Choose Between In-Band Provisioning and Out of Band Provisioning

Updated: October 1, 2009

Applies To: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Before computers can be managed out of band in Configuration Manager 2007 SP1 or later, they must be provisioned by Configuration Manager. You can provision a computer for AMT either in-band (using the Configuration Manager 2007 SP1 or later client) or out of band (without the Configuration Manager 2007 SP1 or later client). In-band provisioning is recommended because it is more secure. Configuration Manager supports provisioning computers by using either method, but only one method can be used for a single computer. Consider the following information to help you decide on which method to use for an AMT-based computer:

  • Automatic in-band provisioning with the Configuration Manager client: This method is suitable for computers with a management controller and that are running the Configuration Manager 2007 SP1 or later client. This provisioning method is recommended because the client uses the trust relationship already established between the client and the Configuration Manager infrastructure.

  • Automatic out of band provisioning: This method can be used for new computers that do not have an operating system installed and when a new computer has an operating system installed but does not have the Configuration Manager 2007 SP1 or later client installed. You must use out of band provisioning if you use the Intel translator to provision AMT-based computers because they have a version of AMT that is not natively supported by Configuration Manager. Out of band provisioning is less secure than in-band provisioning because there is no trust previously established between the computer and the Configuration Manager infrastructure. In Configuration Manager 2007 SP2, out of band provisioning is disabled by default. For more information about the security implications of using out of band provisioning, see Out of Band Management Security Best Practices and Privacy Information. As an alternative to using out of band provisioning for new computers, consider using operating system deployment to deploy the operating system and the Configuration Manager 2007 SP1 or later client, and then provision in-band to benefit from a more secure provisioning procedure. For more information about using operating systems deployment, see Operating System Deployment in Configuration Manager.

    Out of band provisioning requires that you specify the correct SMBIOS GUID for each computer. The SMBIOS GUID is also known as the UUID, and your computer manufacturer or supplier should be able to provide this value if you cannot locate it.

    The computer firmware is configured to contact a provisioning server, which can be specified as an IP address in the BIOS extensions or located with a DNS record.

    This provisioning method works within the first 24 hours of the computer booting up from the manufacturer. After this time period, AMT must be activated for another 24-hour time period, or you must use in-band provisioning. Entering a new certificate thumbprint (also known as a certificate hash) will reactivate AMT, as will removing the provisioning information from AMT by configuring the BIOS extensions. For more information, refer to your computer's manufacturer instructions for configuring the BIOS extensions.

The information in this topic applies only to Configuration Manager 2007 SP1 and later.

If you have AMT-based computers that are currently managed by another AMT solution and want them to be managed by Configuration Manager, you must decide on a migration strategy. For more information, see Decide How to Migrate from an AMT-Based Management Solution to Out of Band Management in Configuration Manager.

When the Configuration Manager 2007 SP1 or later client is installed on a new computer, Configuration Manager gives preference to in-band provisioning and does not process out of band provisioning requests by the computer. The exception to this preference occurs when you are migrating AMT-based computers by using an export utility.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email