Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows OSS Only For Administrators?

Posted by timothy on from the hey-buddy-you-gotta-be-an-admin dept.

Torsten writes "We all know it: it is no good idea to run Windows with Adminstrator privileges all the time. But when you use a normal user account, many programs will not work properly. I have recently recognised that even open source software has difficulties with the Windows rights model. Openoffice will continue to ask for registration until an Administrator stops it. Firefox will not install new search plugins for normal users and will not even tell why. FlightGear starts the configuration screen, but only an Administrator can fly. Have the OpenSource developers problems adapting the windows right model? Or does nobody bother being Administrator?"

101 comments

  1. It's not just OSS by yelvington · · Score: 3, Interesting

    It's not just OSS; Microsoft's own stuff doesn't necessarily work properly with restricted rights. The printer spooler on one of my home computers refuses to work, and in order to let my kids print anything, I had to turn off the spooler (which essentially hangs the computer until the printing is done). I have similar problems with peons and non-OSS third-party software, such as HP's software update tool.

    1. Re:It's not just OSS by Apreche · · Score: 5, Informative

      It's not just windows either. I always have problems trying to add extensions and search plugins to firefox as a non root user in Linux, and it hardly ever works properly. The problem is that applications are written in such a way that in order for the ordinary user to accomplish a simple task deep underneath there is a small operation like a file system write that must happen. As is in the case of installing an extension. What needs to happen is the application developers need to make sure that for any action which should be allowed for a non root/administrator user that there are no priveledged instructions to be executed.

      --
      The GeekNights podcast is going strong. Listen!
    2. Re:It's not just OSS by josepha48 · · Score: 1
      ditto here. I've had problems on both OS and the BSD's when not admin. Some Firefox extensions install in user profile, others are global. The global ones are the ones that cause problems, probably for both OS.

      I'd like to point out something. You can't always install software in linux without being an admin, unless you do --prefix=/home/you on most software, and if you get an RPM, then you need to be admin ( root ) to install those, or you need some admin rights.

      Its not just windows, all OSes have this problem.

      Typically where I have worked, the way sysadmins do it, is everyone gets admin rights. When someone becomes a problem to support, IE they install virus software, uninstall office, or do something really stupid to their computer, they generall loose admin rights on their computer, unless they are a VP or higherup manager.

      --

      Only 'flamers' flame!
      Does slashdot hate my posts?

    3. Re:It's not just OSS by drdink · · Score: 1

      My parents have some model of Canon MultiPASS printer that was released during the Win9x days. They're now using WindowsXP and the Canon-supplied XP drivers for the printer. These drivers don't work unless you're logged in as an administrator. The "drivers" involve a little tray icon that shows the printer status and lets you do other crap, but if you try to print when you're not an administrator it is like Windows doesn't have the privileges to connect to the MultiPASS daemon or something. I've not found a way around this, so all the accounts on that computer are Administrator. The worst part is that if a non-admin tries to print, they're treated to an endless loop of error dialog boxes.

      --
      Beware, Nugget is watching... See?
    4. Re:It's not just OSS by cbr2702 · · Score: 1

      There is a difference between installing software and using it. Using the software should not require admin/root privliges while installation can. The way I have seen linux boxes usually set up is they work along in user mode and when someone needs new software they either switch to root to install it or get an admin to do it. Windows should be able to do the same.

      --


      This post written under Gentoo-linux with an SCO IP license.
    5. Re:It's not just OSS by FatRatBastard · · Score: 1

      A bit OT, but your post has reminded me of something I've always wondered about. Has someone come up with a "User" level version of APT or YUM? i.e. something that allows a non-root user to install packages in their own little userspace corner of the filesystem?

    6. Re:It's not just OSS by Metasquares · · Score: 1

      If you want to give users the ability to install extensions into the firefox directory, you can just chmod it. Ditto for any directories you may want to allow users to install into. If you want to install stuff using your user account, but don't want to set permissions, use sudo. In Windows, you have cacls. The methods exist for you to allow users to install software, but they all require some setup, as they should. An OS that allows users to install things to any directory they choose out of the box wouldn't be particularly secure.

    7. Re:It's not just OSS by kosmosik · · Score: 1

      I can't agree with that... Linux is kernel, what you are reffering to is distribution (like Fedora or Debian) - so in Linux (meaning distro) software is installed completely different than in Windows - in Windows you get installers from all over the Web and push them to system (they usualy work). In Linux you download packages with given software (here Firefox) from less or more official repository of software *customized* *for* *your* *Linux* *flavour (aka distribution). So the proper way of installing Firefox is either - grab binaries from firefox site and unpack them (but keep in mind that in unix system you will need to tweak it bit) or go to your distro package site, grab firefox package and install it. Second way is proper - and if you will find that second way gives you broken instalation you're are allowed to go complaining to packager... :) I assure you that it will be fixed soon. In my Fedora I have no problems with Firefox or whatever user application. I have few glitches with system services (needed tweaking) but this was due to introduction of SELinux and I usualy have very customized configs of my servers so I've had to tweak a little.

    8. Re:It's not just OSS by Anonymous Coward · · Score: 0

      ZeroInstall is happy to work without root priveleges, and GoboLinux has a "rootless" installation mode that allows you to install its packages in your home directory.

      Unfortunately, both of these are relatively non-conventional package systems, and use an application-directory approach.

    9. Re:It's not just OSS by AlphaSys · · Score: 1

      Sorry, folks... it's really simple. If you're installing software packages or widgets that plug into them, you're performing an administrative task. That's why they call them administrative rights, dolts. Neither well-configured Windows (well, 2k, XP or 2k3/SBS anyway) nor Linux nor BSD (free, OSX, etc.) nor proprietary UNIX (Solaris, HP/UX, etc.) in my experience deviate from this simple notion. And if you have half a tendency towards laziness, you find simple ways to automate any context-shift you may need to enact to perform regular tasks in any environment that doesn't provide you them by default (i.e., not SuSE, OSX). Anytime you're doing those types of things, it's good to know when you have crossed the line into "admin land" and my opinion is that anyone who doesn't want to know the difference neither needs nor deserves any avenue to root.

      --
      Can I bum a sig? I left mine at the office.
    10. Re:It's not just OSS by djsmiley · · Score: 1

      "The way I have seen linux boxes usually set up is they work along in user mode and when someone needs new software they either switch to root to install it or get an admin to do it. Windows should be able to do the same. "

      They can, its just little used or known about. Simply right click the install file, "Run as..." and you can type your admin username and p/w and your away, it installs as if run by the administrator.

