cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Management Console - deactivation possible ?

Go to solution
Former Member

on ‎01-06-2014 12:29 PM

0 Kudos

Hello,

Due to security reasons, I need to disable the usage of SAP Management Console.

Do you know an easy way to do it ?

I have read in  1439348 - Extended security settings for sapstartsrv that one possible way is to restrict the network access, by restricting the remote access via the network to ports 5XX13 / 5XX14 of the sapstartsrv agents to a minimum level required for operation.

This sounds quite dangerous, and I have no example to double check.

Have you ever did this ? Do you know any easier methods, maybe ?

Thanks in advance,

J.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Reagan
Product and Topic Expert
Product and Topic Expert
‎01-06-2014 1:18 PM
0 Kudos

I don't think it is possible to uninstall the MMC tool as it is one of the tools from Microsoft.

Also I don't think it is possible to disable MMC.

You may try to bring in some restrictions based on these.

Control MMC Usage by Using Domain-Wide Group Policy

Control MMC Usage by Using Local Group Policy

Regards

RB

Show replies
Show replies
Former Member
‎01-07-2014 10:46 AM
0 Kudos

Hello Reagan,

We might also restrict access to this interface by configuring the "service/protectedwebmethods" profile parameter. I found this in note 927637

"

After you implement a current sapstartsrv or kernel patch (640 patch 337, 700 patch 263, 701 patch 101, 710 patch 208, 711 patch 93, 720 patch 45), you can activate the new default configuration. To do this, set the following in the default profile:

service/protectedwebmethods = SDEFAULT and restart all sapstartsrv to activate the changes. "

By SDEFAULT almost all methods are protected, except of GetProcessList and GetSystemInstanceList.

   In DEFAULT - only Start/Stop, RestartInstance (all methods that affect instance state).

What do you think about this idea ? Would it have impact on something else ?

Thanks

Jordan

Reagan
Product and Topic Expert
Product and Topic Expert
‎01-07-2014 11:37 AM
0 Kudos

Hello Jordan

I have never done this so I cannot give you a concrete answer.

The note is speaking about setting a parameter.

If I were in your place I would first try the solutions mentioned in the SAP notes 1439348 and 927637 on a test system and then check whether the SAP systems are running fine before I set them on the production servers.

Based on the information from those SAP notes it should be fine.

Regards

RB

Answers (1)

Answers (1)

Sriram2009
Active Contributor
‎01-06-2014 12:59 PM
0 Kudos

Hi Jordan

You can uninstall the SAP MMC Snap-in from control panel.

Regards

Sriram

Show replies
Show replies
Ask a Question