deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

smartcard snmp

Browse Source
This commit is contained in:
Liz Long 2023-01-04 18:22:19 -05:00
parent 81afc20b34
commit 683ae9bdf6
2 changed files with 920 additions and 753 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1378
windows/client-management/mdm/policy-csp-admx-smartcard.md
View File

File diff suppressed because it is too large Load Diff

295
windows/client-management/mdm/policy-csp-admx-snmp.md
View File

@ -1,72 +1,49 @@
---
title: Policy CSP - ADMX_Snmp
description: Learn about Policy CSP - ADMX_Snmp.
title: ADMX_Snmp Policy CSP
description: Learn more about the ADMX_Snmp Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/04/2023
ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/24/2020
ms.reviewer:
manager: aaroncz
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_Snmp-Begin -->
# Policy CSP - ADMX_Snmp
> [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/>
<!-- ADMX_Snmp-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_Snmp-Editable-End -->
<!--Policies-->
## ADMX_Snmp policies
<!-- SNMP_Communities-Begin -->
## SNMP_Communities
<dl>
<dd>
<a href="#admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
</dd>
<dd>
<a href="#admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
</dd>
<dd>
<a href="#admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
</dd>
</dl>
<!-- SNMP_Communities-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- SNMP_Communities-Applicability-End -->
<!-- SNMP_Communities-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_Communities
```
<!-- SNMP_Communities-OmaUri-End -->
<hr/>
<!--Policy-->
<a href="" id="admx-snmp-snmp-communities"></a>**ADMX_Snmp/SNMP_Communities**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
<!-- SNMP_Communities-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
@ -75,57 +52,69 @@ A valid community is a community recognized by the SNMP service, while a communi
If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
If you disable or don't configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
> [!NOTE]
> - It is good practice to use a cryptic community name.
> - This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Note: It is good practice to use a cryptic community name.
Note: This policy setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
<!-- SNMP_Communities-Description-End -->
<!--/Description-->
<!-- SNMP_Communities-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SNMP_Communities-Editable-End -->
<!-- SNMP_Communities-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify communities*
- GP name: *SNMP_Communities*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SNMP_Communities-DFProperties-End -->
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!-- SNMP_Communities-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="admx-snmp-snmp-permittedmanagers"></a>**ADMX_Snmp/SNMP_PermittedManagers**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | SNMP_Communities |
| Friendly Name | Specify communities |
| Location | Computer Configuration |
| Path | Network > SNMP |
| Registry Key Name | Software\Policies\SNMP\Parameters |
| ADMX File Name | Snmp.admx |
<!-- SNMP_Communities-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SNMP_Communities-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SNMP_Communities-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SNMP_Communities-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SNMP_PermittedManagers-Begin -->
## SNMP_PermittedManagers
> [!div class = "checklist"]
> * Device
<!-- SNMP_PermittedManagers-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- SNMP_PermittedManagers-Applicability-End -->
<hr/>
<!-- SNMP_PermittedManagers-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_PermittedManagers
```
<!-- SNMP_PermittedManagers-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- SNMP_PermittedManagers-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
@ -134,56 +123,67 @@ The manager is located on the host computer on the network. The manager's role i
If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
If you disable or don't configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
> [!NOTE]
> This policy setting has no effect if the SNMP agent isn't installed on the client computer.
Note: This policy setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
<!-- SNMP_PermittedManagers-Description-End -->
<!--/Description-->
<!-- SNMP_PermittedManagers-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SNMP_PermittedManagers-Editable-End -->
<!-- SNMP_PermittedManagers-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify permitted managers*
- GP name: *SNMP_PermittedManagers*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SNMP_PermittedManagers-DFProperties-End -->
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!-- SNMP_PermittedManagers-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="admx-snmp-snmp-traps-public"></a>**ADMX_Snmp/SNMP_Traps_Public**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | SNMP_PermittedManagers |
| Friendly Name | Specify permitted managers |
| Location | Computer Configuration |
| Path | Network > SNMP |
| Registry Key Name | Software\Policies\SNMP\Parameters |
| ADMX File Name | Snmp.admx |
<!-- SNMP_PermittedManagers-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SNMP_PermittedManagers-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SNMP_PermittedManagers-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SNMP_PermittedManagers-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SNMP_Traps_Public-Begin -->
## SNMP_Traps_Public
> [!div class = "checklist"]
> * Device
<!-- SNMP_Traps_Public-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- SNMP_Traps_Public-Applicability-End -->
<hr/>
<!-- SNMP_Traps_Public-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Snmp/SNMP_Traps_Public
```
<!-- SNMP_Traps_Public-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- SNMP_Traps_Public-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
@ -192,31 +192,54 @@ This policy setting allows you to configure the name of the hosts that receive t
If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
If you disable or don't configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
> [!NOTE]
> This setting has no effect if the SNMP agent isn't installed on the client computer.
Note: This setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
<!-- SNMP_Traps_Public-Description-End -->
<!--/Description-->
<!-- SNMP_Traps_Public-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SNMP_Traps_Public-Editable-End -->
<!-- SNMP_Traps_Public-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify traps for public community*
- GP name: *SNMP_Traps_Public*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SNMP_Traps_Public-DFProperties-End -->
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!-- SNMP_Traps_Public-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | SNMP_Traps_Public |
| Friendly Name | Specify traps for public community |
| Location | Computer Configuration |
| Path | Network > SNMP |
| Registry Key Name | Software\Policies\SNMP\Parameters |
| ADMX File Name | Snmp.admx |
<!-- SNMP_Traps_Public-AdmxBacked-End -->
<!--/Policies-->
<!-- SNMP_Traps_Public-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SNMP_Traps_Public-Examples-End -->
## Related topics
<!-- SNMP_Traps_Public-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
<!-- ADMX_Snmp-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_Snmp-CspMoreInfo-End -->
<!-- ADMX_Snmp-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)