Is Windows XP (without support) OK as a dumb workstation in a VDI environment?

Posted on 2014-01-18
Last Modified: 2014-01-23
I previously closed my related question, "What's the best Desktop Virtualization model?" with good answers from Andrew Hancock and Rindi.

Let's say it's a given that users need to use  local printers, USB printers, USB devices (iphones, cameras), handheld scanners, scanners, and USB flash drives for documents ... What does that imply about the choice of OS for the workstation?  Does this make it a whole lot easier to recommend Microsoft workstations?

The point is that we already have XP licenses for our existing 20 (old) workstations, and the hardware is still working.

Andrew mentioned that "Windows XP can be dumbed down and locked, so it just becomes a Windows XP dumb terminal running RDP."

Summary of this new question:
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?
2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

Question by:Dwight Baer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 225 total points
ID: 39790865
You will get differing opinions on this issue. Mine, however, is that security exploits already attempt to break security barriers to get an OS to do what it shouldn't. Like give a non-admin account escalated (admin) privileges. So "locking down" XP won't help of the exploit is bypassing those lockdown measures. Using XP will be high security risk. Full stop. I'd not do it.
LVL 120

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 200 total points
ID: 39790888
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?

Yes, because you are only using the OS, you will need to use a Client to access your VDI environment, which will use a username and password to access, so does it really matter, what happenes to end PC?

Also when an OS goes out of support, the exploits normally turn to current OS, e.g. Windows 7 and Windows 8.

Where is the security risk and too what? You would have to analyse Where is the Risk?

 Any OS, has a security issue, which needs regular patching,. even if you were to change the OS to Linux, you would have to regularly patch?

The Best VDI Client is Windows, Windows is the most compatible VDI client. If you require USB support with Windows 2012, you will need to use RemoteFX, and Windows 7 or Windows 8, so you will need to replace ALL your clients with something else, Linux is not supported as a client. Also, I'm not sure your hardware is scaled and suitable for a FULL 20 VM Deployment for VDI.

2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

It's better suited and compatible, yes you can do RDP via Linux, but that's it. No USB support, because that needs RemoteFX, and RDP (Windows 7 and Windows 8).

Windows XP/7/8 is the Best Thin Client (RDP, RemoteFX), and with the price of PCs, purchasing 20 in one lot, is probably cheaper than the hardware required for a 20 user concurrent VDI deployment, if you needed correctly availability and 2 servers.

Required Memory for Windows 7, 2-4GB per VM, 2vCPU.

So you are looking at a server with at least 40GB - 80GB, so your servers, are going to have at least 40GB minimum.

You have many things to consider, and look at the options, and decide.

Most of our clients, use their hardware, until it fails, and then replace with thin clients, but these cost as much as a laptop or deskop PC, but have a longer life, so the manufacturers tell us, until the next OS comes out, and they are not supported!

So with a thin client it's life is probably 3-6 years, before you have to replace to use newer features in e.g. Windows 2015?/Citrix 10/Horizon View 7
LVL 34

Assisted Solution

Michael-Best earned 25 total points
ID: 39790903
XP is a good and stable OS.
The stoppage of support from microsoft (somewhat) reduces XP security from online hackers..
If not conected online there is zero threat from hackers.
Hackers usually target newer OS PCs.
Continuing to use XP should not pose any problems.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 25 total points
ID: 39790987
Running XP after the end of support, maybe even now, is a liability. Windows 7/8 isn't perfect, but it is hardened through continual updates and support. As a VDI terminal, XP is subject to the same exploits as it were a regular desktop O.S. It just will not be as noticeable in its "dumbed-down" condition. That could be even worse as a compromised machine may exist on the network and not be found through regular activity. It would be best to upgrade any existing XP computers to Windows 7 at the very least.
LVL 15

Assisted Solution

Perarduaadastra earned 25 total points
ID: 39791199
Put simply, if the XP computers have any exposure to the internet, then continuing to use it is a bad idea. The idea that hackers will turn away from it in pursuit of exploits for later versions is, in my view, unsustainable. Hackers are always looking for the easiest method of gaining access to computer systems and obsolete OSes simply facilitate that, as any weaknesses discovered after support for them has ended will not be fixed, ever.

However, I have a client who runs a small office on an Windows Server 2003 network that was installed in mid-2004 and has had no patches or updates since that time because he took a decision at the outset to have no internet access to or from his LAN. Email and internet is handled by a single modern PC that has all the latest updates, anti-virus, etc., so if anything bad happens he is concerned with only one computer and not his entire system. The drawback is that eventually new hardware such as printers won't have driver support for the OS he's using; that and inevitable hardware failure will force him into upgrading if nothing else does. Still, using the same computer system ten years on and counting is no mean feat in this day and age...

I grant you that for most companies this approach is unworkable, but it's the only safe one if you intend to continue using XP past its EOL date.

Assisted Solution

by:Dwight Baer
Dwight Baer earned 0 total points
ID: 39791204
I am indeed hearing a variety of opinions.

I think Andrew has a point:  What is the worst that can happen to a "dumbed-down" XP machine functioning as a workstation offering Remote Desktop Service?  The data is stored elsewhere.  If the machine stops functioning, it can be easily swapped out.

The only drawback to using XP seems to be USB support.

I'm guessing that I'll propose using the XP machines as workstations wherever USB support isn't an issue.

But where it IS an issue ... then do I have to buy a Windows 8 license for both the workstation and the instance of that user's desktop on the server?  

I've read the following but I don't really understand the licensing question:


I understand that both the above articles are quite old. But I'm not finding anything newer.

LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 200 total points
ID: 39791249
Yes, you do, you need a license for the Workstation, and a License for the VDI (Workstation).

So in effect you would need 40 x Windows 8 Licenses.

and also ensure your Server, has support for SLAT (Extended Page Tables), and a supported graphics card (GPU) that supported RemoteFX (DirectX 11).

and enough memory to run all the VDI workstations concurrently.
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 225 total points
ID: 39791514
To my mind, the worst thing that can happen is the XP client can itself be used to capture credentials (including to your RDS machine), send spam, be used as anlainchpad fpr pther blended-threat attacks...

Yeah. I still think it is a terrible idea and would never do it.

Author Closing Comment

by:Dwight Baer
ID: 39802542
I haven't decided yet.  Thankfully I have a colleague (more senior than myself) who will also have an opinion.  
I am honored to have 5 experts weigh in with your carefully-thought-out suggestions ... including the top two gurus in the list that I see to the right of my screen.  Thanks very much, all.
The only reason I gave Andrew Hancock the "best solution" designation is because he has stuck with me since I posted a similar question yesterday, and because of the volume of his words.  :)  Truthfully, Cliff, the majority of the posts are in agreement with you.  But my guess is if the customer decides to try to get some more service from his old XP machines, he will not be alone amongst XP users who are willing to take a chance when MS support ceases in a few months.
Thanks again.

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
When we have a dead host and we lose all connections to the ESXi, and we need to find a way to move all VMs from that dead ESXi host.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question