Just in case you missed it, over on the Configuration Manager team blog they recently announced that:
“We have recently updated the Configuration Manager Documentation Library for out of band management in Configuration Manager 2007 SP2, including revisions to security best practices. Some of these revisions are also applicable to out of band management in Configuration Manager 2007 SP1, but we can't publish them with our monthly updates because of the new SP2 content. Rather than waiting until SP2 is released, I'm including the revisions here that affect existing customers using out of band management in Configuration Manager 2007 SP1.
We have also updated the recommended collection query for in-band provisioning. The previous query included computers with the AMT status of Not Provisioned and Detected. Note that Detected means AMT capability is detected but the out of band service point is unable to currently provision it for AMT because the AMT Remote Admin Account or the MEBx Account has been changed. This is usually an indication that you need to configure an AMT Provisioning and Discovery Account.”
For all the details see http://blogs.technet.com/configmgrteam/archive/2009/08/05/updated-security-best-practices-for-out-of-band-management-in-service-pack-1.aspx.
J.C. Hornbeck | Manageability Knowledge Engineer