Going to dig this post up
For testing security we:
Setup a dummy AD account
add that to Epicor
setup the security on a group
apply the group against the user we created
logout
then run epicor using runas, enter in users credentials.
This saves having to setup a new app server with a different security model.
Hope this helps.