SEARCH

How-To Geek

How to Remotely Control Your PC (Even When it Crashes)

Being able to remotely control your computer is an age old geek trick. But what about changing BIOS settings or installing an operating system remotely? With Intel AMT KMS this is within reach for any geek with the right hardware.

Intel vPro is a management platform built into Intel processors and other hardware that allows companies to manage their desktops and laptops out-of-band (OOB). That means the computers can be managed no matter if the computer in on or off, and even if the operating system has failed or there is no hard drive present.

With Core processors Intel introduced Active Management Technology (AMT) 6.0 which introduced a slew of new features including Keyboard Video Mouse (KVM) Remote Control. This means that with the right hardware configuration you have full remote access to your computer no matter what state it’s in.

Most geeks are familiar with VNC software that runs inside your operating system, but Intel AMT KVM runs at a hardware level which allows you to go remote with your computer in the case of a total system failure or even without an operating system installed. Let’s get started and set up Intel AMT KVM so you can go remote with your computer.

Determine if Your Computer Supports Intel AMT KVM

Because vPro is designed for business use, not every Intel processor supports Intel AMT KVM. Specifically what you want to look for is a vPro logo somewhere on your computer.

Note: Only some Core i5 and i7 processors support vPro. Intel does not currently make an i3 processor with vPro.

If you cannot find a logo on your computer, or you built the computer yourself, you can check to see if you have one of the following Intel Core processors. If you do, you may be able to turn on KVM so long as you have a few other requirements.

Along with the supported processor you will also need to be using Intel’s embedded video and Intel network card. Both of these are required because in order to allow out-of-band communication, the KVM server needs direct access to the network interface as well and display to be able to show the connected machine exactly what is being displayed.

If you have all of the requirements above, continue on to configure Intel AMT KVM.

Enable Hardware KVM

The first thing you will need to do is turn on BIOS verbosity. Reboot your computer and enter your BIOS configuration. Look for something labeled firmware verbosity or boot verbosity and make sure it is turned on. Likewise, if there is an option for an AMT setup prompt make sure that is turned on as well.

Restart your computer and just after the BIOS splash screen you should see a second setup screen that looks something like the image below. Push Ctrl+P at this screen to enter the Management Engine BIOS Extension (MBEx) to configure Intel AMT.

If AMT has never been set up on your computer you will be prompted for a password. Enter “admin” for the default password and you will be prompted automatically to create a new password. The new password has to have be exactly 8 characters and contain one upper case letter, one lower case letter, one number, and one symbol. Enter the new password twice to continue.

Note: If “admin” does not work as the default password you can also try “P@ssw0rd” because that is the default password in Intel’s configuration documentation.

Once you are logged into the MEBx, go to Intel Management Engine and then select activate network access.

Type Y to accept the warning that pops up about activating the ME network interface.

Next select network setup and then Intel(R) ME Network Name Settings.

Select host name and put in your computers name. You technically could put in anything you want here but it may cause problems with DNS if the Intel AMT name is different from your computer’s name.

Return to the main menu using the escape key and then go to manageability feature selection. Push Y to continue past the caution message.

Verify that the manageability feature selection is enabled in the lower window and then select SOL/IDER.

From here verify that SOL, IDER, and Legacy Redirection Mode are all enabled.

Return to the previous menu and then select KVM Configuration.  Make sure KVM Feature Selection is enabled.

From here change User Opt-in so that user consent is not required for KVM session.

Then enable remote control of Opt-in policy.

Push escape three times to exit the MEBx menu and push Y when prompted if you are sure you want to leave.

Connect to vPro Machine

Now that KVM is all set up on the target machine we just need to install software to let us connect. There are a few different tools that will let you do this but let’s start with a free option.

Intel makes the Management Command Tool for just this occasion, find it in the link below. Download and install the software on the computer you want to connect with.

Note: For the purposes of this how-to the remote computer will need to be plugged into the network with ethernet and also plugged into power to go remote. There are options to set up wireless but we will not be going into those options here.

After the software is installed, select add known computer.

Enter the information for the remote computer.

After the machine is added, select it from the left panel and then click connect.

After a connection is made select the remote control tab and then click on the arrow to open the options for Remote KVM Settings.

From the new window that will open drop down the list for KVM state and select enable all ports.

Note: Enabling all ports allows us to connect with the free version of RealVNC Viewer but you will lose some functionality like encrypted connections.

Click OK and from the main window select “KVM Viwer Standard Port” to test and make sure the connection can be made.

A new window will open with the remote computer in the window. This will work but will have a RealVNC branding logo that cannot be removed.

To get rid of the RealVNC branding install the standalone RealVNC viewer from the link below.

Once you have the standalone viewer installed, or the portable version extracted, run the program and connect just like you normally would to any VNC server.

You will be prompted for your Intel AMT KVM password.

And a VNC connection will be established with the AMT KVM server.

You will know that you are connected to the hardware based KVM server because there will be a flashing icon in the top right corner of the screen and a thin red boarder on both the remote viewer and the local client.

