I do have a server like that, but without RAID. Deliberately, because I do not want all drives to spin up when I watch a movie. The rootfs is on IDE-FLASH and the system is silent when not in use. The redundancy solution in this product looks nice. Pity that it is closed source.
As a SuSE user I have ReiserFS filesystems on many systems, but on my mediaserver I used EXT3. It is slower, but for the operations done on this server it is not important. It looks like ReiserFS is on the way to be deprecated in Linux, and with no in-place conversion utilities available I would hate to be left with terabytes of data that is getting harder and harder to access.
Does the UnRaid support only SMB? Or can it do NFS as well?
It looks like what I want, especially the spin-down of unused drives and the separate use of each disk. What I like less is the mandatory use of ReiserFS. Any idea if they plan to support other filesystems?
We only use Java for random webpages that happen to use it. No internal apps or business-critical pages are using Java, afaik. So I just install the latest version. So I wrote a pre-installation script that finds all installed versions (usually only one) and uninstalls them. But again, this has to handle several different installers they have used. I generally clean it up after I am convinced that no older versions exist anymore (did that yesterday), but it remains a nuisance.
Then, I run the installation of the newest version. We normally try to do silent install via commandline parameters but in this case we still use an "automation" script and it has to be changed every time. Thanks for your info, I will use that instead. I normally try to run an installer with/? and maybe some other flags to see if it gives info about silent installs and when it doesn't I fall back to the automation thing. Our installations run in the weekend wihout users present so this usually works. But I like it when I can just put a new version into the installation directories and see it install OK instead of having to walk through the process again and again because the packagers can't make up their mind!
They may think that spam is a non-issue, but IMHO terrorism is a non-issue and they are still hunting that (only making it worse).
The problem is that the politicians do not understand what issues are. Everyone is affected by spam, so that is an issue. Everyone is affected by changes in climate and environment, so that is an issue. They should focus on that, instead of trying to extinguish a fire by blowing into it.
I always wonder (and I asked their support personnel several times) why they don't insert the same spamfilters in their OUTgoing mail flow as they do in their INcoming. That would almost solve their bad reputation as spam senders immediately.
But probably they are not at all interested in their reputation, only in their number of users. Even a spammer is a user, that will count once they want to sell-off their service.
* Problem with Spam traffic from India and China? Fine. Make a declaration internet traffic from those countries will be served from the Internet within 21 days unless all Spam activity ceases.
There are problems with this approach. 1. the allocation of IP addresses has been (and is continuing to be) done in a manner that makes it difficult to quickly block a whole country. AP-NIC allocates blocks of addresses in the entire Asian-Pacific region nearly sequentially and at very funny boundaries.
2. the spam source country varies a lot. you may have a problem with spam from China, but I have a lot more spam from the USA so I need to block that. While I already blocked many DSL/Cable provider netblocks to reduce the crap from infected Windows PCs a bit, there is an increasing risk of collateral damage.
Hotmail provides two addresses that at least generate an auto-reply:
report_spam@hotmail.com abuse@hotmail.com
However, there is a script behind it that usually replies back that the abuse is not from their systems. Even when it is. When you get past that filter, you get a reply that thanks you for the report, but never any further followup. (this used to be different in the past: then you sometimes got a reply about 3 weeks later from someone working at an outsourcing company in India complaining that they had to handle lots of mail so the processing got delayed a lot. and then usually some standard request for full headers (that were already in the report) or statement that they cannot do anything about it)
Yahoo is different. They close spamming accounts, or at least they claim to do so in the replies to abuse mail.
We don't deploy that we (we use unattended install via answerfiles, which IMHO is more versatile and maintainable) but I don't understand why you would need to keep a separate image per user. Do they want you to prepare each user's system from the preinstall done by Dell, adding software as each user likes, and then write back and keep the image in case a reinstall for that user is required? How many businesses work that way?
We just press F12 on the first powerup, boot from the network, and overwrite all of Dell's work immediately.
The interesting fact is that in some (many?) companies where OpenOffice.org was tried as an alternative to MS Office, the experiment was terminated because employees complained that they were not familiar with the program, they knew everything about MS Office, and the time required to learn the new program would be worth more than the price difference. So, it would be cheaper to buy MS Office than to use OpenOffice.org for free, just because of the training issues.
