The SNMP security service is referred to as an authentication service. Simply put, a management request contained within an authenticated SNMP message is processed; a message that cannot be authenticated is not processed.
SNMP uses community names to authenticate messages. The community name can be thought of as a password shared by the SNMP management consoles and the SNMP managed hosts. All SNMP messages must contain a community name. The SNMP agent that receives an SNMP message checks (authenticates) the community name with the community name or names with which the SNMP service is configured. If the message contains a known community name, the message is processed. If the message contains a community name that is not configured on the host, the message is rejected and the host (optionally) sends a trap message to an SNMP management console. The trap message alerts the SNMP management console that a message authentication failure occurred at that host.
The default community name when the SNMP service is installed on a Windows NT-based computer is "public." Additional community names can be added or removed by selecting SNMP Service from the Network Services tab.
If you remove all the community names, including the default name, Public, the SNMP service on that Windows NT-based computer will authenticate and process SNMP messages containing any community name. This may or may not be desirable, but is expected behavior, as described in RFC 1157:
An SNMP message originated by an SNMP application entity that in fact belongs to the SNMP community named by the community component of said message is called an authentic SNMP message. The set of rules by which an SNMP message is identified as an authentic SNMP message for a particular SNMP community is called an authentication scheme. An implementation of a function that identifies authentic SNMP messages according to one or more authentication schemes is called an authentication service.
Clearly, effective management of administrative relationships among SNMP application entities requires authentication services that (by the use of encryption or other techniques) are able to identify authentic SNMP messages with a high degree of certainty. Some SNMP implementations may wish to support only a trivial authentication service that identifies all SNMP messages as authentic SNMP messages.
When there are no community names identified, the SNMP service implements the behavior as described in the preceding selection from RFC 1157.