The free viewer will work for most remote purposes but you will lose some functionality like IDE redirect, encryption, and the ability to power the machine on and off. If you want to take advantage of more features you are going to need to pay for the RealVNC Viewer Plus ($99).

Before connecting with RealVNC Viewer Plus go back to the Intel Manageability Commander Tool and change the KVM State back to Redirection Port Only.

Open RealVNC Plus and connect to the remote machine.

 

Accept the prompt to confirm you are connecting to the right machine.

Then enter your AMT password when prompted.

Once the username and password are verified a remote window should open and there will be a banner across the top with some added functionality.

We won’t show all the added benefits of RealVNC Plus in this article but it will allow you to do things like reboot directly to the BIOS and mount an .iso file to install a whole operating system remotely.

With a hardware based KVM available on standard hardware it really opens up more options for what you can do when you’re not at your computer.

Intel Manageability Developer Toolkit

RealVNC Free Edition Viewer

 

Justin is a Linux and HTPC enthusiast who loves to try new projects. He isn't scared of bricking a cell phone in the name of freedom.

  • Published 03/28/11

Comments (26)

  1. Ashish Jain

    good one

  2. MJ

    This looks awesome!! Great article!

  3. ChrispyCritter

    Looks cool but also looks like it could be exploited in so many ways. Glad I don’t have a processor that can be accessed remotely even when it’s off and I hope this doesn’t go into all the new ones…

  4. oneshot719

    how is this different from Intel VPro? didn’t this do the same thing?
    I never used it though so i may be ignorant here

  5. Dingnut

    This is VPro….

  6. Justin Garrison

    @onshot719 Yes this is just the next incarnation of vPro. The original vPro would let you go remote with your BIOS too but just a text based terminal. The new version gives you full KB/M and Video no matter what.

  7. Mike

    Extremely cool! Thanks.

  8. Edward Allen Weissbard

    Very nice to have, wish I had it on my i7-950

    Hope to see more CPU’s with this feature.

  9. Samantha

    so actually does a normal computer user like me should have V-pro on or not.
    As i am buying one laptop which gives both options.
    Actually after reading many articles or website i still don’t really understand what is V-Pro or what is AMT.
    If V-Pro can access information remotely, then who will be accessing it ? – Intel IT Technician or Companies’s IT Technician ? How about all the information in my Laptop from hard drive etc, will it be easily access by anyone, how about privacy ? Sorry, cause i don’t really understand how it works, could anyone explain it to me in layman terms pls… : ) Thanks.

  10. NOoB Geek

    To : Samantha

    In layman terms .

    uhmm. just ignore it ,if your privacy is at risk you might want to buy a Amd processor and junk all your intel processor. :)

    Good Luck

  11. 6205

    TeamViewer is the best and easiest way..

  12. A

    grrrr… Why can’t AMD have something like this?

  13. Stewart Redback

    Great but another loop hole to be exploited by some unscrupulous person.

  14. Janine Bates

    I have someone remotely accessing my computer, It’s my neighbor and they have hijacked my browser, delete entries of emails, they are in compete control of my computer, how do I stop them from coming in. I’ve spent 1000 in software and techs, I’m key logged, they break into my email. Help! how can I get admin back of my computer they won’t let m delete files, my programs don’t work, I have adaware, zonealarm, malwarebites, yet I still have hacking files, and worms etc…I can’t seem to find anyone that can clean it, and keep them out of my computer, I even saw a WEP address with my last name on it, so I think they are using that to get in. Help!

  15. James

    @janine reboot into a linux livecd and make sure you’ve backed up all your files, and do a complete windows reinstall. that should help.

    darn.. none of the i5 processors support this.. :(

  16. Bruce C

    Janine Bates:
    My Comments shoud probably not be posted here on HowToGeek, but I feel Your Pain.
    Your Neighbor(s) more than likely are using Software Tools to decrypt Your WEP Key to Your Wireless Router (less than 5 minutes to accomplish). After WEP Key is known by Neighbor(s), they are able to join Your Wireless Network. After They authenticate into Your Wireless Network, they will use Software Hacking Tools that can record all Your Network Traffic outgoing/incoming, including All Your Passwords being sent unencrypted. Change Your Wireless Router’s Default Admin Password. Change Your Wireless Encryption/Security to Use WPA2-PSK (Not WEP) and Change Your Wireless Passphrase to 15 characters or more.

  17. ChrispyCritter

    I don’t bother with wireless security I just use MAC filtering. I know people can get past that but I live in the sticks so I don’t have many neighbors that could hack it. I also check for visitors to my network on occasion and have my router log on haven’t seen anyone on it yet. The computer I use most of the time with anything I wouldn’t want a neighbor to see is hard wired with a firewall with all sharing off so I don’t think I have much to worry about.

    I think remote access to a computer is great when you have an issue but I think it leaves your computer open to exploits. Glad I bought a AMD instead of Intel was looking for an Intel though but found such a good deal on this computer in mid 2009 and it had an HDMI out for under $500 at that time I had to buy it. Was going to build one but it would have cost me over $700 at the time.