I wonder what those folks are going to do when Office 2007 becomes widely deployed. Something tells me that they are just going to adapt to it, book their time on some random project activities, without ever raising the same issues they did with OpenOffice learning curves.
Our website uses a:hover for a menu system, but it offers site navigation ( items in the head section) as an alternative. Unfortunately it appears that Safari does not support that, at least on Windows. So while a graceful degradation is offered, it is not being picked up.
But my youngest has had to submit her homework as MS Word.docs and MS Powerpoints in middle school and high school.
This unfortunately is how it starts. They are not required to submit their homework "done in a wordprocessor", but "done in MS Word". I have heard this discussion before. "I need a copy of MS Word". why? "because I have to use it for school". Can't you use OpenOffice.org? "No, we have to use MS Word!". That inconvenience is usually solved with piracy, but MS will not be worried because when the student has found work it will be another license sold.
The people working at Red Hat probably are not a good representation of the average worker. And the management probably is looking at employee comments about Windows and Office a bit differently.
Where I work, the average worker is specialized on alpha sciences and other nontechnical things, and they use Word to write a letter or report. Some of them are freelancers hired at an hourly rate. A few years ago we tried to switch to OOo. While it is true that at that time there were some minor problems, the main reason we went back to Microsoft Office was the constant complaining of employees that they did not know this package and "they knew how to use Office".
I seriously doubt that this was true. They probably had only superficial knowledge. But they just resisted to switch and claimed they lost time, wrote extra hours to compensate for that, and this quickly made the whole move uneconomical.
At Red Hat, the management probably would have said that if you cannot switch between Office and OOo in two hours you are not worth your money. And maybe rightfully so. But in the average company (or in our company at least) it does not work that way.
Of course, when people would learn OOo in school and then arrive at some workplace where it was used as well, the situation would be completely different. That is why Microsoft wants schools to use Office, not OOo.
Unfortunately, this widepread opinion leads to very ineffective use of office applications. You can just as well give your employees Wordpad.
Furthermore, in many businesses employees are not selected on being computer literate. It is assumed that everyone can use a computer. When Microsoft can twist the school system so that all young people are "Microsoft literate" instead of "computer literate", that has a very big effect on their future business and the viability of using alternative software.
Of course what makes this even more sensitive is that it is about schools. Microsoft know very well that when they issue a contract with schools to use their software, and they can sneak in the clause that no other software than theirs can be (factually or economically) used by those schools, they can almost give away their software and still make huge profits.
After all, the pupils coming out of those schools are pre-programmed to accept only Microsoft software. They don't even know there are alternatives. When they are employed somewhere, and they find Linux or OpenOffice, they claim "I have to be trained to work with this", and the employers are faces with training costs to use open software that they don't need to spend when Microsoft software is used.
This is put on the "cost of ownership" balance, and as training and other costs involving man-hours are often more expensive than software licenses, the balance quickly tips towards using Microsoft.
When the executable is run it downloads a new.exe and.dll from multiple hosts. The malware appears to be hosted on many machines, as the IP addresses are always different and are located in several countries, including the United States, China, Canada, and Romania. The downloaded malware attempts to find shares on the local network in order to create files. The process registers itself with the system to guarantee future runtime as well as getting hooked into standard operating system files.
Ok, so to infect the system the user has to be allowed to: - run executables from untrusted locations - download exe and dll files from the Internet - modify the machine part of the registry - write into standard operating system files.
It looks like network admin has to be pretty lousy for this to catch on! None of the above are allowed on our network, and I would say that at least 2 out of 4 should never be allowed on a Windows PC. (only outright idiots work as an Administrator or Power User all day...)
Indeed. I downloaded it only because it might offer a way to look at our website the way the Maccies do. I installed it on a Windows 2000 VM and it was a TOTAL PIECE OF CRAP. Almost nothing worked. I think it mentioned "Windows XP" somewhere so I'll try that this week, but I am not optimistic. Rendering was crap, text often wasn't displayed at all, proxy didn't work, looks are terrible.
You apparently live in a country where bicycles are such a minority that their effects on roads can be ignored. Here in the Netherlands, there are dedicated lanes and roads for bicycles and these don't come in existence by themselves. They have to be maintained for sure. And when you would look at busy times they sure can be overcrowded and may need to be widened in certain areas. But this is paid from taxes on cars, not bikes. Taxes on cars also pay for lanes and roads dedicated to public transport, where these cars are not allowed to drive themselves.
