Wednesday 29 August 2018

Legacy Windows XP for Industrial Machine Access and Management and Accounting Apps

There are quite a few systems out there that still use Windows XP or an earlier operating system to run the equipment.

So, what do we do when we need to get access to one of these kinds of machines?

Well for one, we make sure they are completely isolated and not accessible from anywhere except perhaps one secure jump point.

For another, when we do need to access the legacy system here's one method that allows for maintaining the legacy system's isolation:

  1. Enable RDP Inbound on the legacy system (Windows)
  2. Set up a vanilla Windows 7 Service Pack 1 VM that is set to not update
    • This would be our jump point
    • The Win7 VM would be left off except when needed
    • If need be, set this VM up on a laptop that can be plugged in to the legacy system's network
  3. Set up any needed tools on the Win7 VM
    • RMM, Remote Desktop Shadow/Sharing tools, Firefox (leave the base level IE in place), any needed tools
  4. Log on to the legacy Windows XP via RDP
    • Make sure Drive Redirection is enabled
    • Use Drive Redirection to transfer any files that won't go via Copy & Paste (Clipboard)
  5. Use the Win7 VM as the default work-from desktop
  6. When done, shut the Win7VM down
    • Unplug from the legacy network when done if using a laptop with the Win7VM

For legacy systems require some form of *NIX the above process can be used for a vanilla install of the needed distro and kept offline until needed.

The principle at work here is to keep the legacy systems isolated from everywhere especially the Internet. And, to keep any jump points running an intermediary operating system that is too far back to keep safe and secure offline until needed.

As an FYI, we keep one or two legacy Windows 7 and Windows XP VMs in an offline state with legacy accounting applications installed as a just-in-case. There are times where a firm may need to go way back for a client file.

Philip Elder
Microsoft High Availability MVP
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

No comments: