Simple Network Management Protocol (SNMP) is an age-old network monitoring protocol still in wide use today. In Windows Server 2016, an SNMP service is still available. You can set it up to provide a way to monitor various resources remotely on a Windows Server 2016 machine.

There are a couple of ways to get SNMP set up on Windows Server 2016. For this article, I'm going to focus on how to do this in PowerShell. This will allow you to replicate my work easily and set up the SNMP service on many servers at once should you choose to do so.

For the demo in this article to work, make sure you have PowerShell Remoting (PSRemoting) enabled and available on at least one Windows Server 2016 machine. I'll be working from a computer in the same Active Directory domain. Once you've got this enabled and working, we can now begin to set up SNMP.

Install the SNMP service ^

To make things simple at first, let's create an interactive PSRemoting session to our remote Windows Server 2016 machine.

PS> Enter-PSSession -ComputerName 'WINSRV2016'
[WINSRV2016]: PS C:\>

Once I've established a PSRemoting session, I can begin executing commands on the remote server. The first command I need to run is Install-WindowsFeature. I'll use this command to install the SNMP-Service and RSAT-SNMP features. These two features will install the SNMP service itself and make the options available should we choose to configure the SNMP service via the Services GUI later.

[WINSRV2016]: PS C:\> Install-WindowsFeature -Name 'SNMP-Service','RSAT-SNMP'

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {SNMP Service}

Configure the permitted manager ^

After installing the SNMP service feature, we can now configure both the permitted managers and add any community strings. We can add both permitted managers and community strings via the registry. First, let's add a few permitted managers. The permitted managers are stored in the PermittedManagers key inside the SNMP Windows service key located at HKEY_LOCAL_MACHINE.

I'd like to allow servers called foo.techsnips.local and bar.techsnips.local to query this SNMP service. I can add them both to the PermittedManagers key by using the New-ItemProperty cmdlet. You can see below that incrementing numbers starting at 1 define the permitted managers. By default, 1 is already set for localhost, so I'm starting at 2 and creating each manager entry as a value.

$managers = 'foo.techsnips.local','bar.techsnips.local'

$i = 2
foreach ($manager in $managers) {
    New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers"  Name $i -Value $manager
    $i++
}

After this runs, the PermittedManagers key will now look something like this:

Added permitted managers

Added permitted managers

Once you've added the permitted managers, it's time to add one or more community strings. We'll do this again via the registry, but this time the appropriate key is called ValidCommunities. Let's add a couple here to demonstrate. We're getting a little fancy here, but that's what PowerShell is for! In the example below, I'm defining all the community strings and their right levels in a plain-English way. I've defined a read-only community string as a 4 and a read/write community string as an 8, but I don't want to remember this!

$strings = @(
    @{
        Name = 'ro'
        Rights = 'Read Only'
    }
    @{
        Name = 'rw'
        Rights = 'Read Write'
    }
)

foreach ($string in $strings) {
    switch ($string.Rights) {
        'Read Only' {
            $val = 4
        }
        'Read Write' {
            $val = 8
        }
        default {
            throw "Unrecognized input: [$]"
        }
    }
    New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities"  Name $string.Name -Value $val
    $i++
}

After running this code, you can then go to the Windows Services console and view the SNMP Service Properties –> Security tab to see that the SNMP service recognizes all of the strings.

Viewing SNMP configuration

Viewing SNMP configuration

The Install-SNMP function ^

Now that you know the basics of setting up SNMP, we can take the code we came up with and easily adapt it to multiple servers as well. To do this, instead of creating an interactive remoting session, we will instead use Invoke-Command to send a prebuilt block of code known as a scriptblock to one or many different computers at once.

We'll wrap this all up into an easy-to-use function called Install-SNMP we can execute on one or lots of computers.

function Install-SNMP {
    [OutputType('void')]
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory)]
        [ValidateNotNullOrEmpty()]
        [string[]]$ComputerName,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [string[]]$PermittedManagers,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [hashtable[]]$CommunityStrings,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [pscredential]$Credential
    )

