To be specific, at KBS we have about 58 Windows XP machines that are used regularly.  About 31 of them are used on a daily basis for email and web browsing, so they would be the highest priority to replace to avoid loss of network access.  However, we are not compelled to replace them for security, because our machines are not used with administrator accounts.  We followed industry security recommendations and did not go with the Microsoft default of setting up the main user with administrator privilege.  With Microsoft remote administration TCP/IP ports blocked by a network firewall, our Windows XP machines were secure like Windows Vista and Windows 7 just after Windows Vista came out in 2006.

A new desktop Dell costs about $775 without a monitor, so it would cost us about $24,000 plus the manpower to set up all the new Windows 7 computers as domain computers where users log onto the computer with a non-admin account.  UAC helps secure the computer, but it is not sufficient to keep users from installing bad software.  Viruses that install themselves at the user level (with the user's help) are dangerous enough as it is.  We are not compelled to add to our workload and stress level by providing users the convenience of admin access to their desktop computers.

According to an MSU Computer Store employee, the license to purchase with the $30 Windows 7 32bit Media is Microsoft Windows Pro 8 .1 Upgrade License (stock number 181172, Mfg part FQC-08211) for $54.  The $101 upgrade with software assurance can be used for computers that don't have Windows at all.

All of our Windows XP machines have at least 1Gb memory, but a useable Windows 7 machine needs 4Gb, and we strive to have a dedicated graphics card to maximize the memory available to the OS.  We have several Dell computers that were purchased with Windows Vista or Windows 7, but were ordered with Windows XP installed.  I haven't needed to upgrade any Windows XP machines to Windows 7, but I figure that if it has a Windows Vista or Windows 7 license label on it then it would be workable with enough memory.  To upgrade from Windows XP to Windows 7 I would expect to purchase memory.  I would expect the most likely source of compatibility problems would be graphics cards and new cards for old machines with dual DVI ports are about $85.

We have a few computers purchased in 2009 with a Windows Vista license label on the machine and Windows XP installed.  We have several computers purchased in 2010 or later with a Windows 7 license label and Windows XP installed.  We still need to make a complete inventory.

I don't necessarily have to go to the computer to see the Windows 7 or Windows Vista label.  If I have the service tag in a list or from a remote admin query, I can go to the Dell support website and look up the computer by service tag, look at the System Configuration, expand the Component section and search for Certificate, because the line for the label is something like:
Label, Certificate Of Authenticity, Operating System VB32/64, V#2008
Many of you probably already know that you can retrieve the serial number of a computer to which you have administrator access (and remote admin is enabled in the firewall) with the following command:
wmic /node:<computer> bios get serialnumber
You can retrieve the total physical memory with the following command:
wmic /node:<computer> computersystem get model,NumberOfLogicalProcessors,NumberOfProcessors,totalphysicalmemory
And you can retrieve the processor information with the following command:
wmic /node:<computer> cpu get name
which will hopefully return information like the following:
Intel(R) Core(TM)2 Duo CPU     E7400  @ 2.80GHz
If you are making an inventory, WMIC is not very friendly.  I have found VBScript to be more friendly for inventory like procedures.  I have a collection of scripts that I use.  If there is enough demand, I could create a custom script to retrieve the above information with a commandline switch to specify the remote machine name.

Upgrading computers from Windows XP to Windows 7 will require many hours to inventory, order parts and licenses, download and install drivers, configure the firewall, reinstall application software and join the active directory domain.  If I didn't have the firewall configuration and software installations automated, I would say 4 months was half the time needed for two staff members who already have plenty of work to do.

And I haven't even talked about the lab software that only works on Windows XP and fails under Windows 7.  Often, the vendors supplying the software didn't even follow standards set by Microsoft when they wrote the software for Windows XP.

-Stefan

On 11/14/2014 17:27, Gary Schrock wrote:
[log in to unmask]" type="cite"> 
I'd agree that that's what the email implies (form not withstanding).  We
heard about it through a forwarded email that we got about a week before
the IT Exchange email, and when we tried to clarify that (I think it was
through the IT helpdesk, but I wasn't the one that was doing that), found
that even *they* didn't know about it at the time (and seemed to have
problems receiving forwarded copies of the email).  Quite frankly, given
the relatively tight deadlines, that extra week of time it took to get
"official" notice of it is pretty significant.

(On a personal note, I have to admit I find it somewhat annoying to get
blindsided by this when just a few weeks ago at the security summit the
word was that there were no plans on cutting XP off from the internet.
That's a pretty strong about-face to go to a deadline that's about 2.5
months from when "official" notice goes out.  Yes, I recognize that XP is
something of a ticking time bomb (although as someone else mentioned, I'm
not convinced that things like OSX 10.5 and 10.6 aren't issues too).  That
Feb 1st deadline is feeling a bit on the overwhelming side at the moment as
I contemplate the number of machines we need to deal with.)

On Fri, Nov 14, 2014 at 5:08 PM, STeve Andre' <[log in to unmask]> wrote:


   The wording of this is not really clear to me, so I am asking here
as I believe that others could be confused, too.

   If I got everything right, February 1st is the date when XP/2000
will no longer be able to access the net, either by dhcp or static
IP addresses?

  On December 1st, incoming socket requests will be denied for
these machines.  This means that peer-to-peer applications will
fail, like Pidgin?

  I first heard of this on the 6th, through our financial person,
then via a message from IT Services on the 11th.  Shouldn't that
have been the other way around, the technical people being
informed first?

--STeve Andre'