Simple Network Management Protocol or SNMP is used for monitoring, event notification, and network device management on corporate networks. The protocol consists of a set of network management standards, including the Application Layer protocol, database schemas, and a set of data objects. SNMP can receive various types of information (uptime, performance counters, device parameters, etc.) from any network device: switches, servers, routers, or computers on which the SNMP agent is installed. In Windows 10, the SNMP service is available as a separate Windows feature and it’s not installed by default.
How to Install SNMP Service in Windows 10?
You can check if the SNMP service is installed on your Windows 10 by using the Get-Service PowerShell cmdlet:
Get-Service -Name snmp*
Most likely, the service has not been installed yet.
You can install the SNMP service via the Control Panel. Go to the Control Panel > Programs and Features > Turn Windows features on or off. In the list of Windows features, select Simple Network Management Protocol (SNMP) and the WMI SNMP Provider (provides access to the SNMP information via the Windows Management Instrumentation interfaces), and click OK.
You can also install the SNMP service using PowerShell:
Enable-WindowsOptionalFeature -online -FeatureName SNMP
This command can help you to install the SNMP service on Windows 10 in 1803 builds or earlier. Starting from Windows 10 1809 Microsoft changed the way to deploy SNMP service on desktop OSs.
How to Enable SNMP Service in Windows 10 1803 and Newer?
In Windows 10 1803 and later (1809, 1903,1909, 2004), the SNMP service is considered deprecated and is not listed in the Windows features in the Control Panel list.
Microsoft plans to completely remove the SNMP service in the next Windows builds because of the security risks associated with this protocol. Instead of SNMP, it is recommended to use the Common Information Model (CIM), which is supported by Windows Remote Management. On the current builds of Windows 10, the SNMP service is hidden.
The SNMP service is now missing from the Windows 10 image and can only be installed as Feature On Demand (FoD).
Tip. You can install the SNMP service on a disconnected environment (without Internet access) using the FoD ISO image. You can download the FOD media from your Volume License Servicing Center (VLSC).
If your computer has a direct Internet connection, you can install the SNMP service components online from Microsoft servers. To do this, open the elevated PowerShell console and run the command:
Add-WindowsCapability -Online -Name "SNMP.Client~~~~0.0.1.0"
You can also use DISM to install the SNMP service:
DISM /online /add-capability /capabilityname:SNMP.Client~~~~0.0.1.0
After that, you can verify if the SNMP service is installed:
Get-WindowsCapability -Online -Name "SNMP*"
Name : SNMP.Client~~~~0.0.1.0
State : Installed
DisplayName : Simple Network Management Protocol (SNMP)
Description : This feature includes Simple Network Management Protocol agents that monitor the activity in network devices and reports it to the network console workstation
DownloadSize : 595304
InstallSize : 1128133
To disable the SNMP service, use the PowerShell command:
Remove-WindowsCapability -Online -Name "SNMP.Client~~~~0.0.1.0"
You can also install the SNMP service through the Optional Features graphical interface.
Go to the Settings > Apps > Apps & Features > Manage optional feature > Add Feature. Select the following features in the list: Simple Network Management Protocol (SNMP) and WMI SNMP Provider (to get all SNMP service configuration tabs).
After that, the SNMP service will appear in the services.msc console.
If when performing the Add-WindowsCapability command you received the “Add-WindowsCapability failed error. Error code = 0x800f0954”, most likely your computer receives Windows updates not from Microsoft Update servers but from the internal WSUS server. To make the SNMP service receive installation files from Microsoft servers, you need to temporarily bypass the WSUS.
To do this, run the command:
reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdateAU" /v UseWUServer /t REG_DWORD /d 0 /f
After that, restart the Windows Update service:
netshh winhttp reset proxy net stop wuauserv net start wuauserv
Now try to install the SNMP service with the Add-WindowsCapability command. If all goes well, return the initial wusuaserv service registry parameter pointing to the WSUS server. Run the command:
reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdateAU" /v UseWUServer /t REG_DWORD /d 1 /f
And restart the Windows Update Service.
