Is Windows XP (without support) OK as a dumb workstation in a VDI environment?

Posted on 2014-01-18
Medium Priority
Last Modified: 2014-01-23
I previously closed my related question, "What's the best Desktop Virtualization model?" with good answers from Andrew Hancock and Rindi.

Let's say it's a given that users need to use  local printers, USB printers, USB devices (iphones, cameras), handheld scanners, scanners, and USB flash drives for documents ... What does that imply about the choice of OS for the workstation?  Does this make it a whole lot easier to recommend Microsoft workstations?

The point is that we already have XP licenses for our existing 20 (old) workstations, and the hardware is still working.

Andrew mentioned that "Windows XP can be dumbed down and locked, so it just becomes a Windows XP dumb terminal running RDP."

Summary of this new question:
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?
2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

Question by:Dwight Baer
  • 2
  • 2
  • 2
  • +3
LVL 61

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39790865
You will get differing opinions on this issue. Mine, however, is that security exploits already attempt to break security barriers to get an OS to do what it shouldn't. Like give a non-admin account escalated (admin) privileges. So "locking down" XP won't help of the exploit is bypassing those lockdown measures. Using XP will be high security risk. Full stop. I'd not do it.
LVL 125

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39790888
1. With MS discontinuing support for XP, is it secure to recommend "dumbed-down XP" for the workstations?

Yes, because you are only using the OS, you will need to use a Client to access your VDI environment, which will use a username and password to access, so does it really matter, what happenes to end PC?

Also when an OS goes out of support, the exploits normally turn to current OS, e.g. Windows 7 and Windows 8.

Where is the security risk and too what? You would have to analyse Where is the Risk?

 Any OS, has a security issue, which needs regular patching,. even if you were to change the OS to Linux, you would have to regularly patch?

The Best VDI Client is Windows, Windows is the most compatible VDI client. If you require USB support with Windows 2012, you will need to use RemoteFX, and Windows 7 or Windows 8, so you will need to replace ALL your clients with something else, Linux is not supported as a client. Also, I'm not sure your hardware is scaled and suitable for a FULL 20 VM Deployment for VDI.

2. Is it just a whole lot easier to have XP rather than Linux, in order to avoid issues about locally-connected hardware?

It's better suited and compatible, yes you can do RDP via Linux, but that's it. No USB support, because that needs RemoteFX, and RDP (Windows 7 and Windows 8).

Windows XP/7/8 is the Best Thin Client (RDP, RemoteFX), and with the price of PCs, purchasing 20 in one lot, is probably cheaper than the hardware required for a 20 user concurrent VDI deployment, if you needed correctly availability and 2 servers.

Required Memory for Windows 7, 2-4GB per VM, 2vCPU.

So you are looking at a server with at least 40GB - 80GB, so your servers, are going to have at least 40GB minimum.

You have many things to consider, and look at the options, and decide.

Most of our clients, use their hardware, until it fails, and then replace with thin clients, but these cost as much as a laptop or deskop PC, but have a longer life, so the manufacturers tell us, until the next OS comes out, and they are not supported!

So with a thin client it's life is probably 3-6 years, before you have to replace to use newer features in e.g. Windows 2015?/Citrix 10/Horizon View 7
LVL 34

Assisted Solution

Michael-Best earned 100 total points
ID: 39790903
XP is a good and stable OS.
The stoppage of support from microsoft (somewhat) reduces XP security from online hackers..
If not conected online there is zero threat from hackers.
Hackers usually target newer OS PCs.
Continuing to use XP should not pose any problems.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 100 total points
ID: 39790987
Running XP after the end of support, maybe even now, is a liability. Windows 7/8 isn't perfect, but it is hardened through continual updates and support. As a VDI terminal, XP is subject to the same exploits as it were a regular desktop O.S. It just will not be as noticeable in its "dumbed-down" condition. That could be even worse as a compromised machine may exist on the network and not be found through regular activity. It would be best to upgrade any existing XP computers to Windows 7 at the very least.
LVL 15

Assisted Solution

Perarduaadastra earned 100 total points
ID: 39791199
Put simply, if the XP computers have any exposure to the internet, then continuing to use it is a bad idea. The idea that hackers will turn away from it in pursuit of exploits for later versions is, in my view, unsustainable. Hackers are always looking for the easiest method of gaining access to computer systems and obsolete OSes simply facilitate that, as any weaknesses discovered after support for them has ended will not be fixed, ever.

However, I have a client who runs a small office on an Windows Server 2003 network that was installed in mid-2004 and has had no patches or updates since that time because he took a decision at the outset to have no internet access to or from his LAN. Email and internet is handled by a single modern PC that has all the latest updates, anti-virus, etc., so if anything bad happens he is concerned with only one computer and not his entire system. The drawback is that eventually new hardware such as printers won't have driver support for the OS he's using; that and inevitable hardware failure will force him into upgrading if nothing else does. Still, using the same computer system ten years on and counting is no mean feat in this day and age...

I grant you that for most companies this approach is unworkable, but it's the only safe one if you intend to continue using XP past its EOL date.

Assisted Solution

by:Dwight Baer
Dwight Baer earned 0 total points
ID: 39791204
I am indeed hearing a variety of opinions.

I think Andrew has a point:  What is the worst that can happen to a "dumbed-down" XP machine functioning as a workstation offering Remote Desktop Service?  The data is stored elsewhere.  If the machine stops functioning, it can be easily swapped out.

The only drawback to using XP seems to be USB support.

I'm guessing that I'll propose using the XP machines as workstations wherever USB support isn't an issue.

But where it IS an issue ... then do I have to buy a Windows 8 license for both the workstation and the instance of that user's desktop on the server?  

I've read the following but I don't really understand the licensing question:




I understand that both the above articles are quite old. But I'm not finding anything newer.

LVL 125

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 800 total points
ID: 39791249
Yes, you do, you need a license for the Workstation, and a License for the VDI (Workstation).

So in effect you would need 40 x Windows 8 Licenses.

and also ensure your Server, has support for SLAT (Extended Page Tables), and a supported graphics card (GPU) that supported RemoteFX (DirectX 11).

and enough memory to run all the VDI workstations concurrently.
LVL 61

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 900 total points
ID: 39791514
To my mind, the worst thing that can happen is the XP client can itself be used to capture credentials (including to your RDS machine), send spam, be used as anlainchpad fpr pther blended-threat attacks...

Yeah. I still think it is a terrible idea and would never do it.

Author Closing Comment

by:Dwight Baer
ID: 39802542
I haven't decided yet.  Thankfully I have a colleague (more senior than myself) who will also have an opinion.  
I am honored to have 5 experts weigh in with your carefully-thought-out suggestions ... including the top two gurus in the list that I see to the right of my screen.  Thanks very much, all.
The only reason I gave Andrew Hancock the "best solution" designation is because he has stuck with me since I posted a similar question yesterday, and because of the volume of his words.  :)  Truthfully, Cliff, the majority of the posts are in agreement with you.  But my guess is if the customer decides to try to get some more service from his old XP machines, he will not be alone amongst XP users who are willing to take a chance when MS support ceases in a few months.
Thanks again.

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to complete a Physical to Virtual (P2V), Virtual to Virtual (V2V) conversion to a VMware product (VMware Workstation, Player or VMware vSphere (ESXi) ) for FREE, then there is some good news...
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question