- Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
- Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
- How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019
There are a couple of ways to get SNMP set up on Windows Server 2016. For this article, I'm going to focus on how to do this in PowerShell. This will allow you to replicate my work easily and set up the SNMP service on many servers at once should you choose to do so.
For the demo in this article to work, make sure you have PowerShell Remoting (PSRemoting) enabled and available on at least one Windows Server 2016 machine. I'll be working from a computer in the same Active Directory domain. Once you've got this enabled and working, we can now begin to set up SNMP.
Install the SNMP service
To make things simple at first, let's create an interactive PSRemoting session to our remote Windows Server 2016 machine.
PS> Enter-PSSession -ComputerName 'WINSRV2016' [WINSRV2016]: PS C:\>
Once I've established a PSRemoting session, I can begin executing commands on the remote server. The first command I need to run is Install-WindowsFeature. I'll use this command to install the SNMP-Service and RSAT-SNMP features. These two features will install the SNMP service itself and make the options available should we choose to configure the SNMP service via the Services GUI later.
[WINSRV2016]: PS C:\> Install-WindowsFeature -Name 'SNMP-Service','RSAT-SNMP'
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {SNMP Service}
Configure the permitted manager
After installing the SNMP service feature, we can now configure both the permitted managers and add any community strings. We can add both permitted managers and community strings via the registry. First, let's add a few permitted managers. The permitted managers are stored in the PermittedManagers key inside the SNMP Windows service key located at HKEY_LOCAL_MACHINE.
I'd like to allow servers called foo.techsnips.local and bar.techsnips.local to query this SNMP service. I can add them both to the PermittedManagers key by using the New-ItemProperty cmdlet. You can see below that incrementing numbers starting at 1 define the permitted managers. By default, 1 is already set for localhost, so I'm starting at 2 and creating each manager entry as a value.
$managers = 'foo.techsnips.local','bar.techsnips.local'
$i = 2
foreach ($manager in $managers) {
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" Name $i -Value $manager
$i++
}
After this runs, the PermittedManagers key will now look something like this:
Added permitted managers
Once you've added the permitted managers, it's time to add one or more community strings. We'll do this again via the registry, but this time the appropriate key is called ValidCommunities. Let's add a couple here to demonstrate. We're getting a little fancy here, but that's what PowerShell is for! In the example below, I'm defining all the community strings and their right levels in a plain-English way. I've defined a read-only community string as a 4 and a read/write community string as an 8, but I don't want to remember this!
$strings = @(
@{
Name = 'ro'
Rights = 'Read Only'
}
@{
Name = 'rw'
Rights = 'Read Write'
}
)
foreach ($string in $strings) {
switch ($string.Rights) {
'Read Only' {
$val = 4
}
'Read Write' {
$val = 8
}
default {
throw "Unrecognized input: [$]"
}
}
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" Name $string.Name -Value $val
$i++
}
After running this code, you can then go to the Windows Services console and view the SNMP Service Properties –> Security tab to see that the SNMP service recognizes all of the strings.
Viewing SNMP configuration
The Install-SNMP function
Now that you know the basics of setting up SNMP, we can take the code we came up with and easily adapt it to multiple servers as well. To do this, instead of creating an interactive remoting session, we will instead use Invoke-Command to send a prebuilt block of code known as a scriptblock to one or many different computers at once.
We'll wrap this all up into an easy-to-use function called Install-SNMP we can execute on one or lots of computers.
function Install-SNMP {
[OutputType('void')]
[CmdletBinding()]
param
(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string[]]$ComputerName,
[Parameter()]
[ValidateNotNullOrEmpty()]
[string[]]$PermittedManagers,
[Parameter()]
[ValidateNotNullOrEmpty()]
[hashtable[]]$CommunityStrings,
[Parameter()]
[ValidateNotNullOrEmpty()]
[pscredential]$Credential
)
$ErrorActionPreference = 'Stop'
try {
$scriptBlock = {
$VerbosePreference = $using:VerbosePreference
## Install the service and remote GUI configuraiton ability
$null = Install-WindowsFeature -Name 'SNMP-Service','RSAT-SNMP'
if ($using:PermittedManagers) {
## Set any managers
$i = 2
foreach ($manager in $using:PermittedManagers) {
Write-Verbose -Message "Setting permitted manager [$($manager)]..."
