Suggested by Suyash Awasthi – New
Scenario description:
We want to restrict users from doing SAP automation so we can block the SAP connectors. But the user can still go ahead and do the UI automation on the SAP client. This gives users the ability to copy the data in a fast unchecked manner. And this becomes a threat in the default environment. We would not want to restrict the user from doing UI Automation altogether because he still needs to do other UI Actions on a different app.
So if we could do either of the two things:
1- Prevent selector capturing for specific apps.
2- Or force the user to close specific apps (which are restricted) before automating.
In either case this enforcement can be applied in a similar manner as DLP policies for power automate desktop
The following registry settings might be helpful to some extent:
To prevent any scripts from execution
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
UserScripting (REG_ DWORD) [Default: 1] {0 = inactive; 1 = active}
On 64-bit operating systems, the registry key is:
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
Scripting (REG_ DWORD) [Default: 1] {0 = inactive; 1 = active}
To prevent any script from writing to hard disk
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
DisableWriteToDisk
(REG_ DWORD) [Default: 1] {0 = inactive; 1 = active}
Optional Warnings:
Notify when a script attaches to SAP GUI
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
WarnOnAttach (REG_DWORD) [Default: 1] {0 = inactive; 1 = active}
Notify when a script opens a connection
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
WarnOnConnection (REG_DWORD) [Default: 1] {0 = inactive; 1 = active}