So, I guess we have to turn up the heat with GE support to get them to fix this. The problem is with taking pictures of patients and CPS will try to write a file called capture.avi to c:\. Without admin rights, this will not work so the user will need to find an alternate method to capture the picture with Creative or Logitech software, save it, import it into CPS then delete the picture. This process requires many more clicks and makes our users inefficient.
What needs to be done is a parameter needs to be passed to the windows API which takes the picture. A good candidate for a writable directory would be c:\temp or c:\windows\temp. If no parameter is passed to the API then c:\ is the default
I do not have enough staff to clean up malware on computers due to admin rights. It is 2014, this should not be the way programs are written. This SPR goes back to CPS 9.0 and a SPR was assigned in that era however still is not fixed in CPS 10, 11 or 12. Apparently not enough customers have voiced concern over this but this could be a patient care issue if computers are down due to malware due to admin rights.
Mike Zavolas
Tallahassee Neurological Clinic
I agree, the current process is too complicated. There has to be a better way.
This is my current longest standing issue. Assigning administrative rights for users is poor form in any environment. Healthcare, you would think they would get on it.
I do have an update on this from the conference. I spoke with a GE support rep who said this issue has been worked on but it is more than a simple solution. She said that it has somethign to do with the TWAIN subsystem in Windows. I know this has improved in Windows 7 because my scanning people do not have admin rights since we upgraded them from Windows XP. They use TWAIN scanners but the pictures of patients are now taken with webcams instead of TWAIN cameras. In the past I had to buy TWAIN cameras which were very rare, hard to find, and very expensive.
So, the short answer is they are working on it. I hope they find a resolution soon as this one is a security problem or a user problem with the extra steps. SPR 54868 is what you would want to mention if you want to turn up the heat on GE to let them know this is very important.
Mike Zavolas
Tallahassee Neurological Clinic
I just create the file there as an empty text file with capture.avi as the name and give all the EMR users full rights to that one file. Not an ideal solution but doesn't require giving admin access to the root directory. I agree it would be nice to get this fixed at the vendor/OS level.
I know this is a super old post, but maybe this will help someone with capturing photos. I believe they still apply to the workstations with the current versions of the EMR.
When logged on to the machine as a standard user and attempting to capture an image in the EMR, you receive the message “Failed to acquire image from device” after clicking on Take Snapshot.
When capturing the events on the PC using ProcMon, you will also see the following event:
The two important pieces of information in the screenshot above are the “Result – ACCESS DENIED” and “Integrity – S-1-16-8192”. When the EMR attempts to capture a photo it utilizes the file capture.avi that is located in the root of the C:\. The user account we are using is a standard user account, and the default NTFS permissions do not allow standard users to modify the root of the C:\, resulting in receiving g Access Denied. However even after granting the user “Modify” permissions on the file you will continue to receive this same entry in ProcMon indicating “Access Denied”. The reason for this is because of the information in the Integrity column. The integrity column is only applicable for local file/registry access on Vista or higher when User Account Control (UAC) is enabled. (In this example we ran ProcMon on a Windows 8 machine, which resulted in an integrity of S-1-16-8192. This value is the equivalent of “Medium” – see here http://support.microsoft.com/KB/243330.) Users in the “Authenticated Users” group are able to execute items at a Medium mandatory level. To view the integrity of the file C:\capture.avi we can use the tool icacls.exe. Open an elevated command prompt and run the following command – icacls c:\capture.avi
The last line of the output indicates the file currently possesses a “High Mandatory Level”. Therefore, in the files current state, a user will need to be in the local Administrators, Backup Operators, or Network Configuration Operators security groups (more information here http://msdn.microsoft.com/en-us/library/bb625963.aspx). However, using icacls, it is better to change the file to a Medium Mandatory Level. To do this, execute the following command - icacls c:\capture.avi /setintegritylevel M
We can then execute icacls c:\capture.avi again to confirm our changes have been applied.
Now when attempting to capture an image in the EMR you should no longer receive the error message and you can successfully acquire the photo (indicated by the button Attach being available).