The situation around alternative fuels is quite the same here: the government always tries to radiate the impression that they are all for alternative energy and fuels, but at the same time they are very much concerned about the taxation. Any alternative fuel that cannot be taxed or does not have its price level connected to the oil price is a real threat to state income.
Anything below res.rr.com or adsl.tpnet.pl [east|dsl-w|fios].verizon.net (for example) are residential dynamic IP allocations.
I recently blocked all rr.com addresses and all IP nets that I could find belonging to rr.com because their admins are completely clueless. Multiple times I have sent abuse reports to abuse@rr.com about mail that arrived via their servers (multiple hops even) but they always immediately return a reply, probably automatic, that it is not their customer. In that case, it is easiest to block the entire provider and all its clients.
But I can only do that because we are not in the USA and do not do business with the USA.
have mail rejected until they find an admin who has enough of a clue
Note that it often is not the local admin, but their ISP that has no clue. Many ISPs selling business connections here do not worry at all about getting rDNS right.
Which is wrong according to RFC2821
There is a difference between something that is wrong, and something you can use as a base for blocking. At least, when you want to use it in a mailserver running for a business or for customers. Of course, in your own mailserver you can block anything you (don't) like, and so do I. But at work, when I block everything that is not completely RFC2821-compliant there is little mail left to process, and the boss will not like it.
Even as it is today, sometimes people wonder why they don't receive a certain message. A common way to "test" is to send the same message to another account, and when it arrives there the claim is "the sender is OK because someone else can receive it". Outsourced network admin does not help either.
I don't believe that! I am regularly monitoring our incoming SMTP traffic to see what extra rules I can implement at the protocol level (instead of in the scanning of the incoming mail), and there really isn't any filtering that can be done on reverse DNS without MASSIVE false-positives. Many, many valid businesses are running mailservers without rDNS or with generic rDNS based on their IP number. Also, manu valid servers send bogus names in their EHLO/HELO, including domain names ending in.local or servernames not present in external DNS.
About the only thing I have been able to block recently is the EHLO/HELO with a name without any dot in it. That blocks lots of botnet spam but still it occasionally blocks valid mail from clueless senders.
That's because they have no way of changing that without denying license payers in the UK access to the content for free.
That isn't true. Until about two years ago they encrypted their broadcast and allowed UK residents to view it for free by making available smartcards to them. However, they did so in association with the commercial TV companies (sharing their card), and apparently that deal was so expensive to them that they decided to end it.
But that does not mean there is "no way". E.g. here in the Netherlands the same (public broadcaster encrypting, cards available without subscription fee) is still being done. We have the same problem, though: the company doing the sat encryption is increasing their service fees all the time.
When deciding between RAID and JBOD in a media server, you should also keep in mind the noise level and power demand. In a system with 5-10 disks used for media storage, you will need to run an entire RAID group, probably 5 disks, when playing or recording on a RAID array, while when using JBOD you only need to run the disk the actual recording is made on. This of course assumes you have a separate filesystem on each disk and manage the distribution of data yourself, not via some LVM scheme. I have setup my media server to stop disks after about 10 minutes of idle, and this makes quite a big difference in power consumption and noise level (the thing is in the living room). It is also easier to add or upgrade disks. Of course there is the risk of data loss when a disk breaks down, but I don't value my collection that high that the loss of a part of that would be a disaster. (you could always keep the really valuable items on more than one disk, or you could make backups. trouble is that a usable backup medium for terabyte capacities does not exist in the consumer market)
My personal experience is only with Windows in a domain. There is no "switch user" in that environment. You need to log off, log on as an administrator, and perform the installs. The way we have configured things, the workstation administrator has no access to Internet. This increases security because you cannot pickup a trojan because of surfing the Internet in administrator mode. After installing something you need to logon as a normal user to do any useful work.
Of course you can use "run as..." to install something but this does not always work correctly in 2000/XP (sometimes programs are not installed for all users when it is done this way)
Slashdot Mirror
I do have a server like that, but without RAID. Deliberately, because I do not want all drives to spin up when I watch a movie. The rootfs is on IDE-FLASH and the system is silent when not in use.
The redundancy solution in this product looks nice. Pity that it is closed source.
