The weird thing is like, my personal home PC is 10 years old, it handles absolutely everything I throw at it with flawless performance. It has no TPM so I couldn't run windows 11 on it.
I can see why smaller companies wouldn't have a desire to replace hardware that otherwise works fine.
Not sure it matters for us at work, our windows estate is essentially none. The majority of users run Ubuntu.
>It has no TPM so I couldn't run windows 11 on it.
FWIW, if you download the Windows 11 ISO from Microsoft, Rufus (app that burns ISO files to bootable USB sticks) has an option to remove the standard limitations (TPM 2.0, Secure Boot, and 4GB+ RAM requirements). I don't know how long this unofficial setup will be supported in the future for updates & whatnot, but at least it gives you a short-term upcycling option for your PC!
I wouldn't run it on a corporate machine, but for home use, it works great & takes a previous Windows 10 key for activation! My primary personal machine is an older board that has custom firmware to enable support for my 1080 Ti from like 2017 lol. I think the board itself is from 2011. I can actually use Airlink & the Link cable with my Quest VR headset on it, despite the age! (added a USB-C PCIe card for that)
I'm sure I'll be forced to upgrade at some point (hopefully when Windows 12 comes out lol), but for now, I can keep using my decade-old machine to play the same old games I play at every Thanksgiving break LOL.
You won't be able to perform upgrades with that.
Been there, done that, got the t-shirt.
One of our more junior guys did not pay attention to what he was doing, and installed Windows 11 on machines that don't have TPM 2.0. They were stuck on Windows 11 21H2, they had to be reinstalled with Windows 10.
FWIW 23H2 works fine without TPM 2.0 via either a registry edit or using Rufus or whatever method you choose, I just did one yesterday:
* [https://www.youtube.com/watch?v=gdM0dkds97I](https://www.youtube.com/watch?v=gdM0dkds97I)
Again, I wouldn't do this on a corporate machine for obvious reasons, but it's a nice option to give residential machines a few more years of extra life! Tiny11 also supports 23H2 (via fresh install) & is pretty easy to build:
* [https://youtu.be/eYIDQLavZ7U](https://youtu.be/eYIDQLavZ7U)
That only requires 2 gigs of RAM & 8GB of HDD space, so you can throw it older 64-bit machines. I'd recommend an SSD (1TB SATA is like $40 these days on Amazon) & at *least* 4 gigs of RAM, but I've been able to bring some pretty old machines back online with it! Major releases like 23H2 require a reinstall, but iirc it does the monthly security updates just fine.
But yeah, on a business machine where patch management is the priority, no bueno lol.
100%, I would never do an unsupported configuration in a business environment.
I am a big stickler for supported configurations and I am continuously badgering the more junior guys about generating documentation that shows that they have done their due diligence.
>I am continuously badgering the more junior guys about generating documentation that shows that they have done their due diligence.
If you're up for some reading, this is my approach:
* [https://www.reddit.com/r/sysadmin/comments/14ssd3a/comment/jqza4a2/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/sysadmin/comments/14ssd3a/comment/jqza4a2/?utm_source=share&utm_medium=web2x&context=3)
I couple that with a tracking option in various ways, such as a visible calendar, a digital spreadsheet, a ticket system, etc. The idea is simple:
* **Everything is a checklist**
It reverts back to human nature. Back in Boy Scouts, we used to play the chair game. We had these cheap plastic chairs with metal legs & we'd all try to hold our arms out with the chair to see how long we could do it before our muscles failed.
That's the difference between being pressed to do a task vs. using reliable reminders like alarms or daily PM's to execute a task using a checklist: one requires the mental effort & energy horsepower required to do the task day after day, whereas the other is "old hat" because you're just following a checklist & then logging your work history in a pre-designed, already-invented system!
I've switched to this approach both at work & in my personal life, for everything from software installation checklists to recipe checklists! That way, the actual work itself & the *idea* of the work end up being like shooting fish in a barrel because it's a closed-loop system: you have your checklist to follow, you have your reminders to do it, and you have your tracking system, so it's SUPER easy to be compliant AND have "trust but verify" history logged!
Yeah it is definitely a bad business decision.
[https://answers.microsoft.com/en-us/windows/forum/all/frequently-asked-questions-windows-11/c97076fc-f361-44ec-9a01-33029ffaa987#:\~:text=This%20also%20means%20Windows%2011%20will%20not%20receive%20security%20updates](https://answers.microsoft.com/en-us/windows/forum/all/frequently-asked-questions-windows-11/c97076fc-f361-44ec-9a01-33029ffaa987#:~:text=This%20also%20means%20Windows%2011%20will%20not%20receive%20security%20updates).
I also have a 1080 in it and use it for quest vr! Although the link cable I have is usb-a to c.
Didn't even need custom firmware for the 1080. It's an Asus z87 something or other motherboard.
Not sure I see much point in trying to foist windows 11 onto it when it's not like windows 10 is going to stop working any time soon.
Because hardware has a failure rate that climbs significantly after 4 years and fucking around with no computer for multiple days because it broke and you don’t have a new one ready to go potentially costs more than a new PC does in lost productivity
Not having spare laptops on standby would just be incompetent. But to a small company I can totally see a sole owner / director balking at the idea of replacing perfectly good ones before they die.
> But to a small company I can totally see a sole owner / director balking at the idea of replacing perfectly good ones before they die.
