Working with the “Security” tab in the SNMP service is similar to that for the “Traps” tab discussed before. Let us start off with the simple task to toggle the “Send authentication trap” option. This matches the registry item property EnableAuthenticationTraps located in:
HKLM:\System\CurrentControlSet\Services\SNMP\Parameters
and is managed using Get/Set-ItemProperty.
To be recognized as a valid entry in “Accepted community names”, an item must be added to the registry key ValidCommunities which lives under the above path (create if missing).
$communityName = "CommunityName01"
$serverName = "FS01"
$ValidCommunities = "ValidCommunities"
$registryPath = "HKLM:\System\CurrentControlSet\Services\SNMP\Parameters"
#
if (-not (Test-Path "$registryPath\ValidCommunities"))
{
New-Item -Name $ValidCommunities -Path $registryPath
}
Subsequently, hosts are added using the following steps:
# repeat to add more properties to this registry item ValidCommunities
# 4 = read-only
New-ItemProperty -Name $communityName -Value 4 -Path "$registryPath\ValidCommunities"
#
# get current number of PermittedManagers and increase by 1 to add as new item;
$i = (Get-ItemProperty "$registryPath\PermittedManagers" |
Get-Member -MemberType NoteProperty |
? Name -NotMatch "PS" | Measure).count
$i++
#
New-ItemProperty -Name $i -Value $serverName -Path "$registryPath\PermittedManagers"
Note that any host added will appear under the enabled “Accept SNMP packets from these hosts” option and are applicable to all entries listed in “Accepted community names”.
Rights assignment to the “Accepted community names” have the values as tabulated here:
Rights | Value (Decimal) |
---|---|
NONE | 1 |
NOTIFY | -* |
READ ONLY | 4 |
READ WRITE | 8 |
READ CREATE | 16 |
* will not be listed under ValidCommunities registry key