Force wizard usage to set/reset passwords
Once upon a time, a system manager was creating new users and resetting passwords, using always the same password.
fairy auditors then came, and said "YOU SHOULD NEVER MORE USE THIS KIND OF BAD PRATICES !!!".
And the system manager went his road to find the magical trick to force people to use the wizard button, and make the change password disappear on the famous SU01 Scroll.
Do you have any clue for the poor lonesome system manager, please ?
Nothing which I know of can do this.
Possibly you could write your own little application in which you can modify your own screen to prevent a password from being typed into the surface and restrict access to SU01, but I would not modify SU01... as someday you might need to reset the password of an ID with "fixed" or "co-ordinated" logon data (e.g. RFC users).
My suggestion would be to train the (password) managers and invite the auditors to evaluate your training (evidence) and test it... (if they can... ...
What you can also do (in higher releases particularly) is instruct the system to limit the lifetime of initial and reset passwords to a very short period before the validity of a possibly weak password expires again.
If your auditors don't accept a combination of those 2 then they are being a wee bit unreasonable...
Cheers and good luck,
PS: If you try to write your own little application which can do only this (generated password only), then see [SAP note 832661|https://service.sap.com/sap/support/notes/832661].
Edited by: Julius Bussche on Sep 16, 2008 5:30 PM