10-01-2007 9:16 AM
Hi Experts,
In my company SAP environment, there are around 250 users.
Every day i will few complaints about unlock user ID.
I request you to advice me in creating certain solution for unlock and password reset management.
like...
if user ID was locked by incorrect logins, the user ID should be unlocked with in some time automatically, and acknowledge has to be sent to user and the BASIS admins.
please give your valuable inputs for this scenario.
thanking you in all,
Best regards,
raghav
10-01-2007 10:58 AM
Hi
Do the following steps in your SAP NetWeaver Application Server (AS) :
1. Start user management configuration.
2. Choose the Security Policy tab.
3. Choose Modify Configuration.
4. Here Enter data as required :
<u><b>Auto Unlock Time (Minutes)</b> 😆 </u> Enter the number of minutes after which the system automatically unlocks a user account, after the user was locked due to failed log on attempts.
Enter 0 to deactivate this option. The user remains locked until unlocked by an administrator
10-01-2007 10:58 AM
Hi
Do the following steps in your SAP NetWeaver Application Server (AS) :
1. Start user management configuration.
2. Choose the Security Policy tab.
3. Choose Modify Configuration.
4. Here Enter data as required :
<u><b>Auto Unlock Time (Minutes)</b> 😆 </u> Enter the number of minutes after which the system automatically unlocks a user account, after the user was locked due to failed log on attempts.
Enter 0 to deactivate this option. The user remains locked until unlocked by an administrator
10-01-2007 11:55 AM
Hi Raghav,
1. goto D:\usr\sap\<Inst-ID>\JCxx\j2ee\configtool -->configtoo.bat
ex: D:\usr\sap\J3E\JC01\j2ee\configtool -->configtoo.bat
2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
3. Set values for below properties.
<b>a)</b> ume.logon.security_policy.lock_after_invalid_attempts = < Enter some Num: 3>
Note: this property belongs to number of invalid attemps
<b>b)</b>ume.logon.security_policy.auto_unlock_time = < Enter time in minites : 5>
Note: this preperty belongs to Auto Unlock.
<b>c)</b> for mail notification, you have set mail setting in configtool.
4. Save & Restrat Engine.
It is helpfull, Give points.
Regards,
Nagaraju
10-01-2007 12:16 PM
Hi Raghav,
This isn't something that I would recommend doing for various reasons but can understand why you would want to do something like this.
Obviously you don't want to compromise your system settings and automatically unlock <i>everyone</i> at midnight, so, I would have though something following this sort of logic would work.
Schedule job to run periodically that would run your custom program e.g.
Z_UNLOCK_MUPPET_USERS
That program would check table USR02 for UFLAG = 128 (locked due to wrong password) and where it found it, would pass the userID into something like BAPI_USER_UNLOCK (not sure if this is exactly the one you want but you get the idea).
Unlock would be performed, user & basis team informed that this had happened - I'm sure there is loads of code out there to do this part.
Hope that helps
Cheers
Alex