Windows 7 end-of-life, Jan. 2020

Windows 7 (as well as Windows XP, Windows 8, and Windows Server 2008 R2) will reach end-of-life in January 2020. Since this means that security updates will no longer be released, our Institutional Security Office (ISO) will quarantine any computers running Windows 7 after the end-of-life date. This page outlines options for addressing this issue for your desktop computers.

Option 1 - Upgrade to Windows 10

If possible, the best solution is to upgrade Window 7 computers to Windows 10. UT has a Windows 10 site license that can be used for UT-owned computers. Assistance with the upgrade is available from these sources:

Option 2 - Purchase extended Windows 7 support

Extended support for Windows 7 can be purchased from Dell at a special UT rate, as follows:

  • Windows 7 Enterprise:
    • $25/machine for the 1st year
    • $50/machine for the 2nd year
    • $100/machine for the 3rd year
  • Windows 7 Professional:
    • $50/machine for the 1st year
    • $100/machine for the 2nd year
    • $200/machine for the 3rd year

Machines with extended support will get a new MAK (machine access key/license for updates) which has to be installed manually, replacing the UT campus' Windows update service. Once that is installed the machine will automatically pull updates from Microsoft. 

Please contact the UT Help Desk (help@its.utexas.edu) if you are interested in this option.

Option 3 - Put Windows 7 computers behind a hardware firewall

If you have Windows 7 computers that are associated with research instruments, and have application-specific software that is not supported under Windows 10, the best solution is to put such machines behind a hardware firewall. CNS-OIT can help select an appropriate firewall appliance for your needs, then install, configure and manage it after it you purchase the appliance.

Machines behind a hardware firewall are isolated from the UT network, so do not threaten our network security. However, note that such machines, if still with Internet access, are vulnerable to attacks. They should be configured with the most stringent software firewall possible, especially since they can will no longer receive Windows security updates.

CNS-OIT and the ISO recommend a NetGate PFsense appliance. See https://www.netgate.com/products/appliances/. E.g.

Note that multiple network ACO ports can be routed to a single firewall.

Remote Desktop into machine behind a hardware firewall is allowed, although the ISO may require VPN groups (IP address ranges) per lab. In that case the VPN login would be UTEID@<your_VPN_group> instead of just UTEID.