the properties, qualifiers, and descriptions that are a part of each class. A class entry in a .mof file is a definition only; any code that services the class must be implemented elsewhere.
Following are the contents of a .mof file showing default property settings with ASF enabled:
instance of IA_ASF_OOBAlertService
{
AlertDestinationPingInterval = 60;
Caption = "Intel ASF OOB Alert Service";
CreationClassName = "IA_ASF_OOBAlertService";
Description = "Intel ASF OOB Alert Service";
DestinationAddress = "10.9.235.24";
DestinationIsAckCapable = TRUE;
DestinationType = 1;
Enable = TRUE;
EnablePresenceHeartbeats = TRUE;
IPAddress = "10.9.235.3";
MAC_Address = "00-d0-b7-a8-69-11";
MessageFormat = 5;
Name = "Intel ASF OOB Alert Service";
NetBIOSName = "SAG-RAINIER-XP";
OtherDestinationTypeDescription = "SNMP";
PingAlertDestination = TRUE;
PresenceHeartbeatCapable = TRUE;
PresenceHeartbeatInterval = 60;
PresenceHeartbeatIntervalMaxValue = 1359;
PresenceHeartbeatIntervalMinValue = 11;
RetryCount = 3;
RetryCountMaxValue = 255;
RetryCountMinValue = 1;
RetryInterval = 20;
RetryIntervalMaxValue = 346;
RetryIntervalMinValue = 3;
SafeMode = FALSE;
SelectedAdapter = "{27BDB01E-9576-4165-B255-1DE6470F64A7}";
SNMP_Community = "public";
Started = TRUE;
StartMode = "Automatic";
Status = "OK";
SupportedAdapters = {"{27BDB01E-9576-4165-B255-1DE6470F64A7}"};
SystemCreationClassName = "Win32_NTDomain";
SystemID = "6061";
SystemName = "Domain: SAG-RAINIER-XP";
UUID = "44454c4c000010ff80ff80c04fffffff";
};
Copyright © 2002 Intel Corporation.
Legal Information
Last modified on 11/05/02 1:32p Revision 52