Set SNMP keys for Windows Servers
# Script to set SNMP keys of remote Windows servers. The menu allows a specific server to be selected or all servers in an OU (or OUs)
# This uses Quest ActiveRoles module for Active Directory
# This is a simple menu, taking the input values: 1, 2, or 3
write-host “`nThis script configures SNMP on the target(s). `n`nTrap destination: servername1, servername2 `nTrap community: public2 `nAccepted community name: public2 `nAccepted hosts: servername1, servername2, localhost`n”
write-host “1. Run this script across all domain servers”
write-host “2. Target a specific server”
write-host “3. Exit”
$z=read-host “`nSelect ”
switch ($z)
{
’1′
{
$servers=@()
$servers+= Get-qadcomputer -searchroot ‘domain/OU’,'domain/OU2′ -OSName “*server*” | foreach {$_.Name};break
}
’2′
{
$servers=read-host “Enter server name”;break
}
’3′
{
exit;break
}
default
{
write-host “`nInvalid input, exiting…`n”
exit
}
}
foreach ($server in $servers){
try{
# This checks if the server is accessible
$live= gwmi -query “Select * from win32_pingstatus where address = ‘$server’”
if($live.StatusCode -eq 0){
write-host “`nRunning on $server…”
# This section configures the community string and the trap destinations
# Opening the registry to change the values. The default SNMP value of public is deleted and replaced by public2
$reg= [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’, $server)
$regkey=$reg.OpenSubkey(“SYSTEM\\controlset001\\services\\snmp\\parameters\\trapconfiguration”,$True)
if($regkey.getsubkeynames() -contains “public”){
$regkey.deletesubkey(“public”)
}
if($regkey.getsubkeynames() -notcontains “public2″){
$regkey.CreateSubkey(“public2″)
}
# Outputting what the SNMP community string is
write-host “The SNMP community string is: ” $regkey.getsubkeynames()
# Access the properties of the new community name for trap destination
$regkey=$reg.OpenSubkey(“SYSTEM\\controlset001\\services\\snmp\\parameters\\trapconfiguration\\public2″,$True)
# Delete all existing destination values and add the new ones
$i=1
while($regkey.getvaluenames() -ne $NULL){
$regkey.deletevalue($i);
$i=$i+1
}
$regkey.SetValue(’1′,’servername1′,’String’)
$regkey.SetValue(’2′,’servername2′,’String’)
# This section configures the community string and defines where SNMP packets are accepted from
# Access the properties of permitted managers, ie where packets are accepted from
$regkey=$reg.OpenSubkey(“SYSTEM\\controlset001\\services\\snmp\\parameters\\permittedmanagers”,$True)
# Delete all existing destination values and add the new ones
$i=2
while($regkey.getvaluenames() -gt ’1′){
$regkey.deletevalue($i)
$i=$i+1
}
$regkey.SetValue(’2′,’servername1′,’String’)
$regkey.SetValue(’3′,’servername2′,’String’)
# Set the community name, public is deleted and replaced by public2
$regkey=$reg.OpenSubkey(“SYSTEM\\controlset001\\services\\snmp\\parameters\\ValidCommunities”,$True)
if ($regkey.getvaluenames() -eq ‘public’){
$regkey.DeleteValue(‘public’)
$regkey.Setvalue(‘public2′,’4′,’DWord’)
}
}
# If a server is not reachable, report it
else{
write-host “`nNot reachable: $server” -foregroundcolor yellow -backgroundcolor black
}
# Stop and start the SNMP service to allow the changes to take effect.
(gwmi win32_service -computername $server -filter “name=’snmp’”).stopservice() | out-null
start-sleep -s 10
(gwmi win32_service -computername $server -filter “name=’snmp’”).startservice() | out-null
write-host(gwmi win32_service -computername $server -filter “name=’snmp’” | select state)
}
# Simple error catching, eg a server could not have its registry values changed because…
catch {
write-host (“Failed on: $server : ” + $error[0]) -foregroundcolor red
}
}
write-host “`n`nScript completed”