I always enjoy a challenge. At my last company of employment, they needed to modify the SNMP community names, trap settings and remove the “public” setting (normal security step). The interesting part, make this happen for over 1500 servers, some servers are set correctly others are not. Once the script was developed, tested and piloted, we automated this change to all servers in our environment.
Describing everything this script does would take more time than I have right now, and it has been modified from the original to protect the identity of the server names and trap names used for this configuration. I had added additional logic to the original to log activity to a local file on the server, after all ConfigMgr uses log files, why don't we?
Note, this has two modes, Test & Update – Test will echo the names of the community traps found, and update will write the community traps if needed.
As always, test before deploying.
OPTION EXPLICIT
const HKEY_LOCAL_MACHINE = &H80000002
dim strKeyPathRoot
dim strKeyPath
dim strComputer
dim strValueName
dim oReg
dim strValue
dim strUpdateMode
dim dwValue
Dim objWMIService
Dim colServiceList
DIM objService
' test mode reads and reports
strUpdateMode = "Test"
' Update mode updates reg keys and does not report
' strUpdateMode = "Update"
strComputer = "."
' adjust SNMP parms
SetSNMP
' recycle SNMP service
RecycleSNMP
Sub SetSNMP
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPathRoot = "SYSTEM\CurrentControlSet\Services\SNMP\Parameters"
' set key path to the contacts and location key
strKeyPath = strKeyPathRoot & "\RFC1156Agent\"
if strUpdateMode = "Test" Then
wscript.echo "strKeyPath = " & strKeyPath
' read contact information
strValueName = "sysContact"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
wscript.echo "strValue = " & strValue
else
' set contact information
strValue = "Server Support"
strValueName = "sysContact"
oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
' set location information
strValueName = "sysLocation"
strValue = "sysValue"
oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
end if
' read TrapConfig key, if not found create new!
strKeyPath = strKeyPathRoot & "\TrapConfiguration\NewTrapName\"
strValueName = "1"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
if strUpdateMode = "Test" Then
wscript.echo "strValue = " & strValue
wscript.echo "strValueName = " & strValueName
end if
' strValue contains a NULL if not found...
if strValue & "" <> "SERVER01" Then
strKeyPath = strKeyPathRoot & "\TrapConfiguration\NewTrapName"
' wscript.echo "strKeyPath = " & strKeyPath
oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
strValue = "SERVER01"
strValueName = "1"
oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
end if
' read ValidCommunities key, if not found create new!
strKeyPath = strKeyPathRoot & "\ValidCommunities"
if strUpdateMode = "Test" Then wscript.echo "strKeyPath = " & strKeyPath
strValueName = "NewTrapName"
dwValue = 16
oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, dwValue
' delete the public entry - secure step
' strKeyPath = strKeyPathRoot & "\ValidCommunities\public"
strKeyPath = strKeyPathRoot & "\ValidCommunities"
strValueName = "public"
oReg.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName
End Sub
Sub RecycleSNMP
' stop & restart service...
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name = 'SNMP'")
For each objService in colServiceList
if UCASE(objService.Name) = "SNMP" Then
' wscript.echo "objService.Name= '" & objService.Name & "'"
' stop service
objService.StopService()
' wait
Wscript.Sleep 20000
' restart service
objService.StartService()
end if
Next
End Sub