I have been using R4+ for some time now, and when it is pretty good for what it has been designed for, I have one major complain.
Why, but why, do we have to use admin account in order to use R4?
Leaving R4 users with admin rights has potentially pretty bad consequences, from accidental to malicious software damage, access to local network resources, etc.
I myself saw one of my dental nurse trying to "repair" network settings because internet went down (ISP provider fault). Have I not stopped her on time, I would have ended up with a lot of mess done by someone with no right IT/computer skills.
Not to mention that someone can download a file, from a patient's email, open it and cause horrible damages, not just to that computer but to other computers that are connected in the network. Yes, you should have anti-virus software but this is only as good as its virus definitions and how quickly they get updated. In a scenario, where Windows account is just a Standard User rather than Administrator, malicious software may not be able to install on a drive and spread through the network. Whereas with Administrator account virus can do as it pleases. Nothing stopping it.
Whatever there are the reasons for your software requiring administrator permissions, there is no excuse for this as this is against basic OS security rules and common sense. People who use my network are not supposed to be IT professionals, they are suppose to run dental practise and help people.
I am aware of working around UAC and forcing your software to work normally under Standard User account but I should not be doing this. Your software should be like this straight out of the box.
Can you please and look into this matter and address it?
Thank you for your message,
Admin user privileges are required for upgrading or installing R4+.
However for day to day use, as long as users have read/modify access to the following, R4+ will work:
R4+ Install Directory
Sys2data folder on the server
Read write registry access
I can advise that the UAC workaround attached (used by many large customers) is currently the only way to launch CS R4+ without admin rights. To change this would mean a considerable rework of the software.
I hope that the above information helps with your situation
Thank you for this.
I am aware of invoker, and there is even a neater solution to the one you propose (using invoker).
Still, this is not the right way to do it, not to mention that some of your support guys will insist on setting users as administrators.
Thank you anyway for looking into this for me, really appreciate it.
No problem, we do appreciate you raising this and will certainly review internally.
If its not too much trouble would you mind sharing your workaround in a direct message to myself?
So to clarify with the UAC document you've got attached to here you would need to run the ADK compatibility administrator on every machine that runs R4 in a practice ?
So is there a plan to do a considerable rework of the software in the near future ? As it seems like a pretty fatal security flaw when you're dealing with patient records.
Our team are aware of the opportunity to implement UAC control within R4+ and are investigating the level of work required. UAC is only one part of securing your system, ensuring correct levels of Antivirus and Malware protection is just as important whilst at the same time controlling access to your computers. We also recommend Windows bit locker for drive encryption. Our cloud solution, Sensei, provides a modern level of protection and you can find more information here https://www.carestreamdental.com/en-gb/csd-products/practice-management-software/sensei-cloud/.
If you want to discuss directly please do not hesitate to private message me.
Thanks for the reply, unfortunately we tend to work on advice of security auditors and they agree UAC control is a necessary component to our secure environment. This is the only PMS we have that has this issue so far.
Please can you post here when there is an update of a roadmap or similar development to impliment the feature.
Thank you for your help.
So do we have a progress here at all? I am not going through 10 profiles on 20 computers to change something that should be working by default.
How come you are unable to implement this critical update?
How come your own updates mess up with your clients machines and even your 3rd level technicians are unable to resolve them?
I understand that you take full responsibility for damages to computers data either malicious or not, as my employees do not have to have a degree in using PC and it is my job to set them up in a such way that data is safe.
Please do something about it or consider suspending subscription charges until this critical matter is sorted.