As a SuSE user I have ReiserFS filesystems on many systems, but on my mediaserver I used EXT3. It is slower, but for the operations done on this server it is not important. It looks like ReiserFS is on the way to be deprecated in Linux, and with no in-place conversion utilities available I would hate to be left with terabytes of data that is getting harder and harder to access.
Does the UnRaid support only SMB? Or can it do NFS as well?
It looks like what I want, especially the spin-down of unused drives and the separate use of each disk.
What I like less is the mandatory use of ReiserFS. Any idea if they plan to support other filesystems?
Do you have actual experience with this product?
We only use Java for random webpages that happen to use it. No internal apps or business-critical pages are using Java, afaik. So I just install the latest version.
/? and maybe some other flags to see if it gives info about silent installs and when it doesn't I fall back to the automation thing. Our installations run in the weekend wihout users present so this usually works. But I like it when I can just put a new version into the installation directories and see it install OK instead of having to walk through the process again and again because the packagers can't make up their mind!
So I wrote a pre-installation script that finds all installed versions (usually only one) and uninstalls them. But again, this has to handle several different installers they have used. I generally clean it up after I am convinced that no older versions exist anymore (did that yesterday), but it remains a nuisance.
Then, I run the installation of the newest version. We normally try to do silent install via commandline parameters but in this case we still use an "automation" script and it has to be changed every time. Thanks for your info, I will use that instead.
I normally try to run an installer with
Can anyone explain why Sun changes the name of the package with every minor version?
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
What will the next update be called? J2SE Runtime Environment 6.0 Update 3?
Installer changes every time, too. It is just inconvenient for those that want to do unattended installs.
They may think that spam is a non-issue, but IMHO terrorism is a non-issue and they are still hunting that (only making it worse).
The problem is that the politicians do not understand what issues are. Everyone is affected by spam, so that is an issue. Everyone is affected by changes in climate and environment, so that is an issue. They should focus on that, instead of trying to extinguish a fire by blowing into it.
I always wonder (and I asked their support personnel several times) why they don't insert the same spamfilters in their OUTgoing mail flow as they do in their INcoming.
That would almost solve their bad reputation as spam senders immediately.
But probably they are not at all interested in their reputation, only in their number of users. Even a spammer is a user, that will count once they want to sell-off their service.
* Problem with Spam traffic from India and China? Fine. Make a declaration internet traffic from those countries will be served from the Internet within 21 days unless all Spam activity ceases.
There are problems with this approach.
1. the allocation of IP addresses has been (and is continuing to be) done in a manner that makes it difficult to quickly block a whole country. AP-NIC allocates blocks of addresses in the entire Asian-Pacific region nearly sequentially and at very funny boundaries.
2. the spam source country varies a lot. you may have a problem with spam from China, but I have a lot more spam from the USA so I need to block that. While I already blocked many DSL/Cable provider netblocks to reduce the crap from infected Windows PCs a bit, there is an increasing risk of collateral damage.
Hotmail provides two addresses that at least generate an auto-reply:
report_spam@hotmail.com
abuse@hotmail.com
However, there is a script behind it that usually replies back that the abuse is not from their systems. Even when it is.
When you get past that filter, you get a reply that thanks you for the report, but never any further followup.
(this used to be different in the past: then you sometimes got a reply about 3 weeks later from someone working at an outsourcing company in India complaining that they had to handle lots of mail so the processing got delayed a lot. and then usually some standard request for full headers (that were already in the report) or statement that they cannot do anything about it)
Yahoo is different. They close spamming accounts, or at least they claim to do so in the replies to abuse mail.
We don't deploy that we (we use unattended install via answerfiles, which IMHO is more versatile and maintainable) but I don't understand why you would need to keep a separate image per user.
Do they want you to prepare each user's system from the preinstall done by Dell, adding software as each user likes, and then write back and keep the image in case a reinstall for that user is required?
How many businesses work that way?
We just press F12 on the first powerup, boot from the network, and overwrite all of Dell's work immediately.
What does it matter what is installed? The first thing done is a wipe and install...
The interesting fact is that in some (many?) companies where OpenOffice.org was tried as an alternative to MS Office, the experiment was terminated because employees complained that they were not familiar with the program, they knew everything about MS Office, and the time required to learn the new program would be worth more than the price difference.
So, it would be cheaper to buy MS Office than to use OpenOffice.org for free, just because of the training issues.
I wonder what those folks are going to do when Office 2007 becomes widely deployed. Something tells me that they are just going to adapt to it, book their time on some random project activities, without ever raising the same issues they did with OpenOffice learning curves.
Our website uses a:hover for a menu system, but it offers site navigation ( items in the head section) as an alternative.
Unfortunately it appears that Safari does not support that, at least on Windows. So while a graceful degradation is offered, it is not being picked up.
Whose fault is that?
But my youngest has had to submit her homework as MS Word .docs and MS Powerpoints in middle school and high school.
This unfortunately is how it starts. They are not required to submit their homework "done in a wordprocessor", but "done in MS Word".
I have heard this discussion before. "I need a copy of MS Word". why? "because I have to use it for school". Can't you use OpenOffice.org? "No, we have to use MS Word!".
That inconvenience is usually solved with piracy, but MS will not be worried because when the student has found work it will be another license sold.
The people working at Red Hat probably are not a good representation of the average worker. And the management probably is looking at employee comments about Windows and Office a bit differently.
Where I work, the average worker is specialized on alpha sciences and other nontechnical things, and they use Word to write a letter or report. Some of them are freelancers hired at an hourly rate.
A few years ago we tried to switch to OOo. While it is true that at that time there were some minor problems, the main reason we went back to Microsoft Office was the constant complaining of employees that they did not know this package and "they knew how to use Office".
I seriously doubt that this was true. They probably had only superficial knowledge. But they just resisted to switch and claimed they lost time, wrote extra hours to compensate for that, and this quickly made the whole move uneconomical.
At Red Hat, the management probably would have said that if you cannot switch between Office and OOo in two hours you are not worth your money. And maybe rightfully so. But in the average company (or in our company at least) it does not work that way.
Of course, when people would learn OOo in school and then arrive at some workplace where it was used as well, the situation would be completely different.
That is why Microsoft wants schools to use Office, not OOo.
Unfortunately, this widepread opinion leads to very ineffective use of office applications. You can just as well give your employees Wordpad.
Furthermore, in many businesses employees are not selected on being computer literate. It is assumed that everyone can use a computer.
When Microsoft can twist the school system so that all young people are "Microsoft literate" instead of "computer literate", that has a very big effect on their future business and the viability of using alternative software.
Of course what makes this even more sensitive is that it is about schools.
Microsoft know very well that when they issue a contract with schools to use their software, and they can sneak in the clause that no other software than theirs can be (factually or economically) used by those schools, they can almost give away their software and still make huge profits.
After all, the pupils coming out of those schools are pre-programmed to accept only Microsoft software. They don't even know there are alternatives.
When they are employed somewhere, and they find Linux or OpenOffice, they claim "I have to be trained to work with this", and the employers are faces with training costs to use open software that they don't need to spend when Microsoft software is used.
This is put on the "cost of ownership" balance, and as training and other costs involving man-hours are often more expensive than software licenses, the balance quickly tips towards using Microsoft.
When the executable is run it downloads a new .exe and .dll from multiple hosts. The malware appears to be hosted on many machines, as the IP addresses are always different and are located in several countries, including the United States, China, Canada, and Romania. The downloaded malware attempts to find shares on the local network in order to create files. The process registers itself with the system to guarantee future runtime as well as getting hooked into standard operating system files.
Ok, so to infect the system the user has to be allowed to:
- run executables from untrusted locations
- download exe and dll files from the Internet
- modify the machine part of the registry
- write into standard operating system files.
It looks like network admin has to be pretty lousy for this to catch on!
None of the above are allowed on our network, and I would say that at least 2 out of 4 should never be allowed on a Windows PC.
(only outright idiots work as an Administrator or Power User all day...)
I have not read it will not work on Windows 2000 and the installer never mentioned a compatibility problem.
Indeed. I downloaded it only because it might offer a way to look at our website the way the Maccies do.
I installed it on a Windows 2000 VM and it was a TOTAL PIECE OF CRAP. Almost nothing worked.
I think it mentioned "Windows XP" somewhere so I'll try that this week, but I am not optimistic.
Rendering was crap, text often wasn't displayed at all, proxy didn't work, looks are terrible.
You apparently live in a country where bicycles are such a minority that their effects on roads can be ignored.
