Windows Server 2003 End of Life

andyBy Andrew Syrewicze
Senior Cloud Services Engineer/Microsoft MVP
Trivalent Group, Inc.

She was a great operating system for us, but it’s time to put old yeller down. Windows Server 2003 goes to meet its maker on July 14th, 2015.

For those of us that don’t live in the world of IT day in and day out, Windows Server 2003 is the server equivalent to Windows XP, which, as we all heard in the news, faced its official death in April of last year.

Windows Server 2003 was responsible for network critical tasks on our business networks for many years. It provided us with user and password management, file services, auto IP assignment via DHCP, web hosting, among many other things. While some organizations may adopt the “if it ain’t broke, don’t fix it” approach, this could turn out to be a costly mistake at a minimum, and could even lead to the shuttering of your doors at worst.

I’m really not trying to put the fear of the unknown into you, but it’s important that business owners and managers understand the full implications of running an operating system that has been deemed “End of Life”.

By Microsoft’s definition, End of Life for one of its products means Microsoft will no longer provide technical support for it, nor will it continue to ship security patches for it. This creates two very real business issues for something that may be providing a key function inside of your organization.

No Technical Support

Coming back to the previous statement of “if it ain’t broke, don’t fix it,” let’s say that one day the 2003 Server that hosts all of your mission-critical files decides it doesn’t want to perform that task anymore due to a software malfunction. What would you do?

You would most likely have your in-house IT staff or your IT services company look at the issue, and there is certainly a high probability that they would be able to fix the issue. However, and I speak from experience, there are times when an issue is so bad that Microsoft needs to be contacted to fix it, and its response is going to be (come July 15th): “Sorry. We can’t support that operating system.” Now what? Your business is dead in the water, and you’re likely losing money because of it.

At this point, you would likely have to spin up a new server that runs a newer version of the Windows Server OS and move your data (if it’s still accessible) or restore from backup to the new server. Sadly, that’s not a cheap proposition. New hardware and licensing is likely to cost several thousands of dollars, not to mention the time and labor that goes into such a project.

Would you rather do this on your terms and plan for the costs, or wait for the above situation to rear its ugly head?

With the above perspective, it certainly makes the decision a lot easier, I hope.

Lack of security due to missing security patches

It’s no big secret that information security is a big topic on everyone’s mind these days, and frankly, it should be. With large organizations like Target, Anthem, and even the federal government getting hit with data breaches in recent memory, we should all be looking at ways to increase the security of our information.

Continuing to run Windows Server 2003 after its end of life date is reckless and completely shoots holes in your IT security. As we all know, Microsoft pushes out patches quite often. While we may know them as “time wasters,” “annoyances,” or “headaches,” they serve a very important purpose. A patch gets released because Microsoft has identified a malfunction, or security hole, that would allow a malicious person to steal information from you.

With that in mind, I don’t think there is a single person out there that would argue that patches are a bad thing. Unfortunately, after the Windows Server 2003 End of Life date, new fixes and patches will no longer be available for Server 2003. So, if a new vulnerability is identified and fixed in the newer operating systems, Server 2003 won’t be privy to it. Attackers know this, so you can be sure they will be looking for potential targets that are still running production data on old operating systems, such as Windows Server 2003.

It’s in all of our best interests to not let this happen.  A data breach can cost millions (no exaggeration) and can tarnish or even destroy your brand.

Call to Action

So, what can we all do about this? If you’re still running Server 2003 in your environment, you’ll want to start making plans to get those workloads moved to a more current operating system such as Windows Server 2012 R2. Your IT department or IT services provider can certainly assist you in this endeavor.

Most workloads can be migrated with minimal impact on your business, if planned ahead, which is certainly better than the two situations mentioned above.

If you’re business is still running Server 2003, and you’d like some assistance is getting current, please don’t hesitate to contact us! Our team can work with you to get migrated off of this old software and onto something that is supported and will allow you to continue operating your business or organization in a much safer way.

We look forward to hearing from you!