      However, i must point out that i run my machine constantly in administator mode for the hell of it, i even let my brother on it. Why? Because its pretty much secure. My hardware firewall + combo of firefox and ad-aware SE edition work well to make sure im covered. Also got AVG running as well.

      Anyone notice these are all Free products.

      --
      - http://www.milkme.co.uk
    11. Re:It's not just OSS by daemon1010011010 · · Score: 0

      The problem with certain extensions not installing in Firefox has to do with the extension programmer more than Firefox itself. The global chrome directory is protected by default, as it should be so non-admin users can't make changes for everyone. If an extension programmer decides to make an extension local only, then it's their oversight. This problem has deminished with recent releases, though. As for installing plugins, there is no problem there either. Plugins are full fleged programs, which you are designed not to be able to install without admin privilages. Generelly, software for UNIX-like oses is designed to be installed by a privilaged user (unless you compile if from souce and install it to your home directory) and to be run by unprivilaged users, placing dot-files/folders for configuration in their home directories. OpenOffice practically reinstalls the entire app in a user's home directory the first time they run it. There's more to be said, but I'm tired of typing.

    12. Re:It's not just OSS by Apreche · · Score: 2, Interesting

      ah, but this is what I'm saying. The search plugins in firefox are actually just single text files. I know because I made a couple of them. There is no reason that search plugins can't be added on a one-user basis. Why do all the users need to share all the search plugins? Just shows that while Firefox is the awesome its not perfect.

      --
      The GeekNights podcast is going strong. Listen!
    13. Re:It's not just OSS by cbr2702 · · Score: 1
      Using the software should not require admin/root privliges while installation can. The way I have seen linux boxes usually set up is they work along in user mode and when someone needs new software they either switch to root to install it or get an admin to do it. Windows should be able to do the same.

      They can, its just little used or known about. Simply right click the install file, "Run as..." and you can type your admin username and p/w and your away, it installs as if run by the administrator.

      I'm sorry, perhaps because my point was simple I didn't make it clear enough: people should not need admin privliges to run the software. Switching users to install the software is not really the issue.

      --


      This post written under Gentoo-linux with an SCO IP license.
    14. Re:It's not just OSS by Anonymous Coward · · Score: 0

      they generall loose admin rights

      "generally lose".

    15. Re:It's not just OSS by Anonymous Coward · · Score: 0

      "If you're installing software packages or widgets that plug into them, you're performing an administrative task. That's why they call them administrative rights, dolts."

      Since you're calling people names, get a fucking clue, asshole. It should be possible for a user to install an application in his/her own home directory (or subdirectory thereof), for his/her own use, without having to obtain admin priveleges.

    16. Re:It's not just OSS by Anonymous Coward · · Score: 0

      I couldn't even install this Mozilla extension as a non-root user on my Mandrake9 box. Definitely not a problem exclusive to Windows.

    17. Re:It's not just OSS by Anonymous Coward · · Score: 0

      More importantly, if Windows can integrate these features better than Firefox with IE, it will steal its marketshare back. Again, the marketing people in OSS don't have enough power; you probably had programmers deciding that search plugins should be shared across all users.

  2. Obligatory smug Mac user response. by Heftklammerdosierer! · · Score: 0

    Can't you get around some similar problems with programs that don't have installers? I know it's sidestepping the specific problems mentioned in the article, but that was why I used Trillian when I was stuck "working" in the computer lab.

  3. Re:OOo by Anonymous Coward · · Score: 0

    Mod parent troll. Obviously the emails are to inform of updates to the product, not some shady revenue source.

  4. Seems like... by sw155kn1f3 · · Score: 2, Interesting

    Classical chicken-egg problem.
    Since the majority of developers and testers develop/test with Administrators rights, these bugs slip through completely unnoticed.
    How to change that? I don't really know.
    And anyway there gonna exist many legacy (9x era) apps. These gonna require Administrators rights. Maybe "Run As" is going to help. But it's annoying to use: doesn't really remember credentials, doesn't have "remember admin password for XX minutes", etc.
    Maybe if Microsoft implemented comfortable "Run As", things gonna change. Not now.

    --
    - Arwen, I'm your father, Agent Smith.
    - Well, you're just Smith, but my father is Aerosmith!
    1. Re:Seems like... by I8TheWorm · · Score: 2, Insightful

      Create a test account on the box with very few privileges. Really, any developer worth their weight ought to know to have a non-development environment to test projects.

      Further out on the extreme branch, one could either partition and install a few OS's, or use MS Virtual PC to create a few different "boxen" with different OS's, different patches, etc... to get a full view of what the project is(n't) compatible with.

      --
      Saying Android is a family of phones is akin to saying Linux is a family of PCs.
    2. Re:Seems like... by jeffy124 · · Score: 0

      Really, any developer worth their weight

      but what about them skinny developers? Dont they have any worth?

      --
      The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
    3. Re:Seems like... by I8TheWorm · · Score: 1

      I'm not sure, but I can guarantee they're worth a lot more on Jupiter.

      --
      Saying Android is a family of phones is akin to saying Linux is a family of PCs.
    4. Re:Seems like... by harikiri · · Score: 1

      Yeh I test all my applications under a VMware XP system.

      --
      Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
  5. Install the program in My Documents by Anonymous Coward · · Score: 1, Informative

    On my home machine I am the only user. For day to day things I run as a limited user. But I want to run programs like eMule (only to download legal things, of course). But eMule is constanly writing to its temp folder. So I just installed eMule under the My Documents folder as a limited user instead of Program Files as Administrator. You have to run eMule once as Administrator so it can write something to the registry but after that you run it as limited user.

  6. Are you surprised? by RAMMS+EIN · · Score: 1

    Windows NT may have proper separation of users, but most people and most software came to Windows through DOS and Windows 9x, which are single-user.

    Both the developer and user cultures are shaped by this, and the result is software which can't properly be secured. I'm not surprised. Are you?

    --
    Please correct me if I got my facts wrong.
  7. Happens all the time by red_dragon · · Score: 3, Insightful

    If you spend enough time with NT-derived versions of Windows, you'll find that a lot of software simply assume that it is running under Windows 95/98/ME or require that you do some fiddling with permissions on the filesystem or registry to run properly. This causes me no end of grief as I try to keep our PCs sufficiently protected from stupidity while being functional enough to avoid receiving support calls.