  18. Tom

    It seems kinda dangerous to have something like that. I would rather stick with Teamviewer o_O

  19. Jim

    Can everyone say BIG BROTHER?
    Glad I do not have an Intel, I would not want anyone hacking around my system, especially the Government. They know too much about me already, maybe I should go off the grid :>

  20. Matt

    This article is outstanding! Kudos. I have spent much time trying to learn about this technology on the vPro Expert site and you did a fabulous job of distilling exactly what I needed. Now what about controlling a machine through the internet? What if the client machine is connected via Wi-Fi?

  21. Johan

    Thanks for this review. My bios of a q67ow motherboard is a bit different, but I got it to work with this guide.

    @James: I have an i5-2400, the cheapest processor I could find which had VT-d and Vpro

    @Samantha, for normal users, I do not see the bennefit, unless you want to remotely manage you bios.

    @teamviewer lovers. Teamviewer is great but it can not do all of this, this kvm option lets you GO INTO YOUR BIOS, its total KVM like hardware.

    @All privacy concerns, you can turn it off, or set it up so a user needs to aprove each request. Although it can be setup so a user doesn’t have to aprove. The user looking at the screen does see an icon on screen when this feature is used (its big, can’t miss it) and a red line surrounds the screen.
    Also it can use encryption for the connection….

    So it is ideal to use on a headless server, I don’t think it usefull in a corperate setting for dektop management….

    The only dissapointment was that for you use all the features, you need to buy additional software for $99. (note you get 20% off when buybing the motherboard)

    @Janine Bates, Most likely the hacked your wifi. But the parranoid woul do this. Dissable all your wireless temporary, use a cable temporary. Backup your all data and any settings/keys you need. Assume your PC has been effecty with all kind of malware, like keyloggers. Also check for strange hardwar on your pc or network (just check if all cables leading to you known equipment) After fullbackup, reinstall windows, immediatwly install protection software (anti virus, firewall), prefer to have if on cd/dvd, so either buy or ask a friend to download and burn . Recover data en reinstall your apps. When using wireless use encryption. Don’t forget to change the passwords of you modem/router(s), and all accounts or decives you have accessed from you old install….. If you can’t do this, ask some who can….Good luck… Note: did you get the police involed?

  22. Matt

    Upon further research, it seems that Fast Call For Help (previously known a CIRA) would be the answer to connecting to a remote client outside of a LAN, however Intel only explains how this would be done within a corporate enterprise environment using a MPS (Management Presence Server) that receives a signal sent by the remote client at previously scheduled intervals. Once this connection is established, the Management Console can then access the client. Fast Call For Help can also be initiated by using a program that resides at the OS level which allows the remote user to, surprise, send a “call for help” to IT. Newer Intel documents also talk about the need of a Gateway (is this the same thing as the MPS?). Basically I am looking for the holy grail of remote client monitoring over the Internet. I want to be able to connect to a remote client whenever I want in order to browse the file structure, turn the client on and off, access the BIOS, maintain, and troubleshoot the machine outside of the OS. I have collected bits and pieces of how to make this possible, but no How-To exists on how to establish such a setup. Does Intel support this directly or is it necessary to use a supported ISV (Independent Software Vendor) like Symantec, Microsoft, LANDesk, or HP? Also, you would think the management console could pull double duty as the MPS (Gateway?).

    Maybe I’m not looking in the right place for what I want though. Anyone else have any thoughts?

  23. Tim

    Hey, Matt. Would you be willing to exchange info found, offline? I have the same goal. Am currently dealing with both RealVNC Plus support and Intel resources to find a solution.

  24. BS1397

    Matt, Tim,

    It looks like we need to pool our resources as I am too in the same position. Either too much info or not enough, and every document is either superceeded or it links you to several others that they too have links of their own. Is is giving me a headache!!!

    I need to setup an Enterprise solution, Typically the first problem was that MEBX support does not actually exists in DELL 780′s BIOS regardless of what the badge on it says. But the real problem is that terms like CIRA & Enrollment Servers only added to the confusion by being replaced, if only there is a single easy to follow document in “Plain English”, preferably a simple A,B,C Guide “How To” and with a working Flowchart & Tree Structure. Please Please Please… Where to find this?

    PS; INTEL are supposed to visit us soon to give a demo of the system… When and if that happens I will be happy to post whatever info learned from their guys.

    Cheers.

  25. Aranya Sen

    Excellent info! I was looking for something exactly like this. Can anyone please confirm if spiceworks can do the same job instead of VNC? In that case, we’d have a free solution!

  26. jj

    FYI – by default, the vPro AMT is disabled and non responsive UNTIL you manually go in and enable it. Before that, it is not possible to provisision a machine (unless it’s in an enterprise and the modules are integrated into SCCM, but that’s a different story…) without your knowledge or consent.

    Just because you may be ignorant doens’t mean you should be hatin… just sayin…

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!