Windows Server 2003 End of Support Looms

IT pros: On your marks, get set, and migrate. We keep on nagging you on the shrinking timeline until the end of Windows Server 2003 support and it now stands at less than nine months away for over 24 Million servers.

But organizations that deal with sensitive or critical information — health care records or credit card payment data, for instance — risk falling out of regulatory compliance if they don't upgrade. And that, of course, could lead to lost business or a dramatic increase in the cost of doing business.

Click to expand...

In the process of retiring the last of our 2K3R2 DC's and move the domain to 2008 R2 over Turkey Day weekend, eventually moving too 2012 R2 next year. We retired our old blackbaud Raiser's/Financial Edge and moved that into the cloud over the summer. Also, some custom Windows media servers were moved to Linux/CentOS to house students media and render projects they now access through a browser instead of drive mappings.

Kudos to 2003 R2, a great server OS in it's day.

Like XP it will be around a long time yet.

For many instances of Server 2003, the end of life/support is not as big a deal as it was for XP.

Specifically, in many or the cases I deal with, it is operating as a file-server only -- and often not even as an AD server.

In most of my installations, there is exactly ONE account that allows logins -- the admin account. No other account on the unit has ANY login priveleges but only file access to shares.

Additionally, most have remote access disabled, are not running IIS, have the firewall set to block basically everything EXCEPT files sharing, and have no outside exposure to the internet (most actually have automatic updates disabled and are physically blocked at my external firewall from having any direct access to the internet in either direction -- i.e. even I can't run a web browser on them).

So generally speaking, our vulnerability is pretty limited on these servers -- as someone would have already had to breach our firewall or already be on one of our local machines [we specifically allow no WiFi access to the local network] before they could even attempt to attack the server (and with basically no services except file sharing running, the attack points on the server itself become a lot more limited).

meh, I have servers running 03, don't feel like buying a newer license, they will keep running 03

For internal-facing-only systems, with proper security controls, it should be fine.

That said, my employer's 2k3 servers are all scheduled for decommission by EOS date. But we run online banking servers for banks, so PCI (Payment Card Industry - the industry group that self-regulates credit card companies; yeah, it took me a while to think of it NOT as an expansion card, too,) mandates they be on supported OSes.

2003 servers will be around for a while.

I still have a couple of old custom applications that won't run on anything newer than 2003, and I even had to make several registry tweaks for the apps to even work correctly on 2003. Until these apps are replaced (maybe next year), I'll still have at least a couple 2003 servers.

I'd also like to upgrade everything to 20012 R2, but there is other equipment & software that won't work on anything newer than 2008.

I will probably keep a VM of 2003 around but I've already moved over to 2012.

FLECOM said:

meh, I have servers running 03, don't feel like buying a newer license, they will keep running 03

Click to expand...

who's fault is it when they get attacked and stuff is stolen?

(I know it's not likely, but will be possible).

I recently migrated my domain to server 2012. It was a little weird at first but I do like server 2012. Running all VMs makes the transition less costly as one license is good for 1 physical or 2 VMs.

We are on 08R2 and starting to move to 2012r2. Should be 100% by summer 2015.

My corporate group has retired so many of those boxes over the last year. There's a huge push to get off of 2003 and some of my customers were resisting the move asking why should they. Sorry buddy, company policy, you don't get to decide.

I have a client still using 2000 server and they refuse to upgrade the server.