All good things must come to an end, and that includes popular and robust operating systems that outlive their life span. Microsoft is retiring support for its desktop OS Windows 7 and its server OS Windows 2008 as of Jan. 14, 2020. This includes all versions of these operating systems for businesses and consumers with the exception of federally certified voting systems that run Windows 7. This doesn’t mean these operating systems will fail on Jan. 15, 2020, but be forewarned: You will not be able to get support for them from Microsoft, nor will Microsoft release any further security patches for them, which puts your systems at risk.
Small businesses can purchase Windows 7 updates from Microsoft, although you’ll have to pay $25 per device for Windows 7 Enterprise and $50 per device for Windows 7 Professional for the first year of support. The price doubles sequentially for years two and three.
I recommend against pouring more money into obsolete systems and, where possible, to upgrade desktops to Windows 10 and servers to at least Windows Server 2012, though if you’re going to go through the pain of upgrading it’s probably better to shoot for Windows Server 2016 or, better yet, Windows Server 2019, as that will give you the most time before having to upgrade again.
In order to know what to upgrade, you must have some sort of inventory report provided by a centralized administration product like System Center Configuration Manager, inFlow Inventory, or ZhenHub. These should be able to give you a list of systems that will be affected so you can get started.
Server upgrades are easy enough, especially with redundant systems. You’ll probably have to wade through change requests if you’re working for a large company and schedule some late night or weekend work. The good news is it’s possible to upgrade to a newer server version and keep the same hostname, settings, applications, etc.–it’s even better if you can pull it off via automation such as with System Center Configuration Manager.
Desktop upgrades are trickier. You can use the upgrade process to switch from Windows 7 to Windows 10, and this will also work through automated means, but often there is chaos and confusion among the user community.
Be prepared for apps that don’t work, settings that didn’t transfer, and the possibility of lost data. I always recommend having users back up their data to a centralized server such as a file share and make them responsible for it so they own and share the process.
If you can’t upgrade a Windows 7 machine (or series of machines) yet, you do have a few options in addition to paying for support:
- Make the system offline only, if network access isn’t needed (take it off the wired or wireless network).
- If network access is needed, put the system on a separate subnet and only permit access to and from it for authorized systems. Make sure to narrow the ports permitted to connect to and from this system so that only needed ports are open.
- Remove all unnecessary apps and disable any unneeded services.
- If the system is a virtual machine, take periodic snapshots of it, so if it becomes affected by a vulnerability, you can restore the snapshot easily.
- Ensure this system is not permitted to access the internet unless it is necessary for functionality. Ensure a proxy server is in place and will only permit access to authorized sites.
- Make sure the system has anti-malware software on it, and it’s regularly updated.
This was originally posted by TechReplublic.