Intel vPro AMT is not for directly internet-connected remote PCs. The operating system firewall does not protect vPro ports, which exist outside the operating system. Be sure the PC is behind an external firewall. Exercise great care if making these changes on an already remote PC, as a wrong checkbox hit can necessitate a physical field trip to the PC to correct.
- On your laptop Download and install the free, open-source Intel Mesh Commander.
- Open the “Manageability Commander Tool” and click File → Add → Add Intel AMT computer and type the IP address and vPro username (typically “admin”) and password. Set the password in the remote PC BIOS if you haven’t already.
- Click the little plus sign by Network and click on your AMT PC’s name–then in the Connection tab, click Connect. This will take about 5-10 seconds to connect–if Unsuccessful, the button will fall back to saying Connect. If successful, the button will change to say Disconnect.
- Go to the Remote Control tab and wait about 10 seconds for the “remote desktop” items to change from “unknown” to the actual state. If Remote Desktop Settings is “Disabled”, click the little box to its right to open a new window.
- Click OK and then go back to the Connection tab and click Disconnect. Don’t mess around with any of the other settings unless you know exactly what you’re doing and are willing to drive out to the remote PC to fix it if you mess something up! Close the MeshCommander program.
Now you should be able to connect using a standard VNC program. Use “localhost” since we SSH into the remote PC first.
DO NOT expose VNC port 5900 to the internet or you are highly likely to get quickly hacked.
Setup Windows SSH server
The factory Windows OpenSSH server is robust for secure SSH port forwarding. Consider SSH ED25519 public key authentication as it is vastly more secure than keyboard passwords.
Intel MeshCommander replaces Intel Open Manageability Toolkit.