# How do I Disable AMT



## decuser (Dec 31, 2022)

I'm getting a new (to me) ThinkCentre m92p that I will be putting FreeBSD on to take over duties now being performed by my Optiplex 755.  I just realized (years later, right?), that the Dell came with VPro capability, which back in the day, I just thought was some fancy extra capability, but now I know it offers up remote monitoring capability. Now, I'm running it behind a firewall (always) so this hasn't been an issue. However, I don't like it . Interestingly, the IBM machine also has VPro. So, my question is - how do I disable AMT in FreeBSD?

Thanks.


----------



## VladiBG (Dec 31, 2022)

You can disable it from the BIOS not from the OS. I think it should be under BIOS->Advanced->intel manageability control


----------



## decuser (Dec 31, 2022)

Thanks for the tip. I'll give it a go. Is there a check if AMT/IME are enabled capability in FreeBSD? In linux, there's https://github.com/mjg59/mei-amt-check


----------



## VladiBG (Dec 31, 2022)

You can connect on via ethernet interface on http port 16992 and see if it's enabled or not. The IP address is NOT the ip address of your OS (FreeBSD) it's the IP address that you statically put in ME or assigned via DHCP and yes your ethernet card have 2 IP addresses one for Intel ME and another for your OS.
 If you don't remember to change the initial password or initialize(provisioned) the intel ME then the following CVE is not apply to you. If you are using manageability commander (Intel EMA) or MeshCommander to manage the computer then your should update your bios if you didn't update it so far.
Until Intel AMT is provisioned it's remote access is disabled and you don't have to do anything. Anyway if you want to remote controll your PC you should first change the initial password which is "admin" and set the new password which must meet the following requirements: minimum length of 8, must includes lower and upper character, number and symbol (!, @, #, $, %, ^, &, *) if you try to set up any password which doesn't meet those requirements it will give you error and not accept the password.


----------