    All of the examples given can be duplicated in commercial software. MS Office 2000 won't stop displaying the "please register" nag dialogue box until an admin dismisses it. Regular users can't install plugins in Internet Explorer either, although I guess one could set the plugins directory to Everyone:F, but that's big security hole. One little commercial programme we use here to track fixed assets won't run under a regular user account unless its registry key in HKEY_LOCAL_MACHINE is set to full access to everyone because it keeps running state information there. Nero Burning ROM will not burn dics under a regular account without installing an extra utility that grants disc burning privileges to admin-specified users or groups. Palm Desktop, even in its current iteration, keeps user data in its programme directory, which requires the admin to set the directory's permissions to Everyone:F - again, another gaping hole. The list goes on and on, and it goes to show that a good part of the crappy Windows user experience is caused by the lousy software that runs on it.

    --
    In Soviet Russia, Jesus asks: "What Would You Do?"
    1. Re:Happens all the time by kosmosik · · Score: 1

      Yes but wait. (I am reffering to your 1st paragraph). I understand that 9x was different and now we have XP. OK but this is like something that is easly predictible is it? Like when you design modern multiuser system, where users are separated for system and you know that older legacy programs will have trouble with that (due to different permissions) than you can perdict and manage this also. I don't know Windows much but XP has something like compatibility mode where you run 9x programs in somekind of emulation. This emulation should take care of things like that... I understand that some apps are broken by their authors (there is no MS fault here) but loads of others don't - they are just designed for 9x and using standard 9x system procedures (storing registry, trying to write some files etc.) - so IMHO XP should fix that for these applications giving them some additional layer of automagically intercepting such calls and translating them to proper way... Or maybe MS does not care about it?

    2. Re:Happens all the time by QuantumRiff · · Score: 3, Interesting

      Textbook CD's are horrible. I'm the admin at a small college, and we run win2k in our student labs. Even the brand new editions of textbooks use Macromedia Authorware crap (really old versions, and some new) that will not run until they copy 2 files into %system32%. Of course, thats a big no-no to let student users have rights to this. If I manually copy the files into the directory, it still doesn't work, the program doesn't look to see if their already there. Even non-authorware stuff doesn't work right. I have a CD out of the back of a textbook that (from the CD) starts a java-based web server on some port, and then uses IE to connect to the web server. Of course, it can't write those registry keys, and it wants me to turn off all security in IE to run. It uses Active-X, so no go with firefox. .. I could understand this crap on an older textbook, but of few of these came out just this term, and they still expect everyone to be running Win98. If you call up the publisher, their solution is always to add users to the administrators group. .. idiots..

      --

      What are we going to do tonight Brain?
    3. Re:Happens all the time by dustman · · Score: 1

      If I manually copy the files into the directory, it still doesn't work, the program doesn't look to see if their already there.

      Have you tried setting the security rights on those files specifically, such that "Everyone" is allowed to overwrite these files?

    4. Re:Happens all the time by Anonymous Coward · · Score: 0

      Oh, yeah, that wouldn't be a huge, gaping security hole to everyone who uses those files. :rolleyes:

  8. Backwards compatibility by kawika · · Score: 3, Insightful

    Windows 9x apps could drop files anywhere they pleased, and they did: the Windows directories, app directories, the root of the drive, you name it. Windows NT/2K/XP solved this issue with the "Documents and Settings" area, and that's supposed to be where apps put their temp files, logs, databases, and other data. But most 2000 and XP systems loosen security to make old apps work. (How could apps write .INI files in the Windows directory otherwise?)

    Since old apps don't break, developers are tempted to follow bad examples or old habits. It seems like the only way this would change is if Microsoft shipped XP as secure by default--the default user would not be an admin, and NTFS security was set to prevent writes to Program and Windows dirs. That would cause a massive support headache.

    The Windows Installer docs have some guidelines on where things should go for best compatiblity, but of course a lot of people use other installers and those may not try to enforce any rules. This doesn't seem to be an issue that Microsoft is crusading about, but maybe they should.

  9. Re:OOo by dJCL · · Score: 2, Informative

    They don't spam, that's for sure.
    I use a unique address for every e-mail address I give out, and the one I gave openoffice has not been one of my spammed entries.

    --
    On Arrakis: early worm gets the bird. Magister mundi sum!
  10. The solution I used... by TheSHAD0W · · Score: 4, Interesting

    There were a few issues with my software that needed me to consider multi-user access under Windows, especially as I was adding new features; when these features finally came to fruition, I modified my software, sticking preferences, application and temporary data either under the user's "Application Data" folder in "Documents and Settings" in Windows, or in a dotted directory under *nix. I thought this was an elegant solution.

    So what happened? People yelled at me. Why was I polluting their system, putting files all over the place? Why couldn't I have kept it the way it was?

    You just can't win...

    1. Re:The solution I used... by Anonymous Coward · · Score: 3, Insightful

      Thanks for the great BT client, works great out of the box, no tweaking necessary and it complies with the windows idea of where app settings and the like should be stored.

      You're absolutely right about it being an elegant solution. Ignore the naysayers and keep up the good work.

    2. Re:The solution I used... by CaptnMArk · · Score: 1

      Personally I find the depth in which "Application Data" is placed too hard to find.

      Microsoft should have used /home/user/Documents is much better than

      c:\documents and settings\user\...\Application\

      Of course, even unix is not perfect. The .dotfiles are starting to be a big mess. It's hard to decide what is junk there and what is actually worth backing up.

      It would be really nice to have

      ~/.etc/ - configuration (backup optional, no data loss if removed)
      ~/.var/ - data (this needs to be backed up)
      ~/.tmp/ - temp files, caches (can remove anytime)

    3. Re:The solution I used... by kosmosik · · Score: 1

      Well you could give an option - where to store the configs. :) My friends from highschool are doing IM client from some time. It is actually good and upon first run it asks where to store user profile ("Program Files" or "Application Data" in user profile dir). They made it so maybe because of backward compatibility with Win9x - I don't really know - I don't use Windows (other than administering few XP boxen) since three years... Maybe that is it? If they complained about storing configs in $HOME on *nix - just ignore them, they are stupid :)... But in *nix you could also give a choice where to store configs. Examining some variable maybe? Or smth.?

