• Article

Determine Whether to Use a Customized Firmware Image From Your Computer Manufacturer

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Before you purchase the computers that you want to manage out of band by using System Center 2012 Configuration Manager, decide whether you require a customized firmware image from your computer manufacturer.

Computers that can be managed out of band have BIOS extensions that can include options such as enabling serial over LAN and IDE redirection and set values such as a certificate thumbprint of a root certification authority that is used during the AMT provisioning process.

Check which BIOS extension settings are available from your computer manufacturer, and then decide whether you require a customized image to enable or disable options and specify your choice of values.

Some typical examples for requiring customized firmware image include the following:

  • You want to specify an alternative external certification authority to issue the AMT provisioning certificate, or you want to use your own internal certification authority to issue the AMT provisioning certificate.

    Note

    If you want to use your own internal certification authority, you have to supply the certificate thumbprint of your root certification authority.

  • The default firmware image enables serial over LAN and IDE redirection, but to comply with your internal security policies, computers on your company network cannot support these highly privileged management options. For more information about serial over LAN and IDE redirection, see Introduction to Out of Band Management in Configuration Manager.

  • The default firmware image does not enable bypassing the BIOS password, and you want to be able to use this option when powering on or restarting computers out of band with the out of band management console.

  • You want your AMT-based computers to use a MEBx password that is different from the default value of admin.

If you think you might benefit from a customized firmware image, discuss the available BIOS extensions with your computer manufacturer or supplier.