Skip to Content

I got inspired from a blog by Peter Langner Using KeePass Instead of SAP Logon which is to store password in KeePass.

 

I would like to add more resource in that discussion throuhg this blog, which contains steps to store password in SAP Logon pad itself!

 

Note: you need authorization to edit registry.

Please be aware of security risk by reading note: https://websmp130.sap-ag.de/sap(bD1ubCZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=146173

 

First Step:

Create a new Shortcut for a System enty in SAP Logon Pad.

SAP Logon Shortcut

Second Step:

Open ‘Run’ from Start -> Run and write “sapshcut -register” press enter, it will add SAP Shortcut entry in registry, will confirm same with a pop up.

 

Third Step:

Change the resgitry entry to enable password. Path would be: 

HKEY_CURRENT_USERSoftwareSAPSAPShortcutSecurity EnablePassword = 1

Registry Editor - SAP Shortcut

 

Now if you go back to the short cut you created, Password input box will be ready for entry.

 

You can maintain the password and it will promt with warning, press Ok. 

From next onwards you can just double click the shortcut, it will logon into the system without asking for user and password…

.

Enjoy!

 

Contribution: Special thanks to Mark Zwaan for his guide and knowledge sharing.

To report this post you need to login first.

16 Comments

You must be Logged on to comment or reply to a post.

  1. Volker Wegert
    This option is disabled by default for a very good reason. Please be responsible and edit your post to include a link to note 146173 and a really strong warning NOT to use this. While it may be convenient, it’s also a huge security risk.
    (0) 
    1. Krishnendu Laha Post author
      Thanks for your feedback, I was not aware of that note..will include edit and include source of the note 146713…for security risk I have already included in my blog that ” you need authorization to edit registry “…
      (0) 
  2. Julius von dem Bussche
    This is very silly actually.

    If someone can execute the shortcut on your machine (or lure you into doing it) then they can also execute subsequent shortcuts, possibly even without you noticing if the reports or transactions do not start any dialogs.

    Additionally you will have the same hassle as iPhone users have when they bolt all their email accounts onto it –> when you do need the password from another machine then you have no clue anymore what it is. Imagine the helpdesk efforts if everybody did this?

    However for your local IDES system on your laptop with only a few test123 users and passwords which are not the same as any of your others, I guess there is no one there to know or complain about it. So why do you write this blog about it then? For points?

    Cheers,
    Julius

    (0) 
    1. Krishnendu Laha Post author
      I have not written this blog for points, actually I did not get any point till time….I have experience time saving experience when I am working with multiple systems and multiple client; and wanted to share with my developer friends…

      This is purely for the developer to use (not user, that’s why it is with ABAP category), to log on into SAP with sap log on pad…

      Moreover I have no experience in handling interaction between IPhone and SAP…so can not comment.

      (0) 
      1. Julius von dem Bussche
        So developers with powerful access are encouraged to save their passwords in insecure places because they are not human, but plebian endusers with limited access are not allowed to. Probably they (endusers) must use more complex passwords and change them more often as well?

        Next we will see developers encouraged to save the shortcuts in Outlook reminders and share them with other people? Or send them to other people via mail?

        I think you should add a very big warning at the top of the blog that this procedure is NOT recommended and violates generally accepted security practices, but you choose to do this at your own risk (or your customer’s risk to be more precise…).

        Cheers,
        Julius

        (0) 
        1. Krishnendu Laha Post author
          I have shared my experiences only, it is not to encourage or discourage any particular group….if someone wants to use it, of course it should be at their own risk.

          In the beginning of this blog, I have added a SAP note to let reader know with security risk which is also contain same information, now I made that bold.

          Is it enough according to your view?

          Cheers
          Krish

          (0) 
          1. Julius von dem Bussche
            Hi Krish,

            As this is in the internet it is not “only for developers”.

            I would add an additional recommendation to the blog that customers (who might also read this!) should monitor the registry keys of development consultants and have them removed from their projects if they do this on their systems.

            At least that is my opinion (about productive use of this blog as well…).

            Cheers,
            Julius

            (0) 
            1. Krishnendu Laha Post author
              Hello Julius,

              I think we are going too far with the discussion…

              I know this is internet, BUT I have written this blog referring to a SAP note which also contain same information and posted in SDN Blog (not outside anywhere!)

              I do not agree at all with your recommendation; and with all due respect please do not expect any answer from me regarding this topic..

              Thanks
              Krish

              (0) 
              1. Julius von dem Bussche
                Well, you chose to publicly recommend this approach (you only later added the SAP Note which also recommends NOT doing this…), so you should also entertain some security reaction to it…

                Anyway, hopefully your next blog with be about Single-Sign-On?  😉

                Cheers,
                Julius

                (0) 
                1. Stephen Johannes
                  On the otherhand this blog is good tip for those responsible for SAP GUI desktop administration on items that we might want to scan for as part of desktop security audit!

                  If you really want to save your passwords, you need to do it the old fashion way with those “stickie notes” on the monitor itself or on the top of the laptop/desktop machine.  This entire blog is a very bad idea and I’m not a SAP Security specialist.

                  I guess the only thing that would be worse that saving passwords is a blog on writing abap code that purposely ignores divide by zero exceptions when doing pricing calculations in sales order/invoice documents.

                  Take care,

                  Stephen

                  (0) 

Leave a Reply