Save password in SAP Logon shortcut
The saving of passwords in the SAP Logon shortcut is useful. Especially when you use a lot of different systems on different sites (like me) in your SAP logon.
As from SAP Logon 7.40 patch level 1 saving of the password is disabled by default. But it can be enabled as described in Note 146173:
The note needs a little bit of explanation:
- First a Windows registry entry needs to be created that will make it possible to enable (or disable) the saving of passwords in a SAP shortcut. The registry entry can be created by starting the program sapshcut.exe once. The program needs to be started in administrative mode.
- After that the next registry entry is created: HKEY_CURRENT_USER\Software\SAP\SAPShortcut\Security\EnablePassword. The record can be displayed or maintained with the Windows registry editor. By starting the program regedit.exe.
- Changing the value to 1 will allow you to store the password in (SAP Logon) shortcut.
Let's hope your PC is protected against other people logging in, or processes stealing your files.
Using certificate based logon is certainly a better idea.
I would like to stress again the SAP view on the "saving passwords in SAP Shortcuts" feature.
1) Using this feature is a security risk. In the interest of all users we strongly have to mention again that it should not be used. This holds true especially if users are not aware of the fact that an SAP Shortcut with full credentials in it can be used by anybody to log on with a foreign user account. Yes, you may say that you protect the files on your hard disk, but will all users do this (or will they even mail the shortcuts)? From SAP perspective this risk should not be ignored and therefore the administrators should NOT enable the feature.
2) There are better and more secure alternatives to the feature available (SSO solutions); if it is just about remembering passwords there are many programs available which store passwords in a safe way.
3) The password saving feature does not have a future anymore. With the introduction of SAP UI Landscape it has been removed and even though it is still working for saplogon.ini it is just a question of time until SAP GUI for Windows will no longer support saplogon.ini at all (before you ask: SAP GUI for Windows 7.50 will still support saplogon.ini). This feature will thus disappear.
4) SAP UI Landscape is already in release 7.40 mandatory for the combined usage of SAP GUI for Windows and the SAP Business Client. If you turn off SAP UI Landscape you cannot run this combination which adds a lot of value for end users.
My summary is therefore: Don't use this feature!
User password security for SAP logon is of course something to be considered. Me myself do not feel a security issue on storing a user and a password on a computer that is a personal computer and is only in use by myself.
SSO is fine and I agree this should be a preferred solution when you do not want to retype user password at every SAP logon. Nevertheless in my work as a SAP consultant some of my clients do not use SSO. One reason not to do so is because the availability of (Windows) SSO solutions is not as good as expected for a SAP system.
Having said that 🙂
I recently changed to SAP GUI 7.50. And as already announced it is not possible anymore to store a password in a SAP logon shortcut.
A Windows shortcut to the SAP logon shortcut executable can be a good replacement. In the Windows shortcut it is possible to store SAP logon password and other login connection parameters. Several shortcuts to different systems can be grouped together as Windows folders and files. Or in Windows 8, 10 to pin it to a taskbar or start menu. Logging in is just a matter of clicking the shortcut.
The shortcut target looks like:
Where 18.104.22.168 is the SAP system, ABCD the user, XXXXX the password, YYY the system ID and 100 the client.
Very useful solution! Thanks!
Thanks your solution. How can I add router parameter ?
I find your suggestion very useful, especially now we are on 7.50, it seems like you are living in the real world, not a theoretical world were everythinig is perfect.
A comment on Security.
I work in a large organization with many SAP clients, but SSO is only supported for the main production and quality clients.
It is very hard to keep track of all passwords.
I personally don't see keeping these shortuts on a non shared machine that is protected with encryption to be a great issue.
I know of some old school consultants who wouldn't like such methods, and would keep all their userids and passwords in an exericse book.
Bigger risk is the book goes missing!
Fancy password managers in a cloud might also pose risks.
If anybody wants to recommend best practice for keeping passwords please post.
Shortcut worked with Windows 7 with SAP GUI 7.40, Patch 1. I used them on test system.
Same shortcut does not work with Windows 10, SAP GUI 7.40, Patch 16.
I have configured:
When I edit the shortcut the field for password does not appear.
The issued message is following:
"Attention: After pressing OK button, the password will be deleted".
How can I solve it?
Hi, how can we populate the "password" automatically from the Windows AD?
In other words when clicking on the shortcut it will automatically login in without prompting for a password.
Assuming that we can sync the AD password to SAP with LDAP?
For SAP GUI 7.60 i use this method - http://abapstudy.mybb.ru/viewtopic.php?id=16
To save passwords, you must
1. Create an SAP GUI Shortcut
2. Open the sapshortcut.ini shortcut file, in win 10 this file is located in the folder C: \ Users \ your user \ AppData \ Roaming \ SAP \ Common
3. Add to the shortcut in the [Command] block at the end of your shortcut a line of the form -pw = "qwerty" where qwerty is your password.
4. Restart the SAP GUI
Dmitriy Romanov ,
It doesn't work. At least it doesn't on 7600.1.1.1156.
The file shortcut.ini is not created by the LogOn Pad.
*** SAP PC VERSION INFORMATION: saplogon.exe
MAIN MODULE INFORMATION:
SAP Logon for Windows
760 Final Release
Operating system: Windows 10 Enterprise 6.2 (9200)
computer name...: DESKTOP-CUUATL3
ip address......: 10.228.141.211
Key1=-desc=”test_conn” -sid=”ERP” -clt=”100″ -u=”USER1″ -l=”EN” -tit=”TITLE” -wd=”C:\Users\Dmitry_Romanov_Home\Desktop” -pw=”PASSWD”