So do we have a progress here at all? I am not going through 10 profiles on 20 computers to change something that should be working by default.
How come you are unable to implement this critical update?
How come your own updates mess up with your clients machines and even your 3rd level technicians are unable to resolve them?
I understand that you take full responsibility for damages to computers data either malicious or not, as my employees do not have to have a degree in using PC and it is my job to set them up in a such way that data is safe.
Please do something about it or consider suspending subscription charges until this critical matter is sorted.

Good Morning, 

Thanks for your message, this is recently under re review, once I have a further update I will respond to you.

Kind Regards 

Chris 

This would be fantastic, as this is a major threat to network security. I am extremely surprised you were unable to sort it out by now. We all knew (including Carestream) when the support for Windows 7 was to end, so it is a mystery to me why this has not been addressed yet.
Sorry to be pain in the back but this is critical for my network safety, and for every R4 user as well.

But thanks for looking into this and I hope to see some results soon :).

Has anything changed in this matter please?

Hi Luke,

Thanks for your message, we are to continually looking at this and the best methods of implementation due to the size and scope of the changes required and want to ensure its implementation doesn't negatively effect any of our customer base.

Many Thanks

Chris

Thank you for your response. However I (and many others) would like to see some progress in this matter. As at the moment we are in a breach of following Data Security Standards:

Data Security Standard 4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.

Data Security Standard 5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.

Data Security Standard 9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.

Thanks

So to clarify with the UAC document you've got attached to here you would need to run the ADK compatibility administrator on every machine that runs R4 in a practice ?

So is there a plan to do a considerable rework of the software in the near future ? As it seems like a pretty fatal security flaw when you're dealing with patient records. 

Our team are aware of the opportunity to implement UAC control within R4+ and are investigating the level of work required. UAC is only one part of securing your system, ensuring correct levels of Antivirus and Malware protection is just as important whilst at the same time controlling access to your computers. We also recommend Windows bit locker for drive encryption.  Our cloud solution, Sensei, provides a modern  level of protection and you can find more information here https://www.carestreamdental.com/en-gb/csd-products/practice-management-software/sensei-cloud/.

If you want to discuss directly please do not hesitate to private message me.

Kind Regards 

Chris 

Thanks for the reply, unfortunately we tend to work on advice of security auditors and they agree UAC control is a necessary component to our secure environment. This is the only PMS we have that has this issue so far.

Please can you post here when there is an update of a roadmap or similar development to impliment the feature.

Thank you for your help.

Thank you for this.

I am aware of invoker, and there is even a neater solution to the one you propose (using invoker).

Still, this is not the right way to do it, not to mention that some of your support guys will insist on setting users as administrators.

Thank you anyway for looking into this for me, really appreciate it.

Hi Luke,

No problem, we do appreciate you raising this and will certainly review internally.

If its not too much trouble would you mind sharing your workaround in a direct message to myself?

Kind Regards,

Chris