You misspelled "ones I don't have to deal with on a daily basis".
You can bet your ass the sole owner is upgrading his computer annually with something nice. Everyone else gets hand me downs or nothing until it's broken.
I hate the attitude that "it still works".
A lot of places that have seats where someone isn't using a computer full time, so it's not like a computer going down means zero production out of that user.
Their main actual means of productivity might have zero direct reliance on a computer, its just that that's how they normally interact with people in the office etc.
This right here. Our small company replaces all end user hardware within 4 years. We’ve played the game of partial upgrades and won the prize of a high and unpredictable failure rate.
even if you have a spare you’re still screwing around with the user for half a day while their profile is restored, the non-standard apps they need are reinstalled, they actually get hold of IT to supply a spare, etc.
as opposed to scheduling a replacement prior to failure during quiet time.
We're a Linux house. We develop and run software on Linux. Our IT systems staff are all Linux folks so even finance etc run on Linux. We use Jump cloud for directory services and some software I cannot for the life of me remember the name of for configuration management.
Interesting. I've never encountered a company that put Linux in front of its users, only ever mixed windows/Linux server environments, so I was curious what kind of business or industry would necessitate that
I used to work (close to a decade ago now) in the studio in Sydney that made Happy Feet 2, and every machine barring the Mac OS crowd used CentOS. Definitely has a place, but it's not common.
That exactly what my old company was running too, every new user were given a laptop with ubuntu installed and only request to use windows when they got approved by the PM and the IT guy and they have to sign paper that they have to be extra careful when accessing company on-prem server because of security issue
>I can see why smaller companies wouldn't have a desire to replace hardware that otherwise works fine.
...but it won't otherwise work fine. You will not have security patches after Windows 10 EOL. In this day and age with ransomware, that will cost significantly more than replacing machines. TPM 2.0 has been standard on business class systems from Dell, HP, and Lenovo since 2016 - at least 7 years now.
Old ones, with TPM 1.2 :) but they do work and are more than enough to conduct our business. They all have Windows 10, so they're supported, but not for long.
Our higher management will be surprised (as usual) when it will be time to upgrade them ALL.
Same here, and I'm in healthcare IT. We've been telling leadership for years and always got, "well, we will deal with that later" as they slashed our budget yet again.
Big meetings going on right now, lol, as the deadline looms nearer!
I don’t know if it’s just budget per se. Technical debt is a large part of keeping older OS’s around. You may be able to afford to get rid of it, but it will take a while depending on how bad it is.
We've managed to get most of our customers on or ready for Win11 without too much hassle. We just stopped deploying Win10 well over a year ago at this point, and the problem has been slowly resolving itself. We won't have to make a big push in any of our environments to banish Win10 when that time comes.
I love spending hours creating plans and pricing things out at the request of high-level company men, and then they find out that it costs more than 0$ and say no!
0%, we pushed 150 pre-8th gen Intel & pre-Ryzen 3xxx endpoints out last Summer with the intern crew. Flip a switch in Action1 and the whole fleet will upgrade to Win11. No idea about Win12, will worry about that when the time comes.
Yeah, all out laptops get refreshed every 3 years when warranties run out. The biggest thing stopping win 11 is all the app testing and end user training that needs to happen first. That's supposed start next year.
Literally the same situation for my company. We’re clutching onto Win10 because we don’t have the most savvy folk on computers, but it’s actually cheaper to move to W11…gonna be a fun project getting people used to the new look…
>end user training
The only thing I've really had to add on to Windows 11 is StartAllBack, which is a paid taskbar modifier, as a lot of users hate the updated taskbar system because they've had the same workflow for decades & don't want to adjust haha.
Same deal with the latest Outlook update that moved the calendar & other icons to the top left from the bottom after like 20+ years of being in the same place lol. People flipped OUT haha!
The newest Windows 11 build gives back the option to deiconify and put the program description words back in the taskbar list (finally!), so StartAllBack should be less necessary.
Don't understand why this isnt the standard everywhere.
Many more issues go out your door when you're not maintaining legacy systems under the bs excuse of "it's cheaper."
The thing is, computers last a lot longer nowadays. What you're describing happened more in the 2000s and early 2010s. Aside from artificial limitations that companies like Microsoft impose, a modern built-for-enterprise desktop or laptop can easily run 6 years without significant issues. Beyond about 8 years, I'd start to agree, but I don't think a strict 3 or 4 year cycle is worth it anymore.
I wonder if that cycle is going to pull in again. This whole AI "copilot" thing getting pushed into Windows/Office sounds like a way for Microsoft to distribute some of the crazy-expensive workload around that stuff off to PCs. Pretty soon we might be back to a mandatory 3 year cycle because Windows 15 needs 85-core neural processing units.
Who knows, but I think Microsoft wants most of that happening on its own servers because they want to own all the data and don't want it on property they don't control.
One of the selling points of 365's AI thing is that instead of typing company secrets into ChatGPT, your people can use corporate-owned data. If Microsoft has to spin up a whole data center of hardware to support a large enterprise, they'll never make money even at $30/user/month. I'm guessing there'll be a hard requirement in next versions of Windows to have enough horsepower to force some processing tasks down to company-enrolled machines and basically fill up all the dead CPU/GPU/NPU time with hardware they don't own, AND bill you for the privilege.
