SAPshortcut: Saving password in SAPshortcut

For security reasons, you want to be able to activate or deactivate the password saving function.
Caution: Only activate this if it is absolutely necessary.This poses a security risk.

When you use SAPShortcut (in which the password is stored in encrypted form) to log on, the system issues the following error message: "User or password is incorrect...". This occurs, in particular, if the password includes special characters. This is due to a program error.

1. Saving the password in SAPShortcut:

                       The default setting is that a user can no longer save the password in SAPShortcut. The field for the password in SAPShortcut is deactivated.

                       If you still want to save the password in SAPShortcut despite the security risk, you can set the registry value 'EnablePassword' of the type REG_SZ under

                       HKEY_CURRENT_USERSoftwareSAPSAPShortcutSecurity

                       to 1 (default is 0 after calling sapshcut.exe without parameters) to activate saving of the password in SAPShortcut.

                       Do not forget to reset the entry to 0 when you no longer need the feature. By calling sapshcut.exe without parameters, the entry is automatically reset to 0.

                       Remark:

                       This key is NOT available during the initial installation. When you manually call sapshcut.exe, the system automatically creates the registry key. You can then set the value "EnablePassword" to 1 using "regedit". When you then call sapshcut.exe again, the value is reset to 0 (sapshcut.exe is in the SAP GUI directory).

                       Note that you make any changes to the Windows registry at your own risk. Always create a backup copy of the registry.

                       As of 620 GUI Patch 57 and 640 GUI Patch 13, you can specify a password with more than 8 characters in SAPShortcut.

                       The error that occurred when a password with special characters was stored is corrected in SAP GUI 710 patch 17 and SAP GUI 720 final release (see Note 1431278).

                       With SAP GUI 7.30, the read sequence has changed: First, the system checks if the relevant registry value is defined under HKEY_LOCAL_MACHINE, and if this is not the case, the system checks the registry value under HKEY_CURRENT_USER.

                       Note that the registry values in HKEY_LOCAL_MACHINE must be created under the following key in 64-bit operating systems:
[HKEY_LOCAL_MACHINESoftwareWow6432NodeSAPSAPShortcutSecurity].

2. Alternative to saving the password in SAPShortcut:

                       Instead of saving the password in SAPShortcut, you can use Single Sign-on solutions to avoid having to enter the password every time you log on. For detailed information, see Note 138498 and its related notes.

                       You can use SAPShortcut in connection with SNC Single Sign-On as follows:
  • In Saplogon, add a system entry whose SNC setting is activated.
  • Generate a new SAPShortcut with this entry (select in the 'Name' input field). You do not need to specify a user if the R/3 user name is the name of the owner of the certificate of the external security tool. All other data is entered as usual.
  • Start the external security tool and log on.
  • Start the new SAPShortcut.

No comments: