Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Is Windows XP (without support) OK as a dumb workstation in a VDI environment?

Posted on 2014-01-18
Medium Priority
Last Modified: 2014-01-23
I previously closed my related question, "What's the best Desktop Virtualization model?" with good answers from Andrew Hancock and Rindi.

Let's say it's a given that users need to use  local printers, USB printers, USB devices (iphones, cameras), handheld scanners, scanners, and USB flash drives for documents ... What does that imply about the choice of OS for the workstation?  Does this make it a whole lot easier to recommend Microsoft workstations?

The point is that we already have XP licenses for our existing 20 (old) workstations, and the hardware is still working.

Andrew mentioned that "Windows XP can be dumbed down and locked, so it just becomes a Windows XP dumb terminal running RDP."

Summary of this new question:
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?
2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

Question by:Dwight Baer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39790865
You will get differing opinions on this issue. Mine, however, is that security exploits already attempt to break security barriers to get an OS to do what it shouldn't. Like give a non-admin account escalated (admin) privileges. So "locking down" XP won't help of the exploit is bypassing those lockdown measures. Using XP will be high security risk. Full stop. I'd not do it.
LVL 123

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39790888
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?

Yes, because you are only using the OS, you will need to use a Client to access your VDI environment, which will use a username and password to access, so does it really matter, what happenes to end PC?

Also when an OS goes out of support, the exploits normally turn to current OS, e.g. Windows 7 and Windows 8.

Where is the security risk and too what? You would have to analyse Where is the Risk?

 Any OS, has a security issue, which needs regular patching,. even if you were to change the OS to Linux, you would have to regularly patch?

The Best VDI Client is Windows, Windows is the most compatible VDI client. If you require USB support with Windows 2012, you will need to use RemoteFX, and Windows 7 or Windows 8, so you will need to replace ALL your clients with something else, Linux is not supported as a client. Also, I'm not sure your hardware is scaled and suitable for a FULL 20 VM Deployment for VDI.

2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

It's better suited and compatible, yes you can do RDP via Linux, but that's it. No USB support, because that needs RemoteFX, and RDP (Windows 7 and Windows 8).

Windows XP/7/8 is the Best Thin Client (RDP, RemoteFX), and with the price of PCs, purchasing 20 in one lot, is probably cheaper than the hardware required for a 20 user concurrent VDI deployment, if you needed correctly availability and 2 servers.

Required Memory for Windows 7, 2-4GB per VM, 2vCPU.

So you are looking at a server with at least 40GB - 80GB, so your servers, are going to have at least 40GB minimum.

You have many things to consider, and look at the options, and decide.

Most of our clients, use their hardware, until it fails, and then replace with thin clients, but these cost as much as a laptop or deskop PC, but have a longer life, so the manufacturers tell us, until the next OS comes out, and they are not supported!

So with a thin client it's life is probably 3-6 years, before you have to replace to use newer features in e.g. Windows 2015?/Citrix 10/Horizon View 7
LVL 34

Assisted Solution

Michael-Best earned 100 total points
ID: 39790903
XP is a good and stable OS.
The stoppage of support from microsoft (somewhat) reduces XP security from online hackers..
If not conected online there is zero threat from hackers.
Hackers usually target newer OS PCs.
Continuing to use XP should not pose any problems.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 100 total points
ID: 39790987
Running XP after the end of support, maybe even now, is a liability. Windows 7/8 isn't perfect, but it is hardened through continual updates and support. As a VDI terminal, XP is subject to the same exploits as it were a regular desktop O.S. It just will not be as noticeable in its "dumbed-down" condition. That could be even worse as a compromised machine may exist on the network and not be found through regular activity. It would be best to upgrade any existing XP computers to Windows 7 at the very least.
LVL 15

Assisted Solution

Perarduaadastra earned 100 total points
ID: 39791199
Put simply, if the XP computers have any exposure to the internet, then continuing to use it is a bad idea. The idea that hackers will turn away from it in pursuit of exploits for later versions is, in my view, unsustainable. Hackers are always looking for the easiest method of gaining access to computer systems and obsolete OSes simply facilitate that, as any weaknesses discovered after support for them has ended will not be fixed, ever.

However, I have a client who runs a small office on an Windows Server 2003 network that was installed in mid-2004 and has had no patches or updates since that time because he took a decision at the outset to have no internet access to or from his LAN. Email and internet is handled by a single modern PC that has all the latest updates, anti-virus, etc., so if anything bad happens he is concerned with only one computer and not his entire system. The drawback is that eventually new hardware such as printers won't have driver support for the OS he's using; that and inevitable hardware failure will force him into upgrading if nothing else does. Still, using the same computer system ten years on and counting is no mean feat in this day and age...

I grant you that for most companies this approach is unworkable, but it's the only safe one if you intend to continue using XP past its EOL date.

Assisted Solution

by:Dwight Baer
Dwight Baer earned 0 total points
ID: 39791204
I am indeed hearing a variety of opinions.

I think Andrew has a point:  What is the worst that can happen to a "dumbed-down" XP machine functioning as a workstation offering Remote Desktop Service?  The data is stored elsewhere.  If the machine stops functioning, it can be easily swapped out.

The only drawback to using XP seems to be USB support.

I'm guessing that I'll propose using the XP machines as workstations wherever USB support isn't an issue.

But where it IS an issue ... then do I have to buy a Windows 8 license for both the workstation and the instance of that user's desktop on the server?  

I've read the following but I don't really understand the licensing question:


I understand that both the above articles are quite old. But I'm not finding anything newer.

LVL 123

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39791249
Yes, you do, you need a license for the Workstation, and a License for the VDI (Workstation).

So in effect you would need 40 x Windows 8 Licenses.

and also ensure your Server, has support for SLAT (Extended Page Tables), and a supported graphics card (GPU) that supported RemoteFX (DirectX 11).

and enough memory to run all the VDI workstations concurrently.
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39791514
To my mind, the worst thing that can happen is the XP client can itself be used to capture credentials (including to your RDS machine), send spam, be used as anlainchpad fpr pther blended-threat attacks...

Yeah. I still think it is a terrible idea and would never do it.

Author Closing Comment

by:Dwight Baer
ID: 39802542
I haven't decided yet.  Thankfully I have a colleague (more senior than myself) who will also have an opinion.  
I am honored to have 5 experts weigh in with your carefully-thought-out suggestions ... including the top two gurus in the list that I see to the right of my screen.  Thanks very much, all.
The only reason I gave Andrew Hancock the "best solution" designation is because he has stuck with me since I posted a similar question yesterday, and because of the volume of his words.  :)  Truthfully, Cliff, the majority of the posts are in agreement with you.  But my guess is if the customer decides to try to get some more service from his old XP machines, he will not be alone amongst XP users who are willing to take a chance when MS support ceases in a few months.
Thanks again.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question