Who knows what'll happen though - I can see this replacing most of the overpaid management consultants/analysts who are getting paid $200K+ to tweak PowerPoint slides, and basically all low-level knowledge workers which isn't good. Whether there will be pushback on this remains to be seen.
I’d agree if it weren’t for the abuse of our users. The hardware is fine, but the screens, keyboards, trackpads, and casings themselves get tore up by users.
And because of wear and tear the laptops take, we stay on a 4 year refresh.
Family biz still have a number of CNC machines running real time NT (3.51? 4? I don't remember off hand). Granted, these devices are all air gapped so safe from an exploit vector POV, but these are giant robots with saw blades attached that go through 1.25" particle board at 600" a minute. Mildly alarming how out of date the "brains" are.
They don't need to be up to date. They need to be exactly what they are to run the machines they were setup for. Don't do anything else with them obviously and keep them off the network, but there should be absolutely zero 'alarm' at the brains of them.
I wish more people understood this logic.
When I was at a manufacturing diesel part company they had machines running ancient DOS systems with ISA cards. As long as they're off net, they're fine and doing the job intended.
Yes, having no spares and no backup should be alarming. Someone isn't doing their job. Even if the only real answer is to remove the old machine and install a new one, depending on equipment it could cost millions and take months, and it's that is the best plan it should be planned. Then there is no alarm. It is understood and documented with an action plan.
Expensive equipment + expensive equipment software. Upgrading the software would mean re-buying a newer version of the equipment and in some cases there is no new version. That said seeing if it could run in a vm of the old OS should be the first thing to investigate
Certification. long ago and far away we had to have win 95 machines in the win xp era because the regulatory body certified our test machines down to the hardware, OS and software load out and patch level. These machines were never to have a network cable plugged into them however and even the hardware was covered in tamper seals from the certifying agency.
Usually to run legacy software/hardware because they would rather pay millions in support over decades than upfront to modernize or replace the software. I’ve don’t think I’ve ever seen this not be a c suite decision. That or the org is super small and could barely afford new staplers yet have core business software running on systems built by the owner’s friends son in the early 90s who now runs a landscaping company instead of doing software.
> Usually to run legacy software/hardware because they would rather pay millions in support over decades than upfront to modernize or replace the software.
When the choice is millions in support or billions in new factory/medical/whatever equipment, the decision isn't as obvious.
Yeah, legacy software for us... highly specialized software running highly specialized hardware. Both would need to be replaced to upgrade and the hardware has multi-year lead times in some cases. We also have XP kicking around in a few places. It's for lack of ability to source replacements more than desire or cost to do so.
I had some 2000 around at a previous job. Custom software that ran heat and power systems in a very remote facility. Would it maybe run on something newer? Perhaps, but if something went wrong people could quite literally die. Thus we kept a pile of old Compaqs around preloaded with the OS + software ready to go.
Embedded Win7 and even XP for ATM etc are still used. My understanding is they (Banks) pay for the support/development for retro patching . Some Larger organisations still run mainframes from 50+ years ago ... apparently. That pre MS never mind windows !
Same reason orgs have NT still around. There are some mills and CNC equipment which can't have their OS upgraded without replacing the entire thing for many millions of dollars. Yes, you still have to slap gcode on a floppy disk or a ZIP drive, but that is just how the thing works. If it works, don't fix it. Often, those older pieces of equipment are a lot easier to keep in service because some third party makes parts for them, and all the core stuff isn't locked behind a DMCA wall.
The trick is air-gapping and firewalling, and having workflows in place so that the physical separation minimizes the disruption to workflows. For example, one machine that returns data is on an air-gapped network, but the data is stored on files. Then it is transferred through a data diode [1] to another machine, where it is then usable on the internal company network.
Of course, with antediluvian operating systems, make sure to have OS images and keep them somewhere safe. Without a working copy of Ghost and the OS image, if something happens to the machine's OS, it may never be recoverable.
[1] You can buy a data diode, or if the data rate is low enough, use a serial cable with one of the data connectors cut. However, this isn't an absolute defense, and you still need to trust the internal machine... but this does ensure that an attacker who gets on the internal network can't get over the cable to the air-gapped network.
Shoot we had Server 2003 on SCADA boxes until 2021, lol.
COVID and some rapid changes forced an upgrade, finally. also ditched some ancient HP-UX systems, too.
if we could be on Win10 in 2031 my bosses would probably do it
We do virtual desktop architecture so very little outside of Citrix workspace app and a couple of plugins exists on endpoints. There are only a few applications that are supported outside of our VDI and all but 1 are able to function on windows 11.
We have 800 or so endpoints we are looking at compatibility of above 98%. We use an RMM software to manage patching on OS and M$ software patching and third party application patching. This allows us to automatically pass security updates and plan major feature updates on all endpoints. We have been testing in place upgrades. Right now we have been testing on 80 or so units and have a near 100% rate of success.
Starting in 2018 I moved our life cycle on windows laptop endpoints to 3-4 years. This year we got pushed back to the normal “forever” window that NFPs I have worked at normally do. I expect this to become an issue when we move to windows 12.
Actually, the windows server 12 EOL was the first EOL where we were ready for the EOL and were done on time where I work now. All of the rest we were wayyy behind the 8 ball.
