HOW TO: Configure Security for a Simple Network Management Protocol Service in Windows 2000 (315154)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q315154

IN THIS TASK

SUMMARY

This step-by-step article describes how to configure traps on a Simple Network Management Protocol (SNMP) service. You can configure the SNMP service to send a trap when it receives a request for information that does not contain the correct community name and does not match an accepted host name for the service.

back to the top

Configure SNMP Agent Information

To configure SNMP agent information:
  1. Right-click My Computer, and then click Manage.
  2. Expand the Services and Applications node, and then click Services.
  3. In the Details pane, double-click SNMP Service.
  4. On the Agent tab, type the computer user's name in the Contact box, and then type the computer's physical location in the Location box. Note that these comments are treated as text and are optional.
  5. Check all of the boxes that indicate network capabilities that are provided by your Microsoft Windows NT-based computer. Service options are:
    • Physical: Specifies that the computer manages any physical TCP/IP devices, such as a hard disk partition or a repeater.
    • Applications: Specifies whether this computer uses any programs that send data by using TCP/IP, such as electronic mail.
    • Datalink and subnetwork: Specifies whether this computer manages a TCP/IP subnetwork or datalink, such as a bridge.
    • Internet: Specifies whether this computer acts as an IP gateway (router).
    • End-to-end: Specifies whether this computer acts as an IP host.
    NOTE: If you have installed additional TCP/IP network devices, such as a switch or a router, you should view the following RFC 1213 Web site for additional information:

    ftp://ftp.isi.edu/in-notes/rfc1213.txt

    Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
After you complete these steps, click the Traps tab to continue to the next task.

back to the top

Configure SNMP Communities and Traps

  1. To create a community, type the case-sensitive community name in the Community name box, and then click Add to list. Repeat this step if you want to create additional community names.
  2. In SNMP Service Properties, click Add on the Traps tab.
  3. In the Host name, IP or IPX address box, type information for the host, and then click Add to list.
  4. Click Add, type the host name, IP address, or IPX address in the appropriate box under SNMP Service Configuration, and then click Add. The host name or address appears in the Trap destinations list. Repeat this step until you have added all of the hosts that you want to add.
  5. Repeat steps 3 and 4 until you configure all the SNMP communities you want, and then click the Security tab to continue to the next task.
back to the top

Configure SNMP Security

To configure SNMP security for a community:
  1. In SNMP Service Properties, on the Security tab, click Send authentication trap if you want a trap message sent whenever authentication fails.
  2. Under Accepted community names, click Add.
  3. Under Community Rights, click a permission level for this host to process SNMP requests from the selected community. To view a description of a dialog box item, right-click the item, and then click What's This?.
  4. In the Community Name box, type a case-sensitive community name, and then click Add.
  5. Under SNMP Service Properties, specify whether or not to accept SNMP packets from a host:
    • To accept SNMP requests from any host on the network, regardless of identity, click Accept SNMP packets from any host.
    • To limit acceptance of SNMP packets, click Accept SNMP packets from these hosts, click Add, type the appropriate host name, IP or IPX address, and then click Add again.
Although the SNMP service and SNMP security are now ready without rebooting, you should still restart your computer.

IMPORTANT: If you remove all of the community names, including the default name Public, SNMP does not respond to any community names that are presented.

back to the top


REFERENCES

For additional information about SNMP services, click the article numbers below to view the articles in the Microsoft Knowledge Base:

200885 How to Troubleshoot SNMP Security Issues

192796 How to Send SNMP Trap with Variable Bindings from Testdll.dll

189131 How to Programmatically Trigger a SNMP Trap

237295 The Management Information Base (MIB) Support in Windows 2000

87663 Installing the SNMP Agents on a 3Com Server

298818 Duplicate SNMP Traps Sent on Windows 2000

158770 SNMP Service Will Not Start with Event ID: 7024

back to the top





Modification Type:MajorLast Reviewed:9/4/2006
Keywords:kbenv kbhowto kbHOWTOmaster kbnetwork KB315154 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.