I’m am in the process of deploying Dell’s OpenManage System Management solution to manage the hardware, firmware and drivers on all of our Dell servers and SNMP read/write communities are required. In addition my plan calls for rolling out HP’s System Insight Manager (SIM) which also requires the SNMP communities. Since I would rather not have to configure these SNMP communities on each individual server I have utilized Windows Server Group Policy to “push” these SNMP communities out to these servers. Unfortunately the default system.adm group policy does not support read/write communities, it is limited to ‘read only’ communities and I suspect this might be for security reasons. That leaves me with one solution, at least that I can think of, and that is to create a custom GPO template. Thinking that I cannot be the only administrator in this predicament I decided to search some websites to see if I might be able to dig up some helpful information. Fortunately I came across a forum discussion that touched on exactly what I was looking for.
Sponsors, article continues below...
After some tweaking I came up with a script that resolved the issues I was up against just the way I was hoping it would.
;----------------------------START COPY---------------------------- ; ;Ext SNMP Read-Write ; Description: Copied from http://www.mail-archive.com/[email protected]/msg46539.html ; Will set READ/WRITE SNMP communities for use with Dell Open Manage and HP SIM. ; Modified to work in current environment. ; Created By: shnizep atnospam gmail.com ; Creation Date: 2008-08-11 ; Last Modified: 2008-08-11 CLASS MACHINE CATEGORY "Custom Windows Settings" CATEGORY "Server Settings" CATEGORY "SNMP" POLICY "SNMP Communties" EXPLAIN !!SNMPCommunities KEYNAME "System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" PART "Orion Alert community" DROPDOWNLIST NOSORT VALUENAME "public" ; change to your read-only community ITEMLIST NAME "Remove public community" VALUE DELETE DEFAULT NAME "NONE" VALUE NUMERIC 1 NAME "NOTIFY" VALUE NUMERIC 2 NAME "READ-ONLY" VALUE NUMERIC 4 END ITEMLIST END PART PART "HP SIM/Dell Open Manage community" DROPDOWNLIST NOSORT VALUENAME "private" ; Change to your read/write community ITEMLIST NAME "Not added" VALUE DELETE DEFAULT NAME "NONE" VALUE NUMERIC 1 NAME "NOTIFY" VALUE NUMERIC 2 NAME "READ ONLY" VALUE NUMERIC 4 NAME "READ WRITE" VALUE NUMERIC 8 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY END CATEGORY [strings] SNMPCommunities="Allows the SNMP Communities for Read & Write to be set" ;----------------------------END COPY----------------------------
There you have it! Of course those that choose to utilize this script will want to be sure to change the public and private SNMP community strings to something a bit more cryptic. It can be saved to c:\windows\inf\CustomSNMP.adm (or whatever name best fits your program) and now be imported into the GPO. I have tested this script successfully on my system and it works like a champ. I cannot and will not be liable for any issues that arise out of using this script and as everyone well knows, test first prior to implementing any scripts on your production system or you may be in for one hell of a headache if something goes sideways on you!
Pingback: Recent Faves Tagged With "snmp" : MyNetFaves
Pingback: Recent Links Tagged With "snmp" - JabberTags