cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows Server 2003 Settings on SAP

Former Member

on ‎09-06-2009 9:15 AM

0 Kudos

There are several settings that are installed by default by SAP Netweaver and granted to <sapsid>adm. Can someone advise why does this account need the below settings to work/function:

- Access this computer from network

- Act as part of the operating system

- Replace a process-level token

I will like to remove the <sapsid>adm away from these settings as there may be security vulnerabilities when these settings are given. Is it possible to remove it and SAP can work as per normal?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-07-2009 1:45 PM
0 Kudos

You can try, but you won't get very far.

You can restrict the OS access of the <SID>ADM to some degree, but the application server integration with the OS is needed for various reasons - not least of which is the file system.

Users can then also access the OS from the application, but you can control this via admin type authorizations and the native controls in the ABAP language itself.

Cheers,

Julius

ps: Please don't cross-post...

Show replies
Show replies
Former Member
‎09-08-2009 2:56 AM
0 Kudos

Sorry for the cross post as i do not really know whether this post is relevant in this section.

Thank you for the reply.

Is there any way to obtain documentation/ SAP notes to hightlight the implications if these settings are removed from the <sid>adm?

I am trying to convince my system administrator to issue me the rights and any guidelines or documentation will really help my case.

I am also really interested in how the <sid>adm make use of these settings in its Netweaver operations, is there any source to explain how these settings are being used in?

So far, sources that i had found just mentioned giving the rights but do not explain why these rights are needed.

Former Member
‎09-08-2009 6:37 AM
0 Kudos

> I am trying to convince my system administrator to issue me the rights and any guidelines or documentation will really help my case.

Your system admin is doing his / her job very thoroughly...

OS admins are unlikely to be spending much time in the (application) security forum... so thread moved to NW Admin forum...

Cheers,

Julius

Ask a Question