$null = New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -Name $i -Value $manager
$i++
}
$strings = @(
@{
Name = 'ro'
Rights = 'Read Only'
}
@{
Name = 'rw'
Rights = 'Read Write'
}
)
}
if ($using:CommunityStrings) {
## Set any community strings
foreach ($string in $using:CommunityStrings) {
Write-Verbose -Message "Setting community string [$($string.Name)]..."
switch ($string.Rights) {
'Read Only' {
$val = 4
}
'Read Write' {
$val = 8
}
default {
throw "Unrecognized input: [$]"
}
}
$null = New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -Name $string.Name -Value $val
$i++
}
}
}
$icmParams = @{
ComputerName = $ComputerName
ScriptBlock = $scriptBlock
Verbose = $VerbosePreference
}
if ($PSBoundParameters.ContainsKey('Credential')) {
$icmParams.Credential = $Credential
}
Invoke-Command @icmParams
} catch {
Write-Error -Message $_.Exception.Message
}
}
We can now use this function like this:
Subscribe to 4sysops newsletter!
PS> Install-SNMP -ComputerName WINSRV2016 -PermittedManagers 'foo.techsnips.local' -CommunityStrings @{'Name'='ro';'Rights'='Read Only'} Verbose
VERBOSE: Exporting cmdlet 'Get-WindowsFeature'.
VERBOSE: Exporting cmdlet 'Install-WindowsFeature'.
VERBOSE: Exporting cmdlet 'Uninstall-WindowsFeature'.
VERBOSE: Exporting alias 'Add-WindowsFeature'.
VERBOSE: Exporting alias 'Remove-WindowsFeature'.
VERBOSE: Exporting function 'Enable-ServerManagerStandardUserRemoting'.
VERBOSE: Exporting function 'Disable-ServerManagerStandardUserRemoting'.
VERBOSE: Installation started...
VERBOSE: Installation succeeded.
VERBOSE: Setting permitted manager [foo.techsnips.local]...
VERBOSE: Setting community string [ro]...
I thought that Microsoft deprecated SNMP with Server 2012? And to confirm, this is only SNMPv2?
Deprecated, but not deleted. Enabling the SNMP service will still allow you to get standard performance and configuration data from Windows server products. And you are correct, SNMP v2 only.
Thanks for posting! Saved me an afternoon of installing and configuring SNMP
I've written 2 PS scripts, one for our Dell Servers and one for our VM's that are extremely short and use an exported registry key for the different values of each type of server from 2 that I manually set up for the purpose of the scripts. The reason for two is that we use Dell OEM for hardware on the those physical servers and they have a specific setup for reporting to the OEM software.
My scripts are basic and go something like this:
Just quick and simple.
And where did you post those 2 PS scripts?
Would be nice to share 😉
Thanks for posting! Saved me an afternoon of installing and confiAnyguring SNMP.
I have do that same for 2012 R2, 2008, 2008 R2. any ideas.
Any idea how to force the SNMP traps sent from windows to be sent in a version other than V1? They are showing up on the destination as V1 and not V2 or V2C. I have spent a few days now with this problem. Other than that, your post has been very helpful. Thanks!
I'm not much of a script writer, but I found this powershell script to install snmp, set the community string, and configure the allowed hosts: http://www.vmwareadmins.com/using-powershell-install-snmp-configure-community-location-contact-windows-2008/
This is nothing to do with v1 vs. v2 traps, just to further the discussion regarding installing SNMP via PowerShell.
Windows Server 2008 Query: .iso.org.dod.internet.private.enterprises.dell.storage.software.storageManagement.physicalDevices.arrayDiskTable.arrayDiskEntry.arrayDiskstate.1
Can any one tell me its meaning, and how To Write For Windows Server 2016