7

I'm looking to remotely install the SNMP and SNMP WMI Provider services on Windows Server 2008 R2, configure specific options for the Agent, Traps, and Security tabs, then make sure these services and settings aren't removed or turned off. This goal is precipitated by the desire to remotely monitor server health with Zenoss.

Through my searches online, I feel this can be accomplished with Powershell and then be pushed out through Group Policy, but I'm very new to this and it's a bit confusing; I may also be wrong.

Some of my servers are Enterprise while some are Standard all are R2. I assume I'll have to install SP1, .Net 4.0 and Powershell 3.0 for all servers to gain parity and reliability in any scripting.

So far, I have been able to write a script for Powershell to call DISM to install the SNMP service and set that script as a logon script in GPO, but I know that's not the best way to do this since I can't just go rebooting servers across the enterprise.

I need to specify the following items: Agent - contact and location Traps - community name and trap destination Security - send authentication trap = yes, accepted community name READ ONLY and accept SNMP traps from any host = yes

Any help would be greatly appreciated!

quadruplebucky
  • 5,041
  • 18
  • 23
user236557
  • 81
  • 1
  • 1
  • 2

1 Answers1

8

SNMP's old and crusty. Microsoft has put their SNMP engine in deprecated status, so expect to not even see it included with new versions of Windows.

This also sounds like it would be a perfect job for Powershell's new Desired State Configuration, but, DSC is complex. It's a relatively heavy commitment in learning, setting up a pull server, updating Powersehell throughout the enterprise, etc.

If I were to run a script on every machine to check whether SNMP was installed or not, and install it if it wasn't, I might do something like this:

If($(Get-WindowsFeature SNMP-Service).Installed -EQ $False) 
    { Install-WindowsFeature SNMP-Service }

You can distribute that script however you like, as a startup script perhaps. Or maybe run through a loop of all computers from one central computer and perform the installation remotely.

The configuration bit is not very glamorous. As I said, SNMP is deprecated so Microsoft is not going to spend any energy creating a bunch of Cmdlets for the SNMP service.

But the configuration is just registry settings. You could export the HKLM\SYSTEM\CurrentControlSet\services\SNMP\Parameters *.reg file from a configured machine, and distribute that *.reg file to other machines via GPO or startup script.

Or you could take a more direct approach like this guy: http://poshcode.org/2066

From the poshcode link:

$pmanagers = "ADD YOUR MANAGER(s)"
$commstring = "ADD YOUR COMM STRING"

Import-Module ServerManager

#Check If SNMP Services Are Already Installed
$check = Get-WindowsFeature | Where-Object {$_.Name -eq "SNMP-Services"}
If ($check.Installed -ne "True") {
    #Install/Enable SNMP Services
    Add-WindowsFeature SNMP-Services | Out-Null
}

##Verify Windows Servcies Are Enabled
If ($check.Installed -eq "True"){
    #Set SNMP Permitted Manager(s) ** WARNING : This will over write current settings **
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v 1 /t REG_SZ /d localhost /f | Out-Null
    #Used as counter for incremting permitted managers
    $i = 2
    Foreach ($manager in $pmanagers){
        reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v $i /t REG_SZ /d $manager /f | Out-Null
        $i++
        }
    #Set SNMP Community String(s)- *Read Only*
    Foreach ( $string in $commstring){
        reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" /v $string /t REG_DWORD /d 4 /f | Out-Null
        }
}
Else {Write-Host "Error: SNMP Services Not Installed"}

So that's the idea. You probably want to spend a little more time polishing and completing that, but there's the concept.

Edit: Oh and here's a pretty nice MS document about managing multiple servers remotely via Powershell that has some good ideas in it: http://technet.microsoft.com/en-us/library/hh831809.aspx

function Invoke-WindowsFeatureBatchDeployment {
    param (
        [parameter(mandatory)]
        [string[]] $ComputerNames,
        [parameter(mandatory)]
        [string] $ConfigurationFilePath
    )

    # Deploy the features on multiple computers simultaneously.
    $jobs = @()
    foreach($ComputerName in $ComputerNames) {
        $jobs += Start-Job -Command {
            Install-WindowsFeature -ConfigurationFilePath $using:ConfigurationFilePath -ComputerName $using:ComputerName -Restart
        } 
    }

    Receive-Job -Job $jobs -Wait | Select-Object Success, RestartNeeded, ExitCode, FeatureResult
}
Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • 2
    Thank you very much for your comment. If SNMP is going the way of the Dodo, will monitoring vendors such as Zenoss or Nagios support DSC? – user236557 Feb 28 '14 at 22:27
  • No idea what Zenoss or Nagios will do in the future. But what I bet we'll see are enterprises deploying 3rd-party SNMP engines to their Windows Server 2023 after Microsoft has long since dropped theirs, because enterprises love using really old software. ;) – Ryan Ries Feb 28 '14 at 22:29
  • @user236557 DSC has nothing to do with monitoring, it is a configuration management system.. These days a lot of the monitoring tools simply operate via an agent (nsclient++, etc). The monitoring system talks to the agent which accesses the local system. You can also get data via ws-management. – Zoredache Feb 28 '14 at 22:40
  • @user236557 bear in mind that just because Microsoft is deprecating SNMP, does not necessarily mean that it's going to disappear any time soon. Microsoft has always favored and promoted using WMI over SNMP, so deprecating the SNMP engine is just another step down that road. We'll probably see 3rd party developers create SNMP software for Windows, but honestly, given Windows, you should probably get on board with using WMI and/or WinRM instead of SNMP. – HopelessN00b Feb 28 '14 at 23:49
  • Thanks so much guys. I've gotten the script to work just the way I want it, but I'm still not sure how to use GPO to push this out. I know there is a startup script option but that option requires the server to reboot. I need something that will run the script the next time the group policy is updated on each windows server without requiring a reboot. – user236557 Mar 03 '14 at 20:44
  • How about a Scheduled Task distributed via GPO? The scheduled action would be something like "C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe \\SERVER01\Deployment\Install-SNMP.ps1" or something to that effect... the idea is that all the machines pull the script from the same network share. This would avoid the need to reboot... – Ryan Ries Mar 03 '14 at 21:02