Configure SNMP on Windows 10 Computer
After the installation, SNMP services should start automatically. Open the Services management console (services.msc). Two new services should appear in the service list:
- SNMP Service — this is the primary SNMP agent service, that tracks activity and sends information;
- SNMP Trap — receives trap messages from local or remote SNMP agents, and forwards messages to the SNMP management software that is being run on that computer.
Open the properties of the SNMP Service. If it is stopped, restart it by pressing the Start button and then change the startup type to Automatic.
Click the Agent tab. Fill in the Contact and Location fields (you can specify the user’s contact name and computer location). Then select the list of services from which you want to collect data and send it to the monitoring device. There are five service-based options:
- Datalink and subnetwork.
Click the Security tab. Here you can configure various security settings for different SNMP servers.
The list of Accepted community names contains the names of the communities whose SNMP hosts are authenticated to send SNMP requests to this computer. The community name has the same functions as login and password.
Click the Add button and specify the Community Name and one of the five access levels (None, Notify, READ ONLY, READ WRITE, READ CREATE). READ WRITE is the maximum access level at which the SNMP management server can make changes on the system. For monitoring systems, it is usually enough to select READ ONLY (the monitoring server can only poll the system, but not to make changes). In our example, we added a community name public with READ ONLY permissions.
Add a list of monitoring servers (hostnames or IP addresses) to the Accept SNMP packets from these hosts from which you want to accept SNMP packets. This could be your monitoring system, for example, Zabbix, Nagios, Icinga, OpenNMS, PRTG, and Microsoft System Center Operations Manager (SCOM).
Tip. You can select the Accept SNMP packets from any host option. In this mode, the SNMP agent accepts packets from any host without IP restrictions. This option is not recommended for use on public computers. This is not safe.
Save the changes and restart the SNMP service.
Hint. To make your Windows host receiving and sending SNMP queries and traps, you need to open SNMP ports in Windows Defender Firewall with Advanced Security. SNMP uses UDP as a transport protocol. Two ports are used: UDP 161 (SNMP) and UDP 162 (SNMPTRAP). You can open inbound and outbound SNMP ports in Windows Firewall using the following commands:netsh advfirewall firewall add rule name="SNMP UDP Port 161 In" dir=in action=allow protocol=UDP localport=161 netsh advfirewall firewall add rule name="SNMP UDP Port 161 Out" dir=out action=allow protocol=UDP localport=161 netsh advfirewall firewall add rule name="SNMPTRAP UDP Port 162 In" dir=in action=allow protocol=UDP localport=162 netsh advfirewall firewall add rule name=" SNMPTRAP UDP Port 162 Out" dir=out action=allow protocol=UDP localport=162
Configuring SNMP Settings via Group Policy
Several GPO parameters will help you configure SNMP parameters centrally. These parameters are located in the GPO editor (gpedit.msc or gpmc.msc) under Computer Configuration > Policies > Administrative Templates definitions > Network > SNMP.
Three SNMP policy parameters are available:
- Specify communities — allows you to set a list of communities for the SNMP service;
- Specify permitted managers — allows you to specify a list of permitted host that can send SNMP queries to the agent on this computer;
- Specify traps for public community — allows you to set up trap configuration for the Simple Network Management Protocol.
Another way to configure SNMP parameters is through the registry. These parameters are set in the following section of the Registry Editor (regedit.exe) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters.
You can configure SNMP parameters as needed on a reference computer, upload them to a reg file, and deploy them to servers/computers via GPO (Computer Configuration > Preferences > Windows Settings > Registry).
This completes the SNMP service configuration in Windows 10. If you need to enable SNMP on multiple computers or servers, you can remotely install and configure SNMP service using PowerShell or Group Policy.