Home / server / Questions / 654247
Accepted
Riccardo
Asked: 2014-12-23 10:10:41 +0800 CST

Upgrade an old Windows 2003 server or not?

  • 772

A few users are using an old Windows 2003 R2 Server for file sharing and a back end SQL server 2000 database. Clients are running a rather old Access 2003 procedure connected to the SQL server. The computer is not exposed to the Internet, runs the server firewall.

We have been advised many times to switch to newer server however this would require multiple steps: 1) change server hardware 2) upgrade server software 3) migrate SQL server to newer versions (multiple steps from 2000, to 2005, to Azureus, with manual intervention) 4) completely rewrite Access 2003 environment (tenth, forms, tables, reports)

A huge investment in terms of time, for a small procedure that runs smoothly and requires very little (if none) updates over time.

2003 R2 is reaching EOL, however, apart from security issues (hacking) I would rather keep things running as they are!

Critical factors: - hardware: failure -> Missing spare parts - software: EOL -> Missing updates -> Security risks

Possible solutions - On the hardware side, once the server should collapse, we could easily move the (daily) server image (VHD) to a virtualbox hosted on a newer computer.

  • On the software side, how to protect the computer to potential attacks?
windows-server-2003

1 Answers

  1. Best Answer

    So, essentially, you're asking how to protect a Windows 2003 after EOL?

    That's a bad idea.
    e.g. If you deal with costumers sensitive data (like credit cards) you'll probably need someday to comply with some security-related policies (such as PCI-DSS).
    If you just have there (and by 'there' I mean anywhere on your network, because the chain is as strong as it weakest link) internal sensitive data (patents and such) then no one will make you upgrade, but you'll be sorry you didn't when you get hacked (and it's only a matter of time, no regardless of your business size).

    Take your time
    In short, you better get moving now while time is on your side.
    Upgrade bit-by-bit, and double test everything.
    The costs will also be stretched over a longer time (maybe a couple of years), so you won't get choked.
    Also when upgrading, while you're at it, you should reconsider the whole solution - you might be able to find something more secure, more portable, and easily upgraded.

    How to protect (while serving)
    Of course, while you upgrade, harden your security however you can.
    It's hard to give recommendations without knowing the specifics of your configuration, but here are some (which you should probably do whether you upgrade or not):

    1. Remove unnecessary permissions from users.
    2. Make sure you have a proper firewall and anti-virus software everywhere.
    3. Make sure you have a proper firewall on your business exit.
    4. Harden your systems (IE settings, Software restriction policies).
    5. Backup your systems (in case you do get hacked, get hit by ransomware, etc...).
    6. Here are some more interesting tips I just found.
    • 2