Using 2003 or XP? Something older? I have little sympathy for you. Things get old. Software is constantly evolving and those creating it utilize new features and capabilities that (in theory) bring you more capabilities and ease of use. It's impossible for any software developer to support everything they've ever created indefinitely. Their abilities to continue innovating would grind to a halt. Even for the largest of companies, like Microsoft. They MUST cut off support at some point. Microsoft has, it would seem, set this standard to 10 years. Given how long that is and the advancements that can be done in 10 years, in my opinion, that is reasonable. XP and Server 2003 are now 14+ years old. WELL BEYOND their support life.
Now I'm confident Microsoft doesn't actively seek to "break" their newer products ability to connect to the older, now unsupported ones, but I would say it's reasonable to EXPECT they no longer test and see if a Windows 10 computer can connect to a 2003 domain. They MAY, at points, decide to remove functionality from 10 but I'm confident they do so to improve security. And if that aspect that is removed happens to be the "main" way something was done in an older version that is no longer supported? Well, they warned you!
Ten years is a reasonable time frame. If you're using what is now antiquated technology, I have little sympathy.
"Fine Lee, but what about me - I use a program that controls a device that requires it run on Windows NT 4.0? [or 2000] [or XP] [or 2003]?". First, is it the cold hard truth that you have no choice about that? Is it possibly you're running this program /using this device because it means you'd have to spend some money? Specifically to get a new version that does support the newer operating systems? Or perhaps there's a competitor that provides similar product but you don't want to spend the money on it and learn it? Not an excuse. Proper management means when you bought this you should have immediately started planning for it's replacement. If you can push that replacement, great, but PLAN for it at the time of purchase and you won't put yourself in this position. That planning means saving/pricing your goods or services so you can save for the devices replacement. Car manufacturers have to retool or go out of business because every other manufacturer will and put them out of business with newer, better manufacturing methods. What makes you so special you don't think you have to do this? Even if you are in a niche market, consider the havoc forced lax security would cause when the device you're using requires you to use outdated software.
At the end of the day, you have the control. the problem is you weigh the risks and think it's worth it. Until it's not. Until you're out of business because your ancient software was hacked by malicious people for whatever reason - extortion, competitive advantage, hatred by an exployee, whatever. And it could have been prevented if you just did the right thing... I feel for your employees... but NOT you.
Now rant said, there CAN still be, in my opinion and experience, RARE occasions where you can be forced to use out-dated technology. In those instances, you *MUST* take severe precautions. Backups. FREQUENTLY. And the computer running the unsupported software should be isolated from the rest of the company network. Find ways to make it work that don't just minimize the chance of a problem with the rest of the network - those ways should all but eliminate that chance!
Abstract: If you execute malware with an administrative user, your data is almost lost - but alas, there is still windows defender, which, with its tamper protection cannot be deactivated without manual interaction by the admin himself. But what about safe mode? If the ransomware can modify the boot options, it can restart the machine to safe mode and defender is off, there.
Now for my 2 cents: safe mode cannot be reached without suspending bitlocker, first. So why would Microsoft not add a tamper protection to bitlocker as well? That's worth considering, Microsoft!