Intel Management Engine (ME) / Active Management Technology (AMT) Instructions

For models that include Management Engine (ME) / Active Management Technologies (AMT); e.g. pro models such as i7-1185G7. By default this is enabled with the default password.

Boot to AMT
You must press F10 during boot to get to AMT screen. If this doesn’t work, it’s likely that Function lock (Fn+Esc) is not on. Turn it on or use Fn+F10.

Login
The default password is admin. Regardless of whether you use AMT or not, this must be changed or you face active real-world exploits.

AMT will immediately prompt for a new password; what it doesn’t tell you are the password requirements. Any password failing to meet these requirements will cause the password change to fail, with no additional information. You will not be able to disable AMT without setting a new password.

Constraints:

  • Minimum 8 characters
  • One uppercase character
  • One lowercase character
  • One number (0-9)
  • One symbol (!@#$% … etc)

Disable
Once logged in, I recommend disabling AMT unless you have an explicit need. Set AMT to disabled from the main menu, save and restart.

12 Likes

In Windows there is a way to disable AMT as well running a script. I saw it from Rob Braxman. As Windows is able to address AMT, it would be wise to disable it there as well.

I think you’re referring to this tool: https://github.com/bartblaze/Disable-Intel-AMT (from https://whatthezuck.net/wtz/resource-amt.php) which also disables specific windows components.

Would be nice if Framework followed Prism’s lead (Intel's Management Engine – Purism) in this regard.

Done. Thanks for the tip!

Is there any known way to reset the password to the default, or at least recover it?
I forgot the one I initially set.

1 Like

Reset it by draining the CMOS battery. Disconnect the battery and wait a few minutes, then reconnect.

1 Like

@rpufky, so disconnecting the battery drains the CMOS battery, or are those steps independent?

@Katzenwerfer, you can set a password for the IME itself?