    $ErrorActionPreference = 'Stop'

    try {
        $scriptBlock = {
            $VerbosePreference = $using:VerbosePreference
            ## Install the service and remote GUI configuraiton ability
            $null = Install-WindowsFeature -Name 'SNMP-Service','RSAT-SNMP'

            if ($using:PermittedManagers) {
                ## Set any managers
                $i = 2
                foreach ($manager in $using:PermittedManagers) {
                    Write-Verbose -Message "Setting permitted manager [$($manager)]..."
                    $null = New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -Name $i -Value $manager
                    $i++
                }
                $strings = @(
                    @{
                        Name = 'ro'
                        Rights = 'Read Only'
                    }
                    @{
                        Name = 'rw'
                        Rights = 'Read Write'
                    }
                )
            }

            if ($using:CommunityStrings) {
                ## Set any community strings
                foreach ($string in $using:CommunityStrings) {
                    Write-Verbose -Message "Setting community string [$($string.Name)]..."
                    switch ($string.Rights) {
                        'Read Only' {
                            $val = 4
                        }
                        'Read Write' {
                            $val = 8
                        }
                        default {
                            throw "Unrecognized input: [$]"
                        }
                    }
                    $null = New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -Name $string.Name -Value $val
                    $i++
                }
            }
        }

        $icmParams = @{
            ComputerName = $ComputerName
            ScriptBlock = $scriptBlock
            Verbose = $VerbosePreference
        }
        if ($PSBoundParameters.ContainsKey('Credential')) {
            $icmParams.Credential = $Credential
        }
        Invoke-Command @icmParams
    } catch {
        Write-Error -Message $_.Exception.Message
    }
}

We can now use this function like this:

Subscribe to 4sysops newsletter!

PS> Install-SNMP -ComputerName WINSRV2016 -PermittedManagers 'foo.techsnips.local' -CommunityStrings @{'Name'='ro';'Rights'='Read Only'}  Verbose

VERBOSE: Exporting cmdlet 'Get-WindowsFeature'.
VERBOSE: Exporting cmdlet 'Install-WindowsFeature'.
VERBOSE: Exporting cmdlet 'Uninstall-WindowsFeature'.
VERBOSE: Exporting alias 'Add-WindowsFeature'.
VERBOSE: Exporting alias 'Remove-WindowsFeature'.
VERBOSE: Exporting function 'Enable-ServerManagerStandardUserRemoting'.
VERBOSE: Exporting function 'Disable-ServerManagerStandardUserRemoting'.
VERBOSE: Installation started...
VERBOSE: Installation succeeded.
VERBOSE: Setting permitted manager [foo.techsnips.local]...
VERBOSE: Setting community string [ro]...
9 Comments
  1. David Zampino 4 years ago

    I thought that Microsoft deprecated SNMP with Server 2012? And to confirm, this is only SNMPv2?

    • Eric Chambers 3 years ago

      Deprecated, but not deleted. Enabling the SNMP service will still allow you to get standard performance and configuration data from Windows server products. And  you are correct, SNMP v2 only.

  2. Phing Chov 3 years ago

    Thanks for posting! Saved me an afternoon of installing and configuring SNMP

  3. Ray 3 years ago

    I've written 2 PS scripts, one for our Dell Servers and one for our VM's that are extremely short and use an exported registry key for the different values of each type of server from 2 that I manually set up for the purpose of the scripts. The reason for two is that we use Dell OEM for hardware on the those physical servers and they have a specific setup for reporting to the OEM software. 

    My scripts are basic and go something like this:

     

    • Import a csv of the servers 
    • foreach the servers
    • verify SNMP isn't already installed
    • Skip server if it is already installed or continue if it isn't
    • upload the registry key
    • install windows service SNMP
    • import the registry key
    • repeat loop until done

    Just quick and simple.

    • danis 3 years ago

      And where did you post those 2 PS scripts?
      Would be nice to share 😉

  4. James Watkins 2 years ago

    Thanks for posting! Saved me an afternoon of installing and confiAnyguring SNMP.

    I have do that same for 2012 R2,  2008, 2008 R2.  any ideas.     

     

  5. reubstr 2 years ago

    Any idea how to force the SNMP traps sent from windows to be sent in a version other than V1? They are showing up on the destination as V1 and not V2 or V2C. I have spent a few days now with this problem. Other than that, your post has been very helpful. Thanks!

  6. Eric Chambers 2 years ago

    I'm not much of a script writer, but I found this powershell script to install snmp, set the community string, and configure the allowed hosts: http://www.vmwareadmins.com/using-powershell-install-snmp-configure-community-location-contact-windows-2008/

    This is nothing to do with v1 vs. v2 traps, just to further the discussion regarding installing SNMP via PowerShell.

  7. kk 2 years ago

    Windows Server 2008 Query: .iso.org.dod.internet.private.enterprises.dell.storage.software.storageManagement.physicalDevices.arrayDiskTable.arrayDiskEntry.arrayDiskstate.1

    Can any one tell me its meaning, and how To Write For Windows Server 2016

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account