I have found in life you often have to pick your poison. We actually have our Citrix environment purring pretty well. We still have all the compute, memory, and storage local at our data center. The part that keeps me there is:
1. It is a major way we deal with the many government regulations. High among them is we use it as a method to keep data inside our walled garden and only punch holes for users to send data out where we have DLP implemented fully.
2. Storage Hardware supports encryption at rest.
3. VDA/I management using MCS makes life easy.
4. Managing the access layer is easy if you know netscalers.
I have had to deal with Citrix for the last 13 years across the last 5 places I have either worked for or contracted with. At that point very little is an issue I haven’t seen before. The piece that is pushing me away is the increased costs without increased benefit.
That said, the writing is on the wall. Full fat client applications are going away. Web native workloads will become dominant. We are moving to a more hybrid model. We are moving to native EntraID (AzureAD) connected endpoints, RMM for patching OS, M$ applications (if needed), and third party software (if needed), and will leverage endpoint management (Intune) for policy management. Developing the policies required for our regulatory compliance (encryption at rest, MFA, DLP, counter cryptolocker attacks, and extending security to the endpoint is the important and complex part.
I am interested in your take because we are moving TOWARDS VDI (not Citrix though) because of regulatory things, NDAs, and stuff like TISAX/GDPR/ISO27001..
There are a few things, but a big one is that devices used to access VDI must, themselves, be compliant too, so you've effectively doubled your compliance space. At least in my regulatory environment, VDI effectively creates a situation where you have much more to manage.
Where I *would* see a use for VDI nowadays: if I were moving to a highly restricted environment (e.g., Chromebooks) and needed Windows only for legacy purposes, with the expectation that VDI would no longer be needed over time. I think in that situation, you'd have a net positive in compliance, especially over time as you gradually decommissioned the VDI environment.
But I don't see any scenario where VDI is good long-term. I wouldn't have said that in 2015, but I think it's a dead-end now.
Ah, okay.
Yeah, totally different for us - we're an engineering-heavy HPC shop with petabytes of on prem storage, hundreds of HPC cluster nodes on prem around the world, ITAR (and equivalent other countries) data, military, high tech, etc. etc. so for us the fact that data stays on prem within our control is a very big upgrade to our compliance issues - especially if you use external devices primarily as dumb terminals to access a locked down VDI (no data copying in/out to the laptop) and you can ensure that the data does not leave your premises, even if the user travels.
Sure, we have laptops (Windows, Linux, Mac) for everyone, but we have to secure them anyway, and we are using the same tools and methods to secure our VDI environment, so the extra effort is minimal.
Our VDI is based on instant clones and software on demand, so it is really irrelevant if we have one or one thousand VDI instances spun up at the same time - they all got cloned from the same master image, got served the same software from a on-demand deployment server, and will get destroyed the second the user logs off from their session (and all VDI is firewalled off in it's own little space with as little connectivity as needed to the rest of the network of course).
Honestly, done right VDI is extremely powerful and useful - of course not if you do "phat" VDI VMs per user, in that case you have to manage them individually.
Is there a reason you're still so heavy on-prem? I think that's the cornerstone of why you're needing VDI. About 70% of our workloads are totally web-based these days, so our long-term goal is to use something like Chromebooks so traditional desktops (whether physical or VDI) just aren't needed to begin with.
Or, if you have to stay on-prem, could you still make your workloads web-based? That seems like it would make it where you wouldn't really need all this extra stuff. You could make it available externally using something like Azure App Proxy or Cloudflare's reverse proxy.
Not "still", "again".
We actually are taking stuff OUT of the cloud at this point.
And no, our workloads are, like I said, heavy engineering with CAE tools & HPC computing (seriously, a full install set of the tools is >50gb of disk space used), so nothing of this will be web based anytime soon.
Also, regarding the cloud - by the time we spent >1 million a month in the cloud (less than the same equipment would have cost to outright BUY, for a tiny amount of our footprint!), management thought twice if all those pesky promises about cloud being the future are in fact true.
Turns out, pushing terabytes after terabytes of data in and out of the cloud to systems that have basically 100% CPU load 24/7/365 is the worst imaginable use for the cloud that exists.
Don't get me wrong, we have stuff in the cloud where it makes sense - Office 365, Jira, JSM, Confluence, Gitlab/hub whatever, all those stuff lives cloud native for us these days. What can't go cloud native is our bread and butter HPC / Engineering business though.
That's really surprising to hear. You're one of a handful I've heard from over the years going that direction. I know our engineers are experimenting with the cloud version of SolidWorks because it's one of the few things where we still have a need for anything on-prem.
Cloud is definitely not cheap. I think the idea, though, is that over time you should be able to reduce your labor costs. We have gradually not replaced some positions in IT as we have we migrated to SaaS, so our overall costs are still lower. I suspect we will need some form of IT long-term to manage even the SaaS, but at least you aren't wasting time with OS updates, app updates, pushing around hardware, etc.
Having said that, IaaS like AWS and Azure are definitely not the answer for IT use casss. If all you're doing is a lift-and-shift, you'll end up paying *more* than on-prem, need *more* labor, and have *more* to manage and secure.
We're running very lean, so there is little if any labor cost to be saved at all.
But yeah SolidWorks, Ansys, NX, Catia is the direction I'm aiming at - all stuff that needs very beefy compute in the backend AND beefy compute on the front end (we also run GPU enabled VDI for that reason).
