IT _Admin0723
asked on
Remove Remaining XP devices from the environment.
Hi experts,
I will need an advise as to what ways we can use to remove the remaining XP devices from our environment. Please advise.
Thanks!
I will need an advise as to what ways we can use to remove the remaining XP devices from our environment. Please advise.
Thanks!
Um... replace them? I don't understand... What's preventing you from removing them? Without an idea of what's stopping you, the only answer I can offer is "do it"
I believe LanSweeper has a trial version you could probably use for 20 days...to identify them.
If identification is the issue, Spiceworks or any other network management software should tell you what OSs are on your network.
ASKER
Since XP has reached its end of support, we need to control/make sure our environment do not have any XPs connected to the network. That is the purpose of the issue here.
Download Microsoft MAP and run a scan. It will create a nice report for you which you could present to management or use it yourself. This is the tool that Microsoft uses when they audit clients.
ASKER
Hi Mohammed - Thank you for your info. Also how can I prevent XP from being added to the environment? Is there a GPO setting that can be used to prohibit XP from being added to the environment? Please advise. Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Don't you require an administrator password to add systems to the network? Just tell admins to NOT do it... Threaten them if you have to...
Not true. You need rights to add computer to the domain and not be a domain admin. In some environments, users, HR, managers, supervisors, etc. have ability to add computers and manage users. It is a procedural thing, however, you need auditing to ensure no one is deviating from the norm.
Maybe this script will help you find all active XP machines.
GetXPWorkstations.ps1.txt
GetXPWorkstations.ps1.txt
I believe the fastest way to get the list is via the ADUC which I listed above, if you wish to use PowerShell then below is a simple script:
The PowerShell command will work if you have Win2K8 DC. If you have Win2K3 DCs, then you could use Quest PowerShell add-ons:
Import-Module ActiveDirectory
C:\> Get-ADComputer -Filter {OperatingSystem -like "*XP*"}
The PowerShell command will work if you have Win2K8 DC. If you have Win2K3 DCs, then you could use Quest PowerShell add-ons:
Get-QADComputer -SizeLimit 0 | group operatingsystem | sort Count -Descending
This reddit thread has some suggestions regarding domain join and XP:
https://www.reddit.com/r/sysadmin/comments/2dftyb/block_xp_machines_from_joining_the_domain/
From there, I saw two options I liked. One was to assign a GPO to the computers container, filter on OS version and then issue a shutdown command via a login script.
The other was removing permissions from the computer container, thereby rejecting all domain join for regular users. You would then need an admin to create a computer account before they could join.
I think option two would likely be the most robust and secure option.
https://www.reddit.com/r/sysadmin/comments/2dftyb/block_xp_machines_from_joining_the_domain/
From there, I saw two options I liked. One was to assign a GPO to the computers container, filter on OS version and then issue a shutdown command via a login script.
The other was removing permissions from the computer container, thereby rejecting all domain join for regular users. You would then need an admin to create a computer account before they could join.
I think option two would likely be the most robust and secure option.