Policy CSP - ADMX_Snmp

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

SNMP_Communities

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later
✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_Communities

This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.

SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.

A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.

  • If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.

  • If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.

Best practice: For security purposes, it's recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.

Note

It's good practice to use a cryptic community name.

Note

This policy setting has no effect if the SNMP agent isn't installed on the client computer.

Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name SNMP_Communities
Friendly Name Specify communities
Location Computer Configuration
Path Network > SNMP
Registry Key Name Software\Policies\SNMP\Parameters
ADMX File Name Snmp.admx

SNMP_PermittedManagers

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later
✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_PermittedManagers

This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.

Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.

The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.

  • If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.

  • If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.

Best practice: For security purposes, it's recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.

Note

This policy setting has no effect if the SNMP agent isn't installed on the client computer.

Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name SNMP_PermittedManagers
Friendly Name Specify permitted managers
Location Computer Configuration
Path Network > SNMP
Registry Key Name Software\Policies\SNMP\Parameters
ADMX File Name Snmp.admx

SNMP_Traps_Public

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later
✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later
✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later
✅ Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_Traps_Public

This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.

Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.

This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.

  • If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.

  • If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.

Note

This setting has no effect if the SNMP agent isn't installed on the client computer.

Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name SNMP_Traps_Public
Friendly Name Specify traps for public community
Location Computer Configuration
Path Network > SNMP
Registry Key Name Software\Policies\SNMP\Parameters
ADMX File Name Snmp.admx

Policy configuration service provider