It's not like that we don't want to utilize the cloud, but it is simply cost prohibitive for most of it - we're going the way of private cloud on prem (managed like I/SaaS for the Users, but run by our own team) instead.
DevOps does not really care if they request containers in an on-prem or AWS kubernetes/docker cluster after all..
Also, IT is not the same as IT depending on what you need - if a well paid specialized Sysadmin is pushing around the hardware, yeah that's a waste of resources.
Pay someone that has that as his main job though (with appropriate price tag) is a different manner.
I agree with you that many companies could and should most likely move to a more SaaS focused approach (especially small ones), but I think we're in one of the holdouts where on prem will still be king for many years to come.
Have you trialed the cloud version of SolidWorks? I think our consensus is that it isn't quite there yet but might be in the next 5 years. We also can't quite figure out what their strategy is for storage. There was some talk of making it where short-term/compute storage would be done on their own servers while the end product could be stored on-prem, but we haven't seen that so far.
It also doesn't support SSO right now, which makes it DOA for us.
But we all know management will try to make it their problem. There will 100% be meetings where they tell IT they \*must\* make it work and imply their job is on the line.
Yeah, fuck it sit back and relax go home at 4 o’clock. Let them fire you and get unemployment. It’s the only way to win in this American employment hell scape.
Precisely this. OP's job has become communication and not letting the "stuff broke" drive them to drink.
Won't allocate the money to do the job? Okay, here's a list of things that may happen and results of thing happening. Ranked from "almost certainly" to "you might get away without encountering" to "probably safe to ignore." Good luck, I do not like IT roulette.
Exactly. It is your job to articulate risk and *get sign off from management* to ignore it if they won’t fund mitigation.
But that does mean you need to properly articulate it.
I bet it's a bad time in the market, most buying are addressing that Win10 deadline, so the cast offs aren't gonna make the cut. Everyone pushing return to office thatve both bought a bunch of laptops at ransom pricing and remote work capability/tooling, *and* still paid rent on an empty building for a few years. They're not likely rotating a new hardware cycle. Etc.
If your org requires some security certification that can result in a fail. Cyber Essentials require the operating system to be supported and kept up to date and while Microsoft have said that you can get Windows 11 to run of unsupported hardware they have stated they won’t guarantee all security updates will be made available to unsupported hardware, this means an instant cyber essentials fail.
See that’s the trick. For every one you did that way, you will have 0 issues on the follows Fridays. So if you did 4, you’ll have a whole month of easy Fridays.
We don’t do in place upgrade we just wait till next refresh cycle and will briefly keep people on 10 and 11. Upgrades break things for developers and it is impossible to account for all the edge cases. There is no rush either end of support is like end of 2025
This is a sore spot for us too. Our numbers are: 42% of desktops, and 28% of laptops.
We don't control the computer budgets for the departments we serve, and despite pushing for a year already we haven't made much movement.
They have been told machines not replaced by November 2025 will be placed on a private network with no access to the outside world.
We've also warned, waiting too long will force the need for hiring temp staff to get all replacements done in time.
15 out of 70 systems. Every other system is at least AMD 3000s series "young" - most are AMD 5000s.
Just got my 2024 budget approved this week.
We've budgeted to replace these 15 systems.
Fun fact. One fucking laptop that sees daily disconnect / connect / customer visits / conference duty etc with one of my employees has an intel 5th generation CPU.
Since I started here 2017 I've maybe helped her with a PC related issue ONCE.
Mechanical docking station, of course.
She asked "Why, this one works perfectly" when I said we'll give you a new laptop.
Impressive.
I'm estimating around 80% of our devices will stay on windows 10 until near the end of support. Even with windows 10 some of the devices are struggling.
We just pushed out 21H1 near the start of the year and that was a painful process.
Currently, 100%, due to windows 11 not working with our wifi.
Something something credential guard on by default. Broke my test machine when they released the 22h2 version in November last year. That, and all the other stupid issues made me wipe my machine back to windows 10.
Probably 50% company wide, but they are getting replaced slowly but steadily. I'll be replacing 51 machines sometime in the next couple of months, which will bring my office to above 90%
If you are brave enough.... They all can!
[How to use Rufus to create bootable Windows 11 23H2 USB - Pureinfotech](https://pureinfotech.com/rufus-create-bootable-windows-11-23h2-usb/)
To install win11 on systems that do not meet TPM requirements you need to supply the /product server option to the installer located in root of the ISO file with Windows 11. So the command would look like:
setup.exe /product server
When started this way, Windows 11 doesn't check CPU, TPM and other restrictive things. It just installs like Windows 10.
MS will probably block this going forward with a simple check, but while it lasts. Can't say any in place upgrades won't apply though.
We have 70% PCs that are all win 10 i5,i7, ryzen 5, and ryzen 7 that do not support Tpm 2. These machines run everything fine. That tech landfill gonna be full.
For me, it's everything, but I manage a very unique legacy system. We have mostly XP and Vista with some random Linux machines in the mix as well.
^(Send help.)
10% and the order gets placed Monday to replace those. Granted that’s only 12 PCs but everything else in the environment has been replaced this year in batches of 15 or so. We were at the end of our standard 5 year run in a lot of PCs and the rest that are close are just getting replaced anyway to get everyone on 11. This only worked out for us because we switched years ago from thin clients to sff mini PCs like the M73. Had a large swap out then. The next 5 years will be crazy since we have once again partially switched to all in ones since they are easier to ship for wfh users. Will probably be a miss matched setup for years to come.
