QAD 2017 Enterprise Edition > User Guides > Security Administration > Security Overview > Sign-in Security > OS-Based Sign-in Security
  
OS-Based Sign-in Security
System administrators can control user access to the character interface directly from the operating-system level using the Enforce OS User ID field in Security Control (36.3.24).
If you are not using an application password, using the Enforce OS User ID feature lets you essentially bypass application sign-in security completely and rely on operating-system security for your character-based users.
The .NET UI and Channel Islands UI support Microsoft’s Active Directory authentication for use with the Enforce OS User ID field. With Active Directory support, user passwords can be centrally managed. User accounts must be created in the QAD system, and the User ID must match the Active Directory User ID. Note that in the QAD system, the User ID is limited to eight characters.
Important: Regardless of this setting, users signing in through .NET UI and the Channel Islands UI must enter a valid user ID and password to access the system.
When the Enforce OS User ID check box is selected, the default user ID displayed in the sign-in screen is the same ID used by the operating system, and the user cannot change it. This must still be a valid system user ID defined in User Maintenance (36.3.1).
Enforce OS User ID uses Windows environment variables to verify user credentials. An unauthorized user may potentially be able to reset the %USERNAME% environment variable in order to gain access to the system, masquerading as a different user. You should consider this issue carefully when defining your security model.
Subsequent processing depends on whether a password is required for the user:
If no password is specified in the system user record, sign in proceeds automatically, subject to proper licensing.
If the user record includes a password, the system displays a password prompt.
Important: If you enable this feature and reset user passwords for the application to blank, be careful if the Enforce OS User ID check box is ever cleared. If you do so without reentering passwords in user records, anyone can gain access to the system by entering just a user ID. When you clear this check box, the system displays a message to warn you of a potential security compromise. In addition, if using the .NET UI, it is not recommended that you reset user passwords for the application to blank. It is relatively easy to create a new user on an existing Windows machine with an ID that matches one in the application.