Windows 7 (as well as Windows XP, Windows 8, and Windows Server 2008 R2) will reach end-of-life in January 2020. Since this means that security updates will no longer be released, our Institutional Security Office (ISO) will quarantine any computers running Windows 7 after the end-of-life date. This page outlines options for addressing this issue for your desktop computers.
...
Machines with extended support will get a new MAK (machine access key/license for updates) which has to be installed manually, replacing the UT campus' Windows update service. Once that is installed the machine will automatically pull updates from Microsoft.
Please contact the UT Help Desk (help@its.utexas.edu) if you are interested in this option.
...
If you have Windows 7 computers that are associated with research instruments, and have application-specific software that is not supported under Windows 10, the best solution is to put such machines behind a hardware firewall. CNS-OIT can help select an appropriate firewall appliance for your needs, then install, configure and manage it after it you purchase the appliance.
Machines behind a hardware firewall are isolated from the UT network, so do not threaten our network security. However, note that such machines, if still with Internet access, are vulnerable to attacks. They should be configured with the most stringent software firewall possible, especially since they can will no longer receive Windows security updates.
CNS-OIT and the ISO recommend a NetGate PFsense appliance. See https://www.netgate.com/products/appliances/. E.g.
- Small router (2-port) is ~$160 ~$180 (see https://store.netgate.com/pfSense/SG-1100.aspx)
- Medium router (4-port) is ~$350 ~$400 (https://store.netgate.com/SG-3100.aspx)
- Larger rounter (8-port) is ~$850 ~$900 (https://store.netgate.com/pfSense/XG-7100-desktop.aspx)
Note that multiple network ACO ports can be routed to a single firewall.
Remote Desktop into machine behind a hardware firewall is allowed, although the ISO may require VPN groups (IP address ranges) per lab. In that case the VPN login would be UTEID@<your_VPN_group> instead of just UTEID.