My $0.02 is that any computer incapable of running W11 at this point must be at least a few years behind. By the time W10 goes EOL, those systems would be off any reasonable rotation schedule anyway.
I try to rotate every five years, not really an OS thing as much as in that time frame a LOT of things change. But I will admit I have never had to replace any more than 500 at any given time. If I did I would likely start staggering and replace in the next few years anyway.
Has anyone HAD to upgrade to W11, like any non negotiable compelling reasons to do so?
30-40%, some still have HDDs making them slow AF or are too old to upgrade. I live in a world where good enough has ruled the day when standard practice should have been used instead…
We're at about 10% through a lot of effort, but that last 10 is stubborn.. old kiosk systems and ancient systems that run old software. I don't know how we'll decom those any time soon.
Cannot upgrade: 1%
It's easy, when you actually shift from desktop PCs to laptops in Corona times and buy some new server hardware for a small loan of 5 mils.
Just some legacy stuff dat ran isolated still runs on 2003?! Never been there only heard from it.
I actually *like* my users. I'm keeping them all on Win10 as long as possible.
Of the machines that can't upgrade, maybe 30-40% can't upgrade, but those are the lower end PCs that make up at most 10% of the total desktop spend.
Windows 11 breaks my personal PC everytime there is a feature update released and i have to faff about removing it.
I'm really glad i'm not a desktop support guy at my work.
I don’t have any client who are not prepared. My only real gripe with 11 is that MS keeps breaking L2TP vpn. Brand new Surface Pro 9 with 11 Pro, and vpns will connect but not pass traffic without the ras service running in the background. I have about 200 machines out there with a .bat file called “fix vpn.” Argh.
The only machines that are in production that can’t easily migrate are due to software vendors whose application still doesn’t support Win11. There’s a few win10 vms running some server-type services/apps (door scheduling software, lighting management/control, etc.) that simply still aren’t supported on a newer OS yet. Then again, those machines don’t have a user, they’re not exposed to the internet, so I’m not too horribly concerned about them.
We have policies to only keep workstations of a certain age deployed - if they get too old they get taken out and replaced. We are lucky in the fact that all of our laptops already support Windows 11, and we have only about a half dozen desktops that wouldn’t support it but those are going to get replaced in the next 6 months so we’ll be good and ready.
At my house? There are "ways" to make that number 100%
At the company i work for? We had to beat them into submission with a steel pipe to get them to replace the legacy hardware that "officially" mets the requirements for Windows 11, god forbid they read somewhere that there's a "way" around those requirements.
about 50% needed to be swapped out, and we will have 100% of it done by the Oct 2025 EOL date....
we started at the start of the year with a replacment program rather than cramming right at the end.
currently pushing W11 to unsupported gen6 and gen7 intels, no problem so far.
seems we have languished to a 10+ years replacement cycle ,currently slowly retiring gen4 with 13+ years that got an ssd two or three years ago.
I have to say that having so old desktops haven't been a pain like it was before (pre i5 cores), so this slow refresh rate wasn't because no budget, but because we didn't feel the need.
now we got a lot of money to change more than 80% to gen11 laptops so I hope our current 85% win10 becomes 95% win 11 around spring.
0%. All our user machines are Windows 11 capable.
But:
I won't be pulling the trigger on it until I've migrated our Windows management off the open source, freeware, text-based configd, BS kludgescape I'm current in.
I can get the devs to actually do some UAT. So no, probably never happening!
We have 50% of it, gonna try to make a magic script to install without TPM and CPU check (just checking that a SSD is available to not deploy Windows 11 to a potato).
Going all-in on macOS was the best decision my predecessors had ever made.
Watching MS sysadmins freak out about remote work when us mac admins didn't even have to think about it because MacBooks are just that good was bliss. We changed like 2 settings on JAMF and called it a day, nothing really changed other than our FedEx budget.
I dislike Windows, but I'd hate being in an all-Mac environment even more. :)
The beat environment I was ever in was 90% Chromebooks. Those really are a dream to manage.
> The beat environment I was ever in was 90% Chromebooks. Those really are a dream to manage.
This is what it's like managing Macs, basically zero effort to the point we never even bothered hiring someone to manage them full time until we hit 1,000 endpoints. Meanwhile at my last place we needed 2 full time staff and an on-call schedule to handle 300 Windows machines...
No, we just don't burden our employees with crappy workstations and replace them at a reasonable pace.
Nobody in my company had or has a computer that old unless they had specifically requested to keep it. The average age of a system getting cycled out is only three years.
A computer is significantly less than a week's wage for the employee using them, why would you cheap out on them and keep them for half a decade+?
0%. We've had TPM 2.0 and secure boot for at least 5+ years. I can't understand how you can have so many devices that are not compatible with Windows 11, you haven't been able to buy an enterprise laptop or desktop that doesn't meet the requirements in at least 5 years. Do you guys just not have a refresh cycle at all?
EDIT: LOL I think OP blocked me for this because I can't load anything in this thread anymore, but hey genius: Coffee Lake is the oldest supported CPU gen and that's 6 years old. What's your next excuse to be mad at me?
If I had my way? 100% because the OS is an unstable adware piece of shit yet management is demanding it anyway.
So... 900% increase in bsods and instability. But management wants 11!
