Tips, Tricks & Thoughts on Microsoft Dynamics GP
Remember me! New GP2010 feature
Monday, November 29, 2010 Security
In GP2010, a new feature was introduced to remember the user and company. I've seen a few blog posts about this, however I have also seen some incorrect information being posted about this topic which I hope to clear up.
What is it?
There are two parts to this:
Remember User (& Password) - automatically logs you in and bypasses the login window.
Remember Company - automatically chooses the company you "remembered" and bypasses the company selection window.
How to enable it
For administrators, the Remember User functionality is disabled by default. Use the System Preferences window (under System setup on the Administration home page) to enable this functionality if desired. If this feature is not enabled, the Remember Company feature still works (there is no enable/disable option for this). The remembered items are stored on the local workstation in the registry.
NOTE: enabling this is a system-wide setting, all companies, all users. See the Workarounds section for ideas on how to restrict certain users or workstations from using this feature.
For users, simply tick the "remember" box on the applicable window, assuming your administrator has enabled it on the Welcome to Microsoft Dynamics GP window. If the Remember User & Password is disabled, your administrator has not enabled it.
- If you chose to Remember User & Password, the next time you log in, you will be brought to the Company Login window (or directly into GP if that is "remembered" as well).
- If you chose to Remember Company, when you log in, you bypass the Company Login window and are brought directly into the company of your choice.
To change these settings, log in to Dynamics GP as normal, then click on either the Company Name or your UserID field on the home page to bring back the login and/or company selection windows. There you can de-select the option to remember or change the remember me setting for companies.
Is it safe?
Yes, it is safe, the login and password are encrypted in the windows registry on the workstation. For more detailed information, here is a blog post by Mariano Gomez, a Microsoft Dynamics GP MVP. Mariano is the well-known Dynamics GP Blogster.
Is it recommended?
In my opinion, the decision to use the Remember User & Password feature is highly dependent on the strength of your organization's other risk-related policies.
- Do your users regularly lock their screens when they step away from their computers momentarily?
- Do you have mandatory screen savers with the password protection features turned on?
If you answered yes to the above questions, then enabling this feature shouldn't be too much of a risk. If you answered no, you are risking the possibility of unauthorized users looking at, or worse, altering, your accounting data by accessing an unattended workstation.
Generally the Remember Company feature is not quite as risky and unless there is critical information in one particular company vs others you may not need to limit its' use.
If you really would like to enable this functionality, then consider either policies to restrict access to the feature for certain users or possibly using VBA or Modifier to restrict access. I recommend that users who use 'sa' or DYNSA should not use the remember login/password feature. Other users who may be in the POWERUSER role or have access to critical data or setup windows should possibly also be restricted from auto-logging-in.
If you are going to use policy to restrict certain users from auto-logging-in, keep in mind you should be auditing it periodically: spot check the users' workstations who should not be using this feature to see if it's in use or not. A policy without follow up is worthless!
- Remember User & Password - disabled by default; bypasses the Welcome to Microsoft Dynamics GP window
- Remember Company - enabled even if Remember User is not; bypasses the Company Login window