Intel AMT Remote Configuration and Private Key Protection

Take from an original (deleted) post by ‌Terry Cutler.

Intel AMT Remote Configuration enables the authentication of the firmware for an initial Intel AMT configuration event.  Remote configuration supports Admin Control Mode configuration of the Intel AMT firmware and is typically done using valid provisioning certificate for the customers environment.

This authentication process has to be completed without user interaction. If the requesting application i.e. Intel SCS is prompted every time access to the private key is required, the autonomy is lost.

When importing the certificate to your target server, if the strong key protection option is selected and grayed out, this indicates a conflicting group policy for cryptography has been applied to the server.

Changing the group policy setting of the server will remove this barrier, so set the System Cryptography policy to the "User input is not required when new keys are stored and used"