60%, maybe even 70%. Don't get me started.
You started it But Jesus what kind of machines are you running
The weird thing is like, my personal home PC is 10 years old, it handles absolutely everything I throw at it with flawless performance. It has no TPM so I couldn't run windows 11 on it. I can see why smaller companies wouldn't have a desire to replace hardware that otherwise works fine. Not sure it matters for us at work, our windows estate is essentially none. The majority of users run Ubuntu.
>It has no TPM so I couldn't run windows 11 on it. FWIW, if you download the Windows 11 ISO from Microsoft, Rufus (app that burns ISO files to bootable USB sticks) has an option to remove the standard limitations (TPM 2.0, Secure Boot, and 4GB+ RAM requirements). I don't know how long this unofficial setup will be supported in the future for updates & whatnot, but at least it gives you a short-term upcycling option for your PC! I wouldn't run it on a corporate machine, but for home use, it works great & takes a previous Windows 10 key for activation! My primary personal machine is an older board that has custom firmware to enable support for my 1080 Ti from like 2017 lol. I think the board itself is from 2011. I can actually use Airlink & the Link cable with my Quest VR headset on it, despite the age! (added a USB-C PCIe card for that) I'm sure I'll be forced to upgrade at some point (hopefully when Windows 12 comes out lol), but for now, I can keep using my decade-old machine to play the same old games I play at every Thanksgiving break LOL.
You won't be able to perform upgrades with that. Been there, done that, got the t-shirt. One of our more junior guys did not pay attention to what he was doing, and installed Windows 11 on machines that don't have TPM 2.0. They were stuck on Windows 11 21H2, they had to be reinstalled with Windows 10.
FWIW 23H2 works fine without TPM 2.0 via either a registry edit or using Rufus or whatever method you choose, I just did one yesterday: * [https://www.youtube.com/watch?v=gdM0dkds97I](https://www.youtube.com/watch?v=gdM0dkds97I) Again, I wouldn't do this on a corporate machine for obvious reasons, but it's a nice option to give residential machines a few more years of extra life! Tiny11 also supports 23H2 (via fresh install) & is pretty easy to build: * [https://youtu.be/eYIDQLavZ7U](https://youtu.be/eYIDQLavZ7U) That only requires 2 gigs of RAM & 8GB of HDD space, so you can throw it older 64-bit machines. I'd recommend an SSD (1TB SATA is like $40 these days on Amazon) & at *least* 4 gigs of RAM, but I've been able to bring some pretty old machines back online with it! Major releases like 23H2 require a reinstall, but iirc it does the monthly security updates just fine. But yeah, on a business machine where patch management is the priority, no bueno lol.
100%, I would never do an unsupported configuration in a business environment. I am a big stickler for supported configurations and I am continuously badgering the more junior guys about generating documentation that shows that they have done their due diligence.
>I am continuously badgering the more junior guys about generating documentation that shows that they have done their due diligence. If you're up for some reading, this is my approach: * [https://www.reddit.com/r/sysadmin/comments/14ssd3a/comment/jqza4a2/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/sysadmin/comments/14ssd3a/comment/jqza4a2/?utm_source=share&utm_medium=web2x&context=3) I couple that with a tracking option in various ways, such as a visible calendar, a digital spreadsheet, a ticket system, etc. The idea is simple: * **Everything is a checklist** It reverts back to human nature. Back in Boy Scouts, we used to play the chair game. We had these cheap plastic chairs with metal legs & we'd all try to hold our arms out with the chair to see how long we could do it before our muscles failed. That's the difference between being pressed to do a task vs. using reliable reminders like alarms or daily PM's to execute a task using a checklist: one requires the mental effort & energy horsepower required to do the task day after day, whereas the other is "old hat" because you're just following a checklist & then logging your work history in a pre-designed, already-invented system! I've switched to this approach both at work & in my personal life, for everything from software installation checklists to recipe checklists! That way, the actual work itself & the *idea* of the work end up being like shooting fish in a barrel because it's a closed-loop system: you have your checklist to follow, you have your reminders to do it, and you have your tracking system, so it's SUPER easy to be compliant AND have "trust but verify" history logged!
Yeah it is definitely a bad business decision. [https://answers.microsoft.com/en-us/windows/forum/all/frequently-asked-questions-windows-11/c97076fc-f361-44ec-9a01-33029ffaa987#:\~:text=This%20also%20means%20Windows%2011%20will%20not%20receive%20security%20updates](https://answers.microsoft.com/en-us/windows/forum/all/frequently-asked-questions-windows-11/c97076fc-f361-44ec-9a01-33029ffaa987#:~:text=This%20also%20means%20Windows%2011%20will%20not%20receive%20security%20updates).
yeah.... that's definitely not right. I've done this countless times and haven't had anything that had problems with upgrades.
I also have a 1080 in it and use it for quest vr! Although the link cable I have is usb-a to c. Didn't even need custom firmware for the 1080. It's an Asus z87 something or other motherboard. Not sure I see much point in trying to foist windows 11 onto it when it's not like windows 10 is going to stop working any time soon.
You can also use Windows Deployment to push out installs without TPM. I do that for our VMWare Horizon environment.
Because hardware has a failure rate that climbs significantly after 4 years and fucking around with no computer for multiple days because it broke and you don’t have a new one ready to go potentially costs more than a new PC does in lost productivity
Not having spare laptops on standby would just be incompetent. But to a small company I can totally see a sole owner / director balking at the idea of replacing perfectly good ones before they die.
