I’m a dictator. If I say you can only use MES, I mean it.
Is there a way to force this? Answer is probably over my head if there is.
Edit: I know you can just delete all traces of the shortcut to the full version. I do that a lot. But computers move around and roles change, etc. Also, default install is everything, and sometimes we forget that step. I’m looking for a more centralized (dictator-ish) solution.
You could use a Active Directory Group Policy to handle the shortcuts. If someone is in a group, allow both shortcuts, if not in that group, only have the MES shortcut. Then you don’t have to forget, it changes as users log in to different machines, and nothing to remember to set.
Just make the 1st level menus (Sales Mngmnt, Service Mngmnt, …) disabled. Underlying menu items are still enabled.
For example I made a group (“Disallow all”), and set the security for Sales Mngmnt, Service Mngmnt, Production Mngmnt, Material Mngmnt, Financial Mngmnt, and Executive Analysis, by adding group “Disallow All” to their respective Disallow lists.
Now users belonging to Group “Disallow All”, see:
If I launch a dashboard in Custom DashBoards, that has a P/N field, I can still open Part Maint or Part Tracker. Even though those menu items are in a sub-folder, of an excluded folder.
I think your thought is the same as one I had, which is make the full Epicor (not MES) useless for them.
What I tested was similar, but I just set the user’s “Client Start Menu ID” to an empty folder I made (pic below). So the menu opens to nothingness.
Problem is that my users still have links on their home pages to screens. And useful BAQ tiles. I’m not quite a jerk enough to go and delete all that. I guess I have to commit if I really want to be a dictator.
I guess I should have asked if MES and office were XOR (exclusively or’d). Or if some users need to switch back and forth.
Also, on the idea of having a AD policy to cleanup the shortcuts, every time, there’s nothing stopping a user from editing the target of the shortcut, and removing the /MES switch.
People usually don’t, but I like the option (if they can use the full).
I use both myself. I do development in full Epicor, of course, but launch Production MES if someone calls with a question. I’ve got it tweaked with what I need.
It could cause all sorts of other issues. But you could have the client run as a remote desktop app, and limit which apps (which client is launched) via the login to the RD Server.
Published App is a good solution if you already have things in place or other reasons to go there. User couldn’t edit the shortcut; I think you can publish apps based on groups. Good idea!
On the shortcut - I think you can put the shortcut in the “public” or “all users” desktop and then the user has to have admin rights to change it. Doesn’t stop them from seeing the shortcut properties and making one of their own on their desktop, but it is a start. As with most security, if a person is savvy enough, there are ways around things.
For people you DON’T WANT using the desktop client, don’t give them an Epicor UserID. Just give them an Employee ID and create a generic UserID that has no main menu access (which if they use to open the desktop client will show no entries).
Well, no, these are office employees and it’s more than just stock MES stuff. It’s set up to allow PO entry and all sorts of things where it should be a real user logged in, for tracking.
But I did not think of that. I’ll keep that one in mind for kiosks and such.