Preferred Member from US
joined:May 6, 2004
Gotta rant somewhere..
I had a meeting today with a client. They are running their enterprise systems on 16 bit dos apps. (For those who are unfamiliar, 16 bit dos apps will not run on 64 bit OS's.) We purchased a server with Server 2008 32 bit right before the deadline and are able to run the dos apps under terminal server.
XP machines make up about 20 percent of the machines. The firewall is a standard comcast business router. All but one of about 15 machines are 32 bit.
We have RDP set up for most of the machines and servers so we can access remotely. The principles of the company and myself are all on DHCP from home plus I am sometimes at the shore home, at my girlfriends or elsewhere on the road. A couple of times a month I have to
The guy who designed and maintained the enterprise systems wants to/is considering
1. Remove Symantec Endpoint protection from all clients to improve performance
2. "Protect" the network by setting the router to only accept RDP from whitelisted addresses. (Which I see as a support nightmare when I get a system is down and I'm 75 miles away on a newly issued IP). I'm not even sure the router could support this.
3. Keep the XP machines on the network indefinitely
4. Not rewrite the code any time in the foreseeable future notwithstanding the EOL for server 2008 being imminent.
I tend to see this as "Hey Captain Smith, Shouldn't we be slowing down as there are lots of them there icebergy thingies in the water?"
Whitelisting on the router will only solve the RDP issue, if it even does that. However, users hitting the internet with IE 8 are leaving us pretty well open.
I've been walking around my house talking to myself all night (And getting answers and arguments) Am I overreacting thinking this course of action is a sure fired recipe for disaster?