none
Windows 2003 and 2008 SNMP Settings via Group Policy

    Question

  • Can someone point me in the right direction on this?

    I need set SNMP settings on about 3000+ servers with multiple community names and remove PUBLIC.

    How can this be accomplished via a group policy? I have set the policy and PUBLIC seems to appear in the Community name along with the the 2 trap desitinations I have configured. In the SNMP security piece I do see the 2 communities I defined.

    My process was this:

    I set the snmp settings like I wanted on the server I was setting the policy on. I exported the registry keys for the configuration into the policy and it does apply. I then went into the Network/SNMP settings and set the community names there. But the community name PUBLIC seems to always appear.

    I read in other posts that a custom ADM template may have to be made so it will set this correctly? Has someone successfully done this?

    Thursday, February 23, 2012 12:54 AM

Answers

  • Hi,

    Thank you for your post.

    Using SNMP ADM template works for your scenario.

    1.If you configure the SNMP GPO (or Policies registry), the communities in policy only works for communication though the public community display on local computer.

    SNMP GPO:
    Computer Configuration\Policies\Administrative Template\Network\SNMP\Communities
    Computer Configuration\Policies\Administrative Template\Network\SNMP\Permitted Managers
    Computer Configuration\Policies\Administrative Template\Network\SNMP\Trap for public community

    SNMP Policies registry GPO:
    Computer Configuration\Preferences\Windows Settings\Registry

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SNMP\Parameters\TrapConfiguration


    2.If you configure the SNMP local registry via group policy, you need to delete the public community once from ValidCommunities.

    SNMP local registry GPO:
    Computer Configuration\Preferences\Windows Settings\Registry

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\public
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration

    Regards


    Rick Tan

    TechNet Community Support


    Thursday, February 23, 2012 8:55 AM
    Moderator