    4. Re:The solution I used... by Anonymous Coward · · Score: 0

      Application Data directory is there for storing "Application Data" so your use of that directory is pretty fair.

      Maybe storing temporal files in that directory isn't the cleanest thing you can do. There's a user private Temp directory at [User]\Local Configuration\Temp that maybe more suitable for the temporal files you create.

      However your application works as expected (and it's pretty handy), and it's more friendly that others that left their temporal files at C:\ !!!

    5. Re:The solution I used... by numbski · · Score: 1

      This leads me to wonder....I'm a Perl coder, and I actually started out on the Win32 build, then moved to Unix. Really backwards, I know, but it actually made my transition to unix much easier.

      Anyway, I never check to see whether or not perl's $ENV{$HOME} or $ENV{$USER} variables were properly populated (my syntax may be slightly wrong, forgive me). If so, then $ENV{$HOME} = "c:/Documents\ and\ Settings/$ENV{$USER}";, and of course $ENV{USER} = userid.

      I don't know if a similar convention exists in more common win32 languages or not. It should, and if it doesn't, this needs to change. The establishment of a home directory/profile directory is a staple of multi-user environments. With roaming profiles on win2k+ domain environments, there's no excuse for this.

      The environment variables for home and userid MUST exist and be accessible to the coder. End of discussion.

      --

      Karma: Chameleon (mostly due to the fact that you come and go).

    6. Re:The solution I used... by daemon1010011010 · · Score: 0

      $ENV{USER} $ENV{HOME}

    7. Re:The solution I used... by kelnos · · Score: 1

      You might want to look at the Freedesktop Base Directory Spec. It defines the use of $XDG_CONFIG_HOME (default: ~/.config/) and $XDG_CACHE_HOME (default: ~/.cache/) as a root for applications to store their configuration data and temporary cached data, respectively. I would think that the app itself should ask you where you want to save data files and whatnot.

      Few apps implement the spec, but hopefully that will change soon.

      --
      Xfce: Lighter than some, heavier than others. Just right.
    8. Re:The solution I used... by lachlan76 · · Score: 1

      It's all in an API call, which I can't remember, because I haven't touched Windows in about 4 months.

    9. Re:The solution I used... by bedessen · · Score: 1

      Incidently you can change this when you install Windows. Use a response file (google Microsoft's KB for winnt.sif) and specify the location and name of the profiles directory. Mine is "C:\Users". Also, you can install Windows into any directory you want using this technique.

      To John H, parent poster: Ignore the people that bitch about stuff being where it's supposed to be. Tell them to take it up with MS.

  11. Jupiter by cbr2702 · · Score: 1

    Perhaps that's because of a scarcity factor more than the weight change. Or it may be more tied to the general shortage of jovial developers.

    --


    This post written under Gentoo-linux with an SCO IP license.
  12. Openoffice by Anonymous Coward · · Score: 5, Informative

    If you had read the documentation, you would know that in order for Openoffice to run as a normal user and save your settings, you have to run the install as "setup.exe -net" -- just like you have to do in Unix.

    1. Re:Openoffice by cortana · · Score: 1

      Ah, I'm glad someone else on this forum knows this. It's worth noting that this irritating limitation is gone in OpenOffice.org 2.0--there is no longer a need to maintain a machine-wide "network" install, and separate user installs for each user.

  13. Change Permissions by Noksagt · · Score: 2, Insightful

    If you trust the software, just grant the Users group extra permissions & file a bug report for what you had to do. In environments where I trust the users, I am lazy & grant users the same permission for the apparently relevant files and directories as the accounts that can run the software. On some occasions, this includes changing permissions of dlls outside of the installation directory. I use listdlls to do this. In less trusted environments, I will gradually add read+execute access for the users to the programs & dlls users need. If I get sick of trying to fix it, I usually reevaluate the need to install the program or the level of trust to grant the users.

  14. OS X? by Anonymous Coward · · Score: 0, Redundant

    y'know, OS X doesn't seem to have these issues...

    1. Re:OS X? by Van+Halen · · Score: 1
      Yes it does. The reason it doesn't seem to have issues is that the vast majority of Mac users run as administrator. Why? Because the first account that gets created upon initial setup of the machine necessarily has administrator rights. Most people are too lazy or ignorant to reserve a separated, admin-only account, and use a non-admin account for their daily computing. And really, they shouldn't have to know to do this. I've always said that Apple should ask the user for an "administration password" at initial setup, and silently create a hidden admin account for this purpose. Any dialog that asks for an administrator's name and password would then only ask for the "administration" password. Nobody needs to know that it's actually a separate user account. Meanwhile, the real user account that's created at setup would have no special rights. They should have done this from the beginning.

      As someone with about a decade of strong unix experience before I started using OS X 3 years ago, I made absolutely sure to setup my machines as I've said above. My normal account has no admin privileges, and there's a separate "admin" account for those times when I need it. And I've run into several software problems because the vendors assumed I was running as an administrator (or more likely, didn't even think about it because Apple doesn't make a big deal of it to their developer community):

      • Quicken 2002 was a particularly bad offender. My wife and I wanted to be able to use it from both of our accounts to update the same financial data. Not only did it not want to run without admin privileges, but I had to jump through numerous hoops so that it would allow us both to use the same data file. I ultimately created a new "quicken" group with both of us as members, and changed permissions and group ownership on a number of files after installation.

      • I recently got Photoshop Elements 3.0 and went to install it. It uses Apple's Installer program, which asks for an admin user/password in order to complete installation. This is the way it should be, right? Well, apparently not. Even though the software installed fine, it failed to properly write the serial number information. Even though I had given the installer admin privileges! Bleh. I had to login as the admin user and install it directly from that account.

      • Numerous other software that refused to install at all without being logged in as admin. Usually they were using old installers that assume the OS 9 paradigm of "one user controls the whole machine" still applies in OS X.

      I blame Apple as much as the companies who are too negligent to fix these easily rectified problems. Apple doesn't seem to think it's a significant problem for a regular user to have admin privileges all the time - true, you're not root, but you might as well be, with access to everything under /Applications and more. And many software companies have demonstrated more desire to add new features that generate new sales than to fix -- or even test! -- these kind of things that affect only a small percentage of their users.

      Ultimately, it's just annoying when it comes up. Usually I can fix it by fiddling with permissions, but I just wish I didn't have to. The phrase "it just works" simply does not always apply...

      --

      Say hello to zMac.

