Donnerstag, 6. April 2017

How to realize different SAP GUI SAP Logon system list configurations with centralized Landscape-Files

In some cases it is necessary to provide different SAP GUI system list configurations. For example there could be the requirement that the system list of an IT Department must differ from the list in the rest of the company.
In this blogpost the focus is on the implementation of centralized configuration files and different ways to switch between them in Windows Enterprise Environments.


Step 1: Don’t use Local Files -> Change to Server Configuration Files

This setting is realized by the RegKey:

In Windows Enterprise Environments it is useful to implement this RegKey (and all other settings) in a separate “SAP GUI Policy” Group Policy Object (GPO) in the Active Directory Domain.


Step 2: Implement multiple SAPUILandscape.xml files

Create different XML files in your SAPLogon Console (-> “Add New Entry”).
Now you have a “Local Configuration File” ready to use it as a central file in your network. Local Configuration Files are stored in %appdata%\SAP\Common\

Copy each XML file in a corresponding network folder share. In this case we have a “Default”-, “IT Department”- and “HR”-Configuration file:


Step 3: How to switch between the SAPUILandscape.xml files

There are different ways to switch between the XML files.
One solution could be three different Active Directory Groups. Each Domain-User is member of such a group.
A scheduled task, deployed by the GPO, uses a small configuration script (also stored in a shared folder) to read the group and to set the correct network location.
The task runs
cscript.exe “\\Server\SAPUILandscape_Config-Script\sapgui740config.vbs”
at user logon:

On Error Resume Next
Wscript.Sleep 15000 ' We need a short delay for network initialization

Set Wshell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

' Get Active Directory Informations
dn=Wshell.regread("HKLM\software\microsoft\windows\currentversion\group policy\state\machine\distinguished-name")
Set cObj=GetObject("LDAP://"&dn)

' Read Active Directory Groups and set corresponding Server Configuration File Path in Registry
groups = cObj.GetEx("memberOf")
For Each group In groups
Select Case mdn(0)
' AD-Group "sapuilandscape_default"
Case "CN=sapuilandscape_default"
Wshell.RegWrite "HKCU\Software\SAP\SAPLogon\Options\LandscapeFileOnServer", "\\server\SAPUILandscape_Default\SAPUILandscape.xml", "REG_EXPAND_SZ"
Wscript.echo "SAPGUI Standard"
' AD-Group "sapuilandscape_itdepartment"
Case "CN=sapuilandscape_itdepartment"
Wshell.RegWrite "HKCU\Software\SAP\SAPLogon\Options\LandscapeFileOnServer", "\\server\SAPUILandscape_ITDepartment\SAPUILandscape.xml", "REG_EXPAND_SZ"
Wscript.echo "SAPGUI IT"
' AD-Group "sapuilandscape_hr"
Case "CN=sapuilandscape_hr"
Wshell.RegWrite "HKCU\Software\SAP\SAPLogon\Options\LandscapeFileOnServer", "\\server\SAPUILandscape_HR\SAPUILandscape.xml", "REG_EXPAND_SZ"
Wscript.echo "SAPGUI HR"
End Select
An Alternative to this solution could be the registry part in the GPO combined with item level targeting.


Related Links:

Keine Kommentare:

Kommentar veröffentlichen