Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
mederd
Product and Topic Expert
Product and Topic Expert
0 Kudos
2,533

To run SWPM or other SAP applications/tools, it is required that your user accounts have assigned a specific set of rights/privileges. For example, the required privileges/user rights for <SID>adm and SAPService<SID> are (1837765 - Security policies for <SID>adm and SAPService<SID> on Windows😞

  • Act as part of the operating system
  • Adjust memory quotas for a process
  • Replace a process-level token
  • Restore files and directories

A description of all available user rights/privileges is available at https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-r....

The User Rights Assignment on a server can be viewed and modified locally via “Local Security Policy”. Modifications can be done only with administrative rights.

Note: If privileges/user rights are set via Domain Group Policy, the values overwrite the Local Security Policy.

View and modify User Rights Assignment on the local system

To view the current User Rights Assignment, open the Local Security Policy tool (secpol.msc) either via Start menu or Control Panel:

  • Start Menu --> Windows Administrative Tools --> Local Security Policy
  • Control Panel --> System and Security --> Administrative Tools --> Local Security Policy

Within the Local Security Policy application, navigate to Security Settings --> Local Policies --> User Rights Assignments:

To view or modify the list of users and groups, that are assigned to a specific privilege/user right (column "Policy"), select the item from the list and open the properties dialog:

View User Rights Assignments set by Domain Group Policy

To view the list of privileges/user rights that are set via Group Policy, you can use the command line tool gpresult.exe.

  • Open an elevated command prompt (= Run as Administrator)
  • Run the command: gpresult.exe /H C:\Temp\gpres.html
  • Open the file C:\Temp\gpres.html using a web browser
  • Select “Show all” (upper right corner)
  • Search for “User Rights Assignment
  • If any privilege/user right is set via group policy, you will find a list like this:

If you must modify a privilege/user right that is set via Group Policy (see above), ask your Windows AD domain administrators to assign a modified Group Policy to your windows host.