  15. It's all about program design by ignatus · · Score: 2, Informative
    But when you use a normal user account, many programs will not work properly.

    In my experience, this is just a program design issue. I'm using linux, and I've never had any problem with it. Allmost every program in linux doesn't need root priveliges anyway. And the ones who do (like XCdroast) provide a special interface for it. Still not satisfied? Use su or sudo to run it temporairly in as root.

    However, I had this one problem with firefox search plugins. The reason why most users can't update the searchplugins is because the dir containing the searchplugins is global, and a standard installation doesn't allow uses to write in it. This is rather unacceptable behaviour in Linux. Bugs like that just prove how some developers are unaware of multiple users and priveleges.

    In Windows, the situation is rather different. Most users don't need multiple accounts on one desktop. So it's not a big problem (they think), because they are in charge anyway. This way, a lot of programs running on Windows don't bother providing a multi-user interface, but just stick to a global configuration. With this attitude, it's just asking for problems

    --
    - Never underestimate the power of human stupidity.
  16. Firefox Search Plugins by Noksagt · · Score: 1
    Firefox will not install new search plugins for normal users and will not even tell why.
    The same is true under Linux. On Linux, it is because search plugins are installed under the system-wide shared directory for firefox. I assume the same is true for windows. This is an inconvenient design! It often means that upgrades or reinstalls won't keep search plugins (you can remember to copy your search plugins directory first, of course). It also prevents user-secific search plugins. Does anyone know the reason for this? Is it possile to install them to your home directory (as with extensions) or is there a security/design reason not to?
    1. Re:Firefox Search Plugins by ratboy666 · · Score: 1

      WTF?!?

      Firefox under linux stores new plugins in ~/.mozilla/plugins

      That would be under the users home directory. Each user can have different plugins.

      You can also install them into a shared location for all users.

      Ratboy

      --
      Just another "Cubible(sic) Joe" 2 17 3061
    2. Re:Firefox Search Plugins by denis-The-menace · · Score: 1

      The reason why is that otherwise every user would need to have their plugins installed on a per-user basis. Each new user would need to have all their pluging installed. Drive space is wasted too for duplicate files.

      We had a plugin that put its temp files in sub folder of system32! We complained and the next version of the plugin install 95% of the plugin in the user profiles and the temp files also endded up in user profiles too.

      It will take time but users must complain LOUDLY to the MFR for these changes.

      --
      Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
    3. Re:Firefox Search Plugins by Noksagt · · Score: 1

      Thank you for your post. Please see my previous post which I made after research this secific grie a bit more.

      Your reason does apply to some programs. A custom piece of software littered c:\ (Not even %SYSTEMROOT% (or whatever the relative name for it is)), and c:\windows (even less excuse for that one!) with temp files.

      The argument of requiring each user to have their own set of plugins & wating time/space is a poor one. Most modern OSs have user home directories & directories which can be used for system-wide files. It is definitely NOT the case for Mozilla: they store extensions and themes under a user's home directory just fine. And the search plugins which we gripe about are TINY. They consist of an icon-sized image (almost always less than 1 K) & a short XML file (almost always less than 2 K & often less than 1 K).

  17. Re:Not true by Profane+MuthaFucka · · Score: 0, Troll

    Someone modded me down? I really do feel this way. Windows makes a really nice game platform, same as an XBox or something like that. You could even run a regular OS on an XBox, but if I saw my bank using something like that to keep track of my money, I'd switch my bank.

    Seriously. Windows == game machine. Run as administrator on it, all you will risk is your Everquest game money. If you run a real business on a game machine, well, I will LOL.

    --
    Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
  18. OpenOffice on Multiuser Windows Systems by sybarite · · Score: 2, Insightful

    I'm not trying to through rocks, but trying to highlight a need... Running OpenOffice on a Windows system with multiple users where said users are not administrators is a problem for me and an impediment to the adoption of OpenOffice for many of my clients. Most Windows software I run needs to be installed only once while administrator and then all other nonpriveleged users can run the software. This doesn't appear to be the case with OO. I don't get the per-user install requirement for OO. This problem is most pronounced on Citrix. I found an ugly script that includes multiple reghacks on OOOforum.org that I will soon test, but in general, this issue has got to be an impediment to OO deployment on many Windows networks.

    1. Re:OpenOffice on Multiuser Windows Systems by denis-The-menace · · Score: 1

      -Get REGmon and FILEmon.
      -Logon as the Limited User
      -Run REGmon and FILEmon using runas
      -Launch OOO and do things
      -meanwhile search in REGmon and FILEmon for "denied"
      -Fix permission in Registry and File system
      -Done!
      -Publish the results to OO.org for others to follow and add on to it (just like GPL...)


      This is teadious but not rocket science!

      --
      Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
    2. Re:OpenOffice on Multiuser Windows Systems by sybarite · · Score: 1

      I will plan on it. Thanks. (Just hope one day not to have to.... it is tedious and to some it is rocket science and discourages them from using the software.)

    3. Re:OpenOffice on Multiuser Windows Systems by mopslik · · Score: 1

      Running OpenOffice on a Windows system with multiple users where said users are not administrators is a problem for me and an impediment to the adoption of OpenOffice for many of my clients. Most Windows software I run needs to be installed only once while administrator and then all other nonpriveleged users can run the software. This doesn't appear to be the case with OO.

      Installing OO.o for Multiple Users. Worked on every Windows machine I've ever installed OO.o on, without fail.

      That's why the OO.o FAQ exists.

    4. Re:OpenOffice on Multiuser Windows Systems by sybarite · · Score: 1

      Appreciate the response. Look, I'm not trying to knock OpenOffice, but the faq you pointed me to illustrates my point that there is a per-user setup that has to occur. When we are talking dozens of users on a Citrix farm of multiple servers, it gets pretty tedious. Forget Citrix for a minute, how about an evironment where one might work from different machnines. I found some articles in the forum about others that have set it up such that the per-user setup is scripted and silent that I will try. My original point I was trying to make was that I don't understand why it has to be installed in such a way that there is per user setup in the first place. I can install Office once on a multiuser system and then it is installed for everyone without special scripting or further per user setup required. Users shouldn't be presented with setup or registration requests, just be able to sit down and work on the software. I guess I was asking for a different type of installation and I probably should have directed the comments at OO community. Cheers.

