Intel Management Engine (ME) / Active Management Technology (AMT) Instructions

For models that include Management Engine (ME) / Active Management Technologies (AMT); e.g. pro models such as i7-1185G7. By default this is enabled with the default password.

Boot to AMT
You must press F10 during boot to get to AMT screen. If this doesn’t work, it’s likely that Function lock (Fn+Esc) is not on. Turn it on or use Fn+F10.

Login
The default password is admin. Regardless of whether you use AMT or not, this must be changed or you face active real-world exploits.

AMT will immediately prompt for a new password; what it doesn’t tell you are the password requirements. Any password failing to meet these requirements will cause the password change to fail, with no additional information. You will not be able to disable AMT without setting a new password.

Constraints:

  • Minimum 8 characters
  • One uppercase character
  • One lowercase character
  • One number (0-9)
  • One symbol (!@#$% … etc)

Disable
Once logged in, I recommend disabling AMT unless you have an explicit need. Set AMT to disabled from the main menu, save and restart.

8 Likes

In Windows there is a way to disable AMT as well running a script. I saw it from Rob Braxman. As Windows is able to address AMT, it would be wise to disable it there as well.

I think you’re referring to this tool: https://github.com/bartblaze/Disable-Intel-AMT (from What the Zuck!) which also disables specific windows components.