We have a number of machines in production with a drive mapped to our Epicor server. For security reasons(e.g. ransomware) we’d like to remove this mapping. In testing we found if we unmap the drive and reboot we can start up the Epicor client.
Is there any reason we need production machines with a Windows drive mapped to the Epicor server?
The main reason is to look for updates to the client and to do deployments.
Obviously this can be done because the SaaS users are not mapping a drive to the cloud. They use an https site (Azure CDN actually) to get to the deployment folder. I don’t see why on-prem users couldn’t do that as well.
No - as long as your client .sysconfig file isn’t using the Drive Letter. It probably is using a UNC Path, when you run the client it checks against the server for updated client (AutoUpdate).
@Mark_Wonsil yup - on-prem users just use UNC Path ex: \SERVERNAME\ERP10.2.600.0Deployment
I assume Eddie’s trying to get away from SMB since that is a tool of the hacker. 
But I may be wrong…
The only reason to map a workstation to the server is if you need to access files created by E10, from outside of E10. Like if you had a customization that created a text file based on a BOM. That’s going to end up in a folder on the app server.
But even then you don’t need to map a drive letter to access it.
If the server names APP01 has Epicor installed on the C: drive,
and has the folder C:\EpicorData\ shared,
and the Client Data Directory (in the Sys Agent Maintenance) is \\APP01\EpicorData
then generated files (and some logs) will be in a subdirectory of \\APP01\EpicorData.
The workstations could still access them. Most people don’t realize that you can type a URL into a windows open dialog box.