    5. Re:OpenOffice on Multiuser Windows Systems by mopslik · · Score: 1

      Look, I'm not trying to knock OpenOffice, but the faq you pointed me to illustrates my point that there is a per-user setup that has to occur.

      Perhaps I don't understand what problem you're encountering. As should be clear from the FAQ, installing OO.o for multiple non-admin users is quite simple:

      Assuming an Admin ran "setup.exe /net" earlier, as a non-admin user...

      1. Navigate to the install directory (likely Program Files\OpenOffice.org)
      2. Click on soffice.exe
      3. Watch as OO.o runs user-specific installation

      Compare to Microsoft Office, as a non-admin user...

      1. Click Start -> Programs and find the Microsoft $APP icons
      2. Click the one you want to launch (ie. Microsoft Word)
      3. Watch as Microsoft Office prompts you to enter your user info/initials/etc.

      To clarify a bit more, Microsoft Office has a brief "per-user" setup associated with it, but it uses defaults instead of asking for some paths and whatnot. A simple, easily-visible example is to do a fresh install of Office on a 2000/XP machine, and launch Word/Excel/PP for the first time. You should see a brief "installing" dialog box for a few seconds, followed by the "User Information" dialog mentioned above.

      More interestingly, if I do a fresh install of Office on my XP box, and then immediately restart and login as a non-admin user without having run Office as Admin once, I get an annoying "please insert the Microsoft Office 2000 installation CD" message that won't let me pass, despite the fact that the previouss installation had successfully completed.

      My original point I was trying to make was that I don't understand why it has to be installed in such a way that there is per user setup in the first place.

      I don't have an idea myself, but I suspect it's simply designed that way because not every user will be using OO.o, so why create space-consuming personal files unless they're requested? Granted, it's only around 2MB of files. Just my guess, though.

      Users shouldn't be presented with setup or registration requests.

      I generally agree, but then, the installer (IIRC) just asks for a personal directory -- which the user *should* be able to choose, IMO, as they're the one who will be using/accessing it -- and user information, much like Word launches the "Please enter your name and initials" dialog on first run.

      I'm not criticizing your post at all, but to me the two things seem awfully similar. Hope that helps.

    6. Re:OpenOffice on Multiuser Windows Systems by sybarite · · Score: 1

      I really appreciate the time and detail of your post. It actually has been a while (v1.0) since I have tried to install OpenOffice on Citrix. I am going to suspend further comment until I spend some time first hand on this issue (after reading the FAQ ;) ) Thanks again.

  19. Future Versions of Windows by ibman · · Score: 2, Interesting

    Wasn't Microsoft planning to fix this problem in future versions of Windows by using virtual copies of the registry, so that each program could see its own copy of HKEY_LOCAL_MACHINE and do whatever it wanted to to the key because its copy wouldn't be the "real" master copy?

    1. Re:Future Versions of Windows by Anonymous Coward · · Score: 0

      I've read a lot of Windows internals all over the web and I always find that Microsoft programmers always implements things like that, I mean, trying to fix bad 3rd party programs behaviours changing the internal workings of the operating system, making it more unstable and harder to mantain.

      Why those applications that try to write into HKLM don't write into HKEY_CURRENT_USER? Isn't HKCU there for user-wide registry keys and HKLM for system-wide keys?

    2. Re:Future Versions of Windows by beerman2k · · Score: 1

      Yes, but even MS apps have this problem. For example: The caculator app that comes with Windows. If you run as non-admin it can't remember if its supposed to open in scientific or standard mode because this setting is stored in HLKM (doh!).

  20. Re:Not true by aoteoroa · · Score: 1

    I agree to a certain extent. Windows is a good workstation/network client.

    In our offices people use Windows, Mac, and (one)Linux workstations but everybody must save their files to the company file server, which has RAID drives, and backed up nightly to a remote location.

    So if Bob the programmer with admin access FUBARs his workstation then we have to reinstall windows and some apps but the data is safe.

  21. Re:Openoffice (and Firefox) by Goyuix · · Score: 1

    Firefox not installing plugins by default using an unprivileged thing is a GOOD THING. I think the poster of this article needs to step back and look at the security model and why it exists, not only that it exists.

    Many of the OSS apps I work with, work fine as long as you play by the rules (which is a huge part of security!). Can we mod an entire story as Troll?

  22. But FOSS apps? by bill_mcgonigle · · Score: 1

    Both the developer and user cultures are shaped by this, and the result is software which can't properly be secured. I'm not surprised. Are you?

    Yes. Not for typical Windows apps, you're right, but things like OpenOffice and Firefox derive from unix projects and work fine in a reduced permissions environment on unix builds.

    So why do they have trouble in reduced permissions environments for their Windows builds. Perhaps we blame the Windows porters for not being unix geeks, which goes back to your suggestion?

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:But FOSS apps? by daemon1010011010 · · Score: 0

      Firefox is not derived from a unix project. Neither is OOo, really. They are both meant to be cross-platform. I still agree that they should work better than they do with limited privlages. I've had a mozilla install only work with admin privilages because it writes all user files to a subfolder of the home of the user that installs it.

    2. Re:But FOSS apps? by Anonymous Coward · · Score: 0

      I thought the primary dev environment for Firefox was Win32. Is this incorrect?

  23. Gave Up by fozzmeister · · Score: 1

    My Ma and Pa are administrators, that i hate, OO.o installed in my account, didn't have the file associations transported to my mum and dads, wierdness...

  24. Local administrator by Matty_ · · Score: 2, Interesting

    When setting up the new Active Directory domain here, I decided that I would rather avoid these problems all together by giving users administrative rights to their own workstations.

    You can accomplish this by adding the user's domain account to the local Administrators group on the workstation. You set this on the system itself, not at the domain level. Doing so does not give the end users administrative rights to any other system -- just their workstation. No domain-wide administrative rights what-so-ever.

    I felt doing this gave users the flexibility they needed to do their jobs, but was restrictive enough to keep users out of each others' systems, which was a concern of mine.

