cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

saplogon pad 740 - making connection entries read only

Former Member

on ‎04-16-2015 4:09 PM

0 Kudos

Hi,

Does anyone know how to set the saplogon pad globally so that users cannot amend the connection entries ?

we have installed the sapgui 740 on citrix set the whole thing to read only as per the admin guide with registry key

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP\General]

"AllOptionsReadOnly" (REG_DWORD) = 1   

"CurRegValReadOnlyActive" (REG_DWORD) = 0

but this still allows users to amend and delete connection entries

the admin guide mentions the following registry key

[HKEY_CURRENT_USER\Software\SAP\SAPLogon\Options]

“NoEditFunctionality” (REG_DWORD) [Default: ”0”] {0 = inactive; 1 = active}

but this only disables it for the current user not globally for all users which is what we need in a citrix environment

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Matt_Fraser
Active Contributor
‎04-16-2015 5:48 PM
0 Kudos

Hi John,

The best way to achieve this is to use a central configuration file instead of a local one. What I will describe is for GUI 7.30, and may need some adaptation for 7.40, but the principle holds the same.

Setup a share (as read-only) on a network drive that all your SAPGUI users have access to. Then, start SAPLogon (not SAPLogonPad) once by calling saplogon.exe with the following switch:

saplogon.exe /ini_file=\\<server>\<share>\<path>\saplogon.ini

This will create a saplogon.ini file in the shared location. Edit it with SAPLogon as you want it to look with your connection entries. Then close SAPLogon. This will save your changes to the file.

You'll now see two files in the shared folder: saplogon.ini and SapLogonTree.xml. The next part is to set the SAPLogon options on the Citrix terminal to use this shared file. Open the Options dialog, drill into SAP Logon Options... Server Configuration Files. Find the field for XML Configuration File on Server and in it put the full path to SapLogonTree.xml, i.e. \\<server>\<share>\<path>\SapLogonTree.xml.

Alternatively to editing the options, you can set this via the Registry for all users of the machine at HKLM\Software\Wow6432Node\SAP\SAPLogon\Options\ConfigFileOnServer. Put the same full path as the value to that key. Note, that's the registry path for a 64-bit client machine, which your Citrix server probably is. If it's 32-bit, just take out the Wow6432Node part.

I talk about this in some detail in a blog I wrote a while back. It's at .

Cheers,

Matt

Show replies
Show replies
Matt_Fraser
Active Contributor
‎04-16-2015 5:51 PM
0 Kudos

Oh, an extra note. Doing it this way will cause the SAPLogon entries to be greyed out, i.e. the user cannot edit nor delete them, even if they have read/write access to the share (but give them only read access anyway, so they can't manually go to the ini file and edit it, just in case). However, it will let them add their own entries, which won't modify the central ini file, but will create a second local ini file that is used in an additive way. To prevent that, have them use SAPLogonPad instead of SAPLogon.

You can still use SAPLogon to edit the ini file yourself, when inevitably you need to make changes, by calling saplogon.exe with the /ini_file command-line switch that you used to create the file in the first place. This will open it in edit mode.

Former Member
‎04-16-2015 4:42 PM
0 Kudos

but if there is a way to make all the other logon entries read only globally there should be a registry key to make the connection entries read only globally as well.

The one I noted from the admin guide does this but only for the current user.

I have tried adding the registry key to the

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP\SAPLogon\Options]

but this does not work either.

making the saplogon.ini file read only would work but the options would still be open on the saplogon pad you would just get an error when you it tried to update the file

Show replies
Show replies
srinivasan_vinayagam
Active Contributor
‎04-16-2015 4:51 PM
0 Kudos

Hi John,

Try this.

7.1 Read-Only Feature of the SAP GUI Options Dialog

from Administration Guide

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a0b08d62-769b-2f10-8fbe-9db5efe92...

Regards,

V Srinivasan

Former Member
‎04-16-2015 5:18 PM
0 Kudos

Hi V Srinivasan

the 7.1 reg keys are what we have set to make the whole thing read only but that still allows you to amend delete the connection entries,

7.2.34 has the keys to disable amend / delete of the connection entries but it is a user setting not a machine setting so does not work globally in citrix

seems like pretty much the same doc as for the 740 gui

Regards

srinivasan_vinayagam
Active Contributor
‎04-16-2015 8:08 PM
0 Kudos

Hi John,

Yes. similar to GUI 7.40

Regards,

V Srinivasan

srinivasan_vinayagam
Active Contributor
‎04-16-2015 4:21 PM
0 Kudos

Hi John,

Restrict the access to write to the folder where the saplogon.ini file is located. This way the logon entries cannot be edited


Regards,

V Srinivasan

Show replies
Show replies
AtulKumarJain
Active Contributor
‎04-16-2015 4:16 PM
0 Kudos

Hi John,

But if user have admin rights to local machine then they can do the changes.

You need to remove admin rigths fromm your profiles.

PLease check sap note

38119 - SAP Logon: Administration of functions

BR

AKJ

Show replies
Show replies
Ask a Question