In GP2010, a new feature was introduced to remember the user and company. I've seen a few blog posts about this; however, I have also seen some incorrect information being posted about this topic which I hope to clear up.
What is it?
There are two parts to this:
Remember User and Password which automatically logs a user in and bypasses the login window.
Remember Company which automatically chooses the company to log into by default (the "remembered" company) and bypasses the company selection window.
How to enable it
The Remember User functionality is disabled by default. Go to the System Preferences window (under System Setup on the Administration home page) to enable this functionality if desired. Regardless of whether this feature is enabled or not, the Remember Company feature still functions and there is no enable/disable option for this. The remembered items are stored on the local workstation in the registry.
For users, ticking the "remember" checkbox on the Welcome to Microsoft Dynamics GP window, if the GP administrator has enabled it. If the Remember User & Password is disabled, the GP administrator has not enabled it.
- If the user chooses to Remember User & Password, the next time they log in, the login window will not appear, and the GP will open to the Company Login window (or directly into GP if that is "remembered" as well).
- If the user chooses to Remember Company, when they log in, it will bypass the Company Login window and they are brought directly into the company they marked to be the default choice.
To change these settings, log in to Dynamics GP as normal, then click on either the Company Name or the serID field on the home page to bring back the login and/or company selection windows. There a user can de-select the option to remember or change the remember me setting for companies.
Is it safe?
Yes, it is safe, as the login and password are encrypted in the Windows registry on the workstation. For more detailed information, here is a blog post by Mariano Gomez, a Microsoft Dynamics GP MVP.
Is it recommended?
In my opinion, the decision to use the Remember User & Password feature is highly dependent on the strength of an organization's other risk-related policies.
- Do users regularly lock their screens when they step away from their computers momentarily?
- Are there mandatory screen savers with password protection features turned on?
If the answer to the above questions is yes, then enabling this feature shouldn't be too much of a risk. If the answer is no, the risks include the possibility of unauthorized users looking at, or worse, altering, accounting data by accessing an unattended workstation.
Generally, the Remember Company feature is not quite as risky and unless there is critical information in one particular company vs others one may not need to limit its use.
Workarounds
If the GP Administrators would like to enable this functionality, then consider either policies to restrict access to the feature for certain users or possibly using VBA or Modifier to restrict access. I recommend that users who use 'sa' or DYNSA should not use the remember login/password feature. Other users who may be in the POWERUSER role or have access to critical data or setup windows should possibly also be restricted from auto-logging-in.
If GP Administrators are going to use a policy to restrict certain users from auto logging in, keep in mind it should be audited periodically: spot-check the workstations of those who should not be using this feature to see if it's in use or not. A policy without follow up is worthless!
Recap
- Remember User & Password is disabled by default; bypasses the Welcome to Microsoft Dynamics GP window.
- Remember Company is enabled even if Remember User is not; bypasses the Company Login window.