  25. KDE on Linux has the same problem by Chemisor · · Score: 1

    Do you know how to get KDE to run with a read-only home directory? You won't find the answer in the documentation. Searching the net yields helpful advice to set KDE_HOME_READONLY=true, but it still doesn't work because DCOP wants to write its state file in the home directory (now, who came up with that idea?). Naturally, there is no help anywhere to be found. But, if you happen to be a programmer and have time to comb through hundreds of lines of code, you can figure out that you also need to set three additional variables, which let you run with a read-only home. Well, not exactly; you still need to put those state files somewhere, and as they are not uniquely named, /tmp is not really an option. So I'll put them in ~/.kde. To do this I had to set:

    DCOP_SAVE_DIR=$HOME/.kde
    ICEAUTHORITY=$HOME/.kd e/ICEauthority
    DCOPAUTHORITY=$HOME/.kde/DCOP_serv er

    So pull the log from your own eye before taking the speck from Microsoft's eye, for programmers assume excessive permissions on all platforms. And please, would somebody at least mention this in the documentation?

    1. Re:KDE on Linux has the same problem by ThinkTiM · · Score: 1

      What does locking down your home directory have to do with running with administrator privelages verses non-admin privelages? Most people use KDE in non-root mode most of the time, and occasionally enter a root password to do system-wide stuff.

    2. Re:KDE on Linux has the same problem by mibus · · Score: 1

      I'd hardly call being able to write to your own home directory "excessive permission"...

      If you can't write to your home directory, how can you write to ~/.kde/ to save the DCOP state anyway?

    3. Re:KDE on Linux has the same problem by Chemisor · · Score: 1

      > What does locking down your home directory have to
      > do with running with administrator privelages verses non-admin privelages?

      When a Windows application fails to run without Administrator privileges, it is usually because it wants to write someplace where it should not. For instance, many applications open their registry key requesting full access at all times regardless of whether anything is actually being written, even under HKEY_LOCAL_MACHINE. You can see the analogy clearly if you think of HKEY_LOCAL_MACHINE as being "locked down".

    4. Re:KDE on Linux has the same problem by Chemisor · · Score: 1

      > If you can't write to your home directory, how can
      > you write to ~/.kde/ to save the DCOP state anyway?

      My home directory is set with permissions 510 to prevent creation of unnecessary configuration files. It's not on a read-only filesystem.

      > I'd hardly call being able to write to your own
      > home directory "excessive permission"

      I would when the application does not need to write anything. Unless I customize its settings in some way, there is no reason for it to write a configuration file at all, and it most certainly should not refuse to run if it can not create one, like KDE does.

      Furthermore, there is the problem of having the DCOP state file in the first place. I can understand that they wanted multiple applications to find the DCOP server, but that is something X already does more appropriately by placing the protocol pipe globally in /tmp. If DCOP is by its nature a global service, like X, or sendmail, it should be run as such instead of writing superfluous files all over the place polluting my home directory at the root level. Another alternative would have been to look it up through IPC, which is appropriately transient and invisible to the user.

      X.org (6.8.1) is, by the way, another example of excessive permission requirement, wanting write access to /var/log to write its log instead of doing it through the syslog interface like a good application should. This means that I am forced to run X suid root even though it is using fbdev driver which does not require such extravagant privileges.

    5. Re:KDE on Linux has the same problem by ThinkTiM · · Score: 1

      Agreed, but I was replying to someone who was trying to make their whole home directory read-only and then run KDE. This is different than what the original thread is about.

    6. Re:KDE on Linux has the same problem by Chemisor · · Score: 1

      > I was replying to someone who was trying to make their whole home directory read-only

      No, you were replying to my post, and I only have my home directory with 510 permissions, not on a read-only fs. Of course, I don't think that having no user-writable file space should prevent KDE from starting. If I just want to run Konqueror to look at some web pages, why would I need to write anything? It's just plain bad design; that's what I think.

    7. Re:KDE on Linux has the same problem by mibus · · Score: 1

      I would when the application does not need to write anything. Unless I customize its settings in some way, there is no reason for it to write a configuration file at all, and it most certainly should not refuse to run if it can not create one, like KDE does.

      Except many apps consider "saveable settings" to include things not in their "Preferences" dialog - things like window states (position, size), open files, recent-files, etc. While a nice fallback of a "BTW these functions won't work" warning would be best, I can understand why nobody has gotten around to it yet! :-)

      I don't know much at all about DCOP, but yes it would be better if it would place files in /tmp/, and yes X.org should really use syslog unless explicitly configured not to.

      I do think that it's not an unfair assumption for apps to assume that they can write their config files in ~/, but they should at least gracefully error out.

  26. Mozilla Bug 232638 by Noksagt · · Score: 4, Informative
    You are absolutely wrong. The location of search plugins and extensions is distribution-secific. On my distro you can install extensions to:
    ~/.mozilla/firefox/default.{profile}/extensions
    which means individual users can install their own extensions (which I believe is what you refer to).

    Search plugins, which the story refers to on win32 & which I refer to in my response, are installed to the installation folder. On the box I'm currently on, that is:
    /usr/lib/MozillaFirefox/searchplugins
    you have to install as root with the default permissions.

    This is a known bug: look at bug #232638:
    https://bugzilla.mozilla.org/show_bug.cgi?id=23263 8
    (no linky because they don't allow links from slashdot)
  27. Run as... by Anonymous Coward · · Score: 0

    Microsoft has implemented an extremely good version of Run As (Think sudo).

    To run a program as another user, shift-right-click on the program and select Run As... from the context menu. You can also use the runas command from cmd.exe.

    More info is here:

    Run As

    Create Shortcut to Run As

    1. Re:Run as... by Anonymous Coward · · Score: 0
      Microsoft has implemented an extremely good version of Run As (Think sudo).

      More like plain su. Sudo is a very complicated program. Just look at the sudoers file man page. Microsoft's runas doesn't compare.

  28. Re:Openoffice (and Firefox) by jhoffoss · · Score: 1
    I disagree.

    There are three parts to security that many geeks (myself included, at first) do not typically comprehend.

    Confidentiality - Can I control access to a resource
    Integrity - Can I be sure that my resource has remained unharmed
    Availability - Can I use my resource

    In this case, not being able to install a plugin (as the original poster's and your example) is a loss of availability. If I'm to operate a normal user on my system, but I have to log out and back in as Administrator to install a simple plugin that, say, pulls an RSS feed, you can be certain that I will both view this is a big issue, and probably not use the product.

    That said, firefox is an exception in my book, but my solution is to run as Administrator, which is not a good solution either.

    In my opinion, this poster raises a *very* valid and important point with respect to all software, not just OSS. If the software I'm trying to use won't let me run Windows securely, (heh, like third-party software is all that's stopping that from happening...) it's an issue.

