Introduction to SNMP on Windows Server 2019
Simple Network Management Protocol (SNMP) is a standard protocol for monitoring and managing network devices and servers. On Windows Server 2019, the SNMP service allows network monitoring systems such as Nagios, Zabbix, PRTG, SolarWinds, and Cacti to query the server for operational data including system information, network interface statistics, CPU load, memory usage, running processes, and installed services. SNMP operates over UDP port 161 for queries and UDP port 162 for traps (unsolicited notifications from the monitored device to the management system). While newer systems prefer WMI, PowerShell Remoting, or REST APIs for monitoring, SNMP remains relevant in heterogeneous environments with mixed vendor equipment and legacy monitoring systems.
Installing the SNMP Service
The SNMP Service is available as a Windows feature in Windows Server 2019. Install it using PowerShell or Server Manager:
Install-WindowsFeature SNMP-Service, SNMP-WMI-Provider -IncludeManagementToolsVerify the installation:
Get-WindowsFeature SNMP* | Select-Object Name, InstallState
Get-Service SNMP | Select-Object Status, DisplayNameThe SNMP WMI Provider component enables WMI-based access to SNMP MIB data and allows correlating SNMP data with other WMI information. After installation, start the service and configure it to start automatically:
Set-Service SNMP -StartupType Automatic
Start-Service SNMPConfiguring SNMP Security and Community Strings
SNMP security is configured through community strings. Community strings act as passwords and should be treated as sensitive credentials. SNMPv1 and SNMPv2c transmit community strings in plaintext. Configure community strings via the registry or the SNMP service Properties dialog. To configure SNMP security via registry (the recommended method for scripted deployments):
# Add a read-only community string named "CorpMonitor"
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" /v "CorpMonitor" /t REG_DWORD /d 4 /f
# Values: 1=NONE, 2=NOTIFY, 4=READ ONLY, 8=READ WRITE, 16=READ CREATE
# Add a read-write community string (only add if truly needed - prefer read-only)
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" /v "AdminCommunity" /t REG_DWORD /d 8 /fDelete the default public community string which is commonly exploited:
reg delete "HKLMSYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" /v "public" /f 2>$nullVerify the community strings are configured:
Get-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesSNMPParametersValidCommunities"Restricting SNMP Access to Specific Hosts
Configure SNMP to only accept queries from authorized management stations. This prevents unauthorized access to SNMP data. By default SNMP accepts queries from any host. Restrict it to specific IP addresses via the registry:
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" /v "1" /t REG_SZ /d "192.168.1.100" /f
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" /v "2" /t REG_SZ /d "192.168.1.101" /f
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" /v "3" /t REG_SZ /d "10.0.0.50" /fVerify the permitted managers:
Get-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers"If no PermittedManagers key exists with entries, SNMP accepts queries from any host. Adding entries restricts access to only those hosts.
Configuring SNMP Agent Information
Configure the SNMP agent description and location information that appears in MIB-II system group queries (OID 1.3.6.1.2.1.1). This helps identify devices in large monitoring systems:
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent" /v "sysContact" /t REG_SZ /d "[email protected]" /f
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent" /v "sysLocation" /t REG_SZ /d "Main Datacenter Rack 12U" /fConfigure which SNMP services to enable. Setting the service bits determines what the agent reports as supported services:
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersRFC1156Agent" /v "sysServices" /t REG_DWORD /d 79 /fRestart the SNMP service after configuration changes:
Restart-Service SNMPConfiguring SNMP Traps
SNMP traps are unsolicited notifications sent by the SNMP agent to a management station when specific events occur. Configure the trap destination and community string for traps:
reg add "HKLMSYSTEMCurrentControlSetServicesSNMPParametersTrapConfigurationTrapCommunity" /v "1" /t REG_SZ /d "192.168.1.100" /fConfigure SNMP traps using the Services snap-in: open Services (services.msc), double-click SNMP Service, select the Traps tab, enter the community name and add the trap destination IP address. The SNMP Trap Service must also be running to forward traps:
Set-Service SNMPTRAP -StartupType Automatic
Start-Service SNMPTRAP
Get-Service SNMPTRAP | Select-Object StatusConfiguring Windows Firewall for SNMP
Allow SNMP traffic through Windows Defender Firewall while restricting access to authorized management systems only:
New-NetFirewallRule -DisplayName "SNMP UDP Inbound" -Direction Inbound -Protocol UDP -LocalPort 161 -Action Allow -RemoteAddress @("192.168.1.100","192.168.1.101","10.0.0.50") -Profile Domain
New-NetFirewallRule -DisplayName "SNMP Trap UDP Outbound" -Direction Outbound -Protocol UDP -RemotePort 162 -Action Allow -RemoteAddress @("192.168.1.100","192.168.1.101") -Profile DomainBlock SNMP from public and private profiles entirely if the server should only be managed from the domain network:
New-NetFirewallRule -DisplayName "Block SNMP Public" -Direction Inbound -Protocol UDP -LocalPort 161 -Action Block -Profile Public, PrivateTesting SNMP with snmpget and snmpwalk
Test the SNMP configuration from a Linux or Windows management host using SNMP tools. Install the Net-SNMP tools on a monitoring server and test queries against the Windows Server 2019 machine:
# From a Linux monitoring host
snmpget -v2c -c CorpMonitor 192.168.1.50 sysDescr.0
snmpget -v2c -c CorpMonitor 192.168.1.50 sysUpTime.0
snmpget -v2c -c CorpMonitor 192.168.1.50 sysContact.0
snmpget -v2c -c CorpMonitor 192.168.1.50 sysLocation.0
# Walk the entire MIB tree
snmpwalk -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1
# Query specific OIDs
snmpget -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.1.1.0 # sysDescr
snmpget -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.1.3.0 # sysUpTime
snmpget -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.25.1.1.0 # hrSystemUptime
snmpwalk -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.25.2.3 # hrStorageTable (storage)
snmpwalk -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.25.3.2 # hrDeviceTable (devices)From a Windows management host using the PowerShell SNMP module:
Install-Module -Name SNMPModule -Force
Get-SnmpData -IP 192.168.1.50 -OID ".1.3.6.1.2.1.1.1.0" -Community "CorpMonitor"Extending SNMP with Custom MIBs
Windows SNMP can be extended with custom Management Information Base (MIB) data using the SNMP Extension Agent API. Third-party applications such as IIS and SQL Server install their own SNMP extension agents. Verify installed SNMP extension agents:
Get-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesSNMPParametersExtensionAgents"The HOST-RESOURCES MIB (RFC 2790) provides detailed host information accessible via OIDs under .1.3.6.1.2.1.25 including storage, process, and device tables. Query process information from the hrSWRunTable:
snmpwalk -v2c -c CorpMonitor 192.168.1.50 .1.3.6.1.2.1.25.4.2 # hrSWRunTable (running processes)Monitoring SNMP Service Health
Monitor the SNMP service status and log SNMP-related events. Check service status and review event logs:
Get-Service SNMP, SNMPTRAP | Select-Object Name, Status, StartType
Get-WinEvent -LogName System -ProviderName SNMP -MaxEvents 20 | Select-Object TimeCreated, Id, Message
netstat -ano | findstr :161
netstat -ano | findstr :162If the SNMP service fails to start, check for port conflicts and verify the service account has the required permissions. The SNMP service on Windows Server 2019 provides a stable, standards-based interface for integration with enterprise monitoring platforms in heterogeneous environments.
