Windows Server 2003: why customers haven’t migrated nearly three years on?

Blog by: John Rider, Pre-sales Architect - 10-May-2018

Before Microsoft withdrew support, businesses had more than a year to upgrade their servers, but many still didn’t. Why is that? In this blog, we’ll cover the three main reasons companies continue to remain resistant to upgrading, and then we’ll recommend some measures to implement if you continue to run the server, despite recommendations to the contrary.

  1. WS2003 remains a solid product

Perhaps the main reason is because Windows Server 2003 (WS 2003)  was, and still is, good enough for many companies. Microsoft was at the top of its game when they produced this server, and it was a fantastic product. Let’s face it, when you have a robust server that’s perfectly serviceable and meets all your requirements, why would you want to go through the rigmarole of an upgrade? Many companies really do follow the old adage, ‘if it ain’t broke, don’t fix it’. 

  1. Widespread usage of 32-bit applications

Another reason why some businesses are still hesitant to take the leap is the widespread usage of 32-bit applications. It’s not easy to upgrade these apps, and businesses are unwilling to risk changing architectures. For example, in various production and manufacturing companies, proprietary software was built specifically to run on Windows Server 2003. These apps are unable to be upgraded to run on other operating systems.

  1. Familiarity

Familiarity is the third reason. When you understand all the ins and outs of a system and its idiosyncrasies then the operational cost drops significantly. Shifting to a newer platform seems unnecessary, and you’re better off exhausting all your other options before you contemplate migration.

If you’re one of the resistant organisations who can’t migrate from Windows Server 2003, or it will take some time to replace applications that can only run on WS2003 then there are a number of actions you can take to limit risk.

Bolster security

In a world where digital threats are becoming increasingly hostile and frequent organisations that haven’t migrated away from Windows Server 2003 need to boost their security.

Limiting vulnerabilities means employing a layered approach to your security. These measures aren’t quite as effective as what the latest servers offer, but moderate protection is better than no protection at all. 

Isolation is crucial

One very effective safety measure is to limit access to the Internet when using Windows Server 2003. Make sure all unused ports remain closed. It is recommended you limit user access to the server as much as you can. Also, it’s imperative that the server is isolated as best as you can from the rest of the network.

Run the last stable build of Windows Server 2003

If you’re running Windows Server 2003 then you should at least ensure you have the last stable build – the one with the least number of vulnerabilities. It’s your responsibility to check whether all the security patches are up to date and properly installed. This can often be difficult to gauge, so make sure you use an official patch management tool to assist with the process.

Backup regularly

The whole system needs to be backed up. You should do this regularly, without fail. If there is some sort of software failure or hardware malfunction, at least you’ll have the backups in place so business critical information isn’t lost permanently.

Switch on logging

Be sure you’ve switched on logging, so that a record exists of who is accessing what. Check the logs occasionally to spot any signs of intrusion. As an added precaution, you could enable alarms that warn you about any security breaches to your server. The quicker you’re able to detect a particular problem, the faster you can take care of it.

Run a whitelisting programme

Air on the side of caution and only give permission for a handful of programmes to run on the system. Block everything else automatically. To do this, use a whitelisting programme. You can use the built-in Windows Software Restriction Policy to do this. You’ll find this option in the Group Policy settings.

If you’d like to speak to one of our consultants and discuss a migration to Windows 2016 then click here. Or why not sign up to our Windows 2003 Migration Pathway webinar.

Reserve your seat at the  Adept4 Windows 2003 webinar



Topics: Security, Windows server

Sign up to our blog