    --
    Linux: The world's best text-adventure game.
  29. As a matter of interest... by BrokenHalo · · Score: 1
    The submitter of the thread says that "Openoffice will continue to ask for registration until an Administrator stops it".

    On Linux this nag goes away if you simply say you're already registered. Is it different on winboxes?

    1. Re:As a matter of interest... by obeythefist · · Score: 1

      No, because OOo is trying to write the results of that question (no matter which way you answer) to an area of the filesystem/registry which is locked down to administrators only.

      It's unfortunate that the developers of OOo wrote the application this way. But, since it's open source, it should be quite easy to fix, and I anticipate a fix is probably right around the corner.

      --
      I am government man, come from the government. The government has sent me. -- G.I.R.
    2. Re:As a matter of interest... by arkanes · · Score: 1
      What the solution here should be is that it shouldn't display the nag screen at run time at all - it should be done at installation time only, when admin rights are legitimately needed.

      If you really feel the need to show it at runtime, then at least you should have the option to enter the info at install time - then it becomes an administrators problem if they didn't register/install OO correctly.

      There's also a capabilities limitation involved. It'd be kinda neat if there was a way that an application (Identified by a key pair or something? Hrm, have to think about that more...) would be able to write to a global section of the registry, but just that section - on of the common problems running as non-admin on windows is apps trying to store global per-application data, which they can't do without admin access. Of course, a lot of "global application" data really should be per-user.

  30. Re:Openoffice (and Firefox) by natmsincome.com · · Score: 1

    You don't want users to be able to install software.

    Realise that a plugin is software. If you can't install the plugin that pulls the RSS feed then you also can install a bad plugin that strips email addresses out of webpages and sends those users spam.

    If your installing and uninstalling software constanly then you ARE and admin (or doing admin work). You only want an admin to be able to install plugins as they affect every user on the machine.

    That being said in windows if you wanted to install a plugin then just run firefox as administrator while your installing it.

    Hold down + and right click on the icon on the desktop. There will be a new option called "Run As" this means you can run it as administrator to install the plugin then close it and reopen it as a limited user.

    Does this mean more work? YES. That's why most users run as administrator

  31. Not too bad a problem by sti · · Score: 1

    I am running Windows XP Pro and each member of my family has a limited user account. Additionally there is one account named "root" that has admin priviledges.

    I have found some software that does not work properly but usually I have found something to replace them.

    I have no problem with OpenOffice. I do not remember if I ran the setup while logged in as root or did I just right-click->RunAs it. Anyway, the limited user setup has to be done with a special -net switch. Read the installation docs.

    I used to have to install firefox extensions while logged as root, otherwise they would not install. However, I find that with Firefox 1.0 the extensions install just fine with my normal, limited account.

    Dr. Divx requires that I'm logged in as root. Why would a software that reads a file, crunches some numbers and writes another file, require admin priviledges? I have filed a bug report about it but I don't think the vendor took it seriously.

    I just hope more and more developers realize it is unacceptable to require admin priviledges on this day and age. If you find software that does a bad job with this, find something else to replace it and tell the vendor/developer that you dropped his software because it did not run without admin permissions.

  32. Re:Openoffice (and Firefox) by cbr2702 · · Score: 1
    You don't want users to be able to install software.

    Restricting users to preinstalled software does raise security. But users have traditionally had the ability to install and run software inside their home directories, and this is the default in XP, OS X, and UNIX. I'm not even sure it is possible in XP to keep execute permissions off homedirs.

    Realise that a plugin is software. If you can't install the plugin that pulls the RSS feed then you also can install a bad plugin that strips email addresses out of webpages and sends those users spam.

    Restricting someone to a limited account does not keep them from running software, just running software that wants to do certain things, like mess with the registry, %system32%, etc. Sending email is not one of those things. A firewall that allowed network acess only to preapproved programs on preapproved ports would be a real solution.

    If your installing and uninstalling software constanly then you ARE and admin (or doing admin work). You only want an admin to be able to install plugins as they affect every user on the machine.

    So now we're talking about users affecting other users. Sure I should be kept from adding plugins that will make your browser act differently than you are used to. But the browser should let me install plugins from within my homedir that affect only me.

    That being said in windows if you wanted to install a plugin then just run firefox as administrator while your installing it.

    That is reasonable when I as the admin want to make a plugin available for all users. But the option to install a plugin just for my own use should be available. And these users that we are trying to stop from "installing bad plugins" shouldn't have the administrator login.

    Hold down + and right click on the icon on the desktop. There will be a new option called "Run As" this means you can run it as administrator to install the plugin then close it and reopen it as a limited user.

    Just a note: limited users in XP have this "Run as" option available without the +.

    Does this mean more work? YES. That's why most users run as administrator

    The point is, program writers and the Windows secrity model make this much harder than it needs to be, and sometimes impossible.

    --


    This post written under Gentoo-linux with an SCO IP license.
  33. Re:Openoffice (and Firefox) by superyooser · · Score: 1
    That said, firefox is an exception in my book, but my solution is to run as Administrator, which is not a good solution either.

    My solution is to make the account a member of "Power Users." Or make a special Power User account and "Run As" Firefox as that user.

  34. In the case of firefox by phorm · · Score: 1

    Maybe what we need are user-level and administrator level plugins?

    Some plugins would be a useful thing for all users (such as perhaps a proxy chooser, which in XP I use for our laptop users), but others could be damn annoying if applied to everyone.

    A "please enter the root password" (or select admin user/password for XP) for global-level plugins would work nicely... and a ~/.mozilla/firefox/userplugins for the non-global ones...

  35. Installer & PocketPCs by hughk · · Score: 1

    I have a PDA running the PocketPC OS. It is very nicely integrated into a host Windows system which I have retained. However due to the wonderful Windows Installer, PocketPC software must be installed via Administrator on the host PC. WTF????? There is no admin on the PocketPC OS and I can manually install stuff without problems.

    --
    See my journal, I write things there
  36. Re:OOo by Anonymous Coward · · Score: 0

    IF OpenOffice IS open source THEN
    WHY DON'T YOU ELIMINATE
    the heavy 'ask for registration'?

    It's very RARE, WEIRD, RARE, WEIRD, ... that nobody eliminates 'ask for registration'.

  37. Re:Openoffice (and Firefox) by Anonymous Coward · · Score: 0

    Firefox install every kind of plugins, but only for a new search engine you need administrator privileges. And there is no information about that.