Here in the Netherlands, there are dedicated lanes and roads for bicycles and these don't come in existence by themselves. They have to be maintained for sure. And when you would look at busy times they sure can be overcrowded and may need to be widened in certain areas.
But this is paid from taxes on cars, not bikes. Taxes on cars also pay for lanes and roads dedicated to public transport, where these cars are not allowed to drive themselves.
The situation around alternative fuels is quite the same here: the government always tries to radiate the impression that they are all for alternative energy and fuels, but at the same time they are very much concerned about the taxation. Any alternative fuel that cannot be taxed or does not have its price level connected to the oil price is a real threat to state income.
Anything below res.rr.com or adsl.tpnet.pl [east|dsl-w|fios].verizon.net (for example) are residential dynamic IP allocations.
I recently blocked all rr.com addresses and all IP nets that I could find belonging to rr.com because their admins are completely clueless.
Multiple times I have sent abuse reports to abuse@rr.com about mail that arrived via their servers (multiple hops even) but they always immediately return a reply, probably automatic, that it is not their customer.
In that case, it is easiest to block the entire provider and all its clients.
But I can only do that because we are not in the USA and do not do business with the USA.
have mail rejected until they find an admin who has enough of a clue
Note that it often is not the local admin, but their ISP that has no clue. Many ISPs selling business connections here do not worry at all about getting rDNS right.
Which is wrong according to RFC2821
There is a difference between something that is wrong, and something you can use as a base for blocking. At least, when you want to use it in a mailserver running for a business or for customers.
Of course, in your own mailserver you can block anything you (don't) like, and so do I. But at work, when I block everything that is not completely RFC2821-compliant there is little mail left to process, and the boss will not like it.
Even as it is today, sometimes people wonder why they don't receive a certain message. A common way to "test" is to send the same message to another account, and when it arrives there the claim is "the sender is OK because someone else can receive it". Outsourced network admin does not help either.
I don't believe that! .local or servernames not present in external DNS.
I am regularly monitoring our incoming SMTP traffic to see what extra rules I can implement at the protocol level (instead of in the scanning of the incoming mail), and there really isn't any filtering that can be done on reverse DNS without MASSIVE false-positives.
Many, many valid businesses are running mailservers without rDNS or with generic rDNS based on their IP number.
Also, manu valid servers send bogus names in their EHLO/HELO, including domain names ending in
About the only thing I have been able to block recently is the EHLO/HELO with a name without any dot in it. That blocks lots of botnet spam but still it occasionally blocks valid mail from clueless senders.
That's because they have no way of changing that without denying license payers in the UK access to the content for free.
That isn't true. Until about two years ago they encrypted their broadcast and allowed UK residents to view it for free by making available smartcards to them.
However, they did so in association with the commercial TV companies (sharing their card), and apparently that deal was so expensive to them that they decided to end it.
But that does not mean there is "no way". E.g. here in the Netherlands the same (public broadcaster encrypting, cards available without subscription fee) is still being done. We have the same problem, though: the company doing the sat encryption is increasing their service fees all the time.
When deciding between RAID and JBOD in a media server, you should also keep in mind the noise level and power demand.
In a system with 5-10 disks used for media storage, you will need to run an entire RAID group, probably 5 disks, when playing or recording on a RAID array, while when using JBOD you only need to run the disk the actual recording is made on. This of course assumes you have a separate filesystem on each disk and manage the distribution of data yourself, not via some LVM scheme.
I have setup my media server to stop disks after about 10 minutes of idle, and this makes quite a big difference in power consumption and noise level (the thing is in the living room).
It is also easier to add or upgrade disks. Of course there is the risk of data loss when a disk breaks down, but I don't value my collection that high that the loss of a part of that would be a disaster.
(you could always keep the really valuable items on more than one disk, or you could make backups. trouble is that a usable backup medium for terabyte capacities does not exist in the consumer market)
My personal experience is only with Windows in a domain. There is no "switch user" in that environment. You need to log off, log on as an administrator, and perform the installs.
The way we have configured things, the workstation administrator has no access to Internet. This increases security because you cannot pickup a trojan because of surfing the Internet in administrator mode.
After installing something you need to logon as a normal user to do any useful work.
Of course you can use "run as..." to install something but this does not always work correctly in 2000/XP (sometimes programs are not installed for all users when it is done this way)