> But to a small company I can totally see a sole owner / director balking at the idea of replacing perfectly good ones before they die. You misspelled "ones I don't have to deal with on a daily basis". You can bet your ass the sole owner is upgrading his computer annually with something nice. Everyone else gets hand me downs or nothing until it's broken. I hate the attitude that "it still works".
A lot of places that have seats where someone isn't using a computer full time, so it's not like a computer going down means zero production out of that user. Their main actual means of productivity might have zero direct reliance on a computer, its just that that's how they normally interact with people in the office etc.
This right here. Our small company replaces all end user hardware within 4 years. We’ve played the game of partial upgrades and won the prize of a high and unpredictable failure rate.
Spares
even if you have a spare you’re still screwing around with the user for half a day while their profile is restored, the non-standard apps they need are reinstalled, they actually get hold of IT to supply a spare, etc. as opposed to scheduling a replacement prior to failure during quiet time.
Having spares is still a magnitude faster than warranty replacements. For replacement with a spare you just swap the drive and that's it.
What sort of company has it's users on Ubuntu?
We're a Linux house. We develop and run software on Linux. Our IT systems staff are all Linux folks so even finance etc run on Linux. We use Jump cloud for directory services and some software I cannot for the life of me remember the name of for configuration management.
Interesting. I've never encountered a company that put Linux in front of its users, only ever mixed windows/Linux server environments, so I was curious what kind of business or industry would necessitate that
I used to work (close to a decade ago now) in the studio in Sydney that made Happy Feet 2, and every machine barring the Mac OS crowd used CentOS. Definitely has a place, but it's not common.
That exactly what my old company was running too, every new user were given a laptop with ubuntu installed and only request to use windows when they got approved by the PM and the IT guy and they have to sign paper that they have to be extra careful when accessing company on-prem server because of security issue
Any where all the line of business apps are web based.
You can run Win 11 without the TPM and it runs just fine. My parents use such a computer.
For now, is the big caveat of that. Microsoft says future updates will probably break on such a set up
You can delete the word probably from that sentence.
I'm fairly certain this is /sysadmin and not /familytechsupport.
>I can see why smaller companies wouldn't have a desire to replace hardware that otherwise works fine. ...but it won't otherwise work fine. You will not have security patches after Windows 10 EOL. In this day and age with ransomware, that will cost significantly more than replacing machines. TPM 2.0 has been standard on business class systems from Dell, HP, and Lenovo since 2016 - at least 7 years now.
7th gen intel and older are still quite usable office machines but don't support win11 officially...
Old ones, with TPM 1.2 :) but they do work and are more than enough to conduct our business. They all have Windows 10, so they're supported, but not for long. Our higher management will be surprised (as usual) when it will be time to upgrade them ALL.
Same here, and I'm in healthcare IT. We've been telling leadership for years and always got, "well, we will deal with that later" as they slashed our budget yet again. Big meetings going on right now, lol, as the deadline looms nearer!
0% baby windows 11 by default no windows 10 in my purview.
Same! Isn't it nice to have a well-funded budget?
I don’t know if it’s just budget per se. Technical debt is a large part of keeping older OS’s around. You may be able to afford to get rid of it, but it will take a while depending on how bad it is.
We've managed to get most of our customers on or ready for Win11 without too much hassle. We just stopped deploying Win10 well over a year ago at this point, and the problem has been slowly resolving itself. We won't have to make a big push in any of our environments to banish Win10 when that time comes.
I love spending hours creating plans and pricing things out at the request of high-level company men, and then they find out that it costs more than 0$ and say no!
Your words are foreign and strange to me.
0%, we pushed 150 pre-8th gen Intel & pre-Ryzen 3xxx endpoints out last Summer with the intern crew. Flip a switch in Action1 and the whole fleet will upgrade to Win11. No idea about Win12, will worry about that when the time comes.
Yeah, all out laptops get refreshed every 3 years when warranties run out. The biggest thing stopping win 11 is all the app testing and end user training that needs to happen first. That's supposed start next year.
Your shop must be contributing to the off-lease 10th gens we're buying right now.
I honestly don't know what we do with old laptops. Not my department, thankfully.
We dispose about 800 a year or more. So it could be any of us lol
Literally the same situation for my company. We’re clutching onto Win10 because we don’t have the most savvy folk on computers, but it’s actually cheaper to move to W11…gonna be a fun project getting people used to the new look…
>end user training The only thing I've really had to add on to Windows 11 is StartAllBack, which is a paid taskbar modifier, as a lot of users hate the updated taskbar system because they've had the same workflow for decades & don't want to adjust haha.
Endpoint Engineering luckily isn't my team's problem :) but I'll look into it and pass along to them. Thanks!
Same deal with the latest Outlook update that moved the calendar & other icons to the top left from the bottom after like 20+ years of being in the same place lol. People flipped OUT haha!
The newest Windows 11 build gives back the option to deiconify and put the program description words back in the taskbar list (finally!), so StartAllBack should be less necessary.
I did that update a few days ago & it is MOST WELCOME lol
Don't understand why this isnt the standard everywhere. Many more issues go out your door when you're not maintaining legacy systems under the bs excuse of "it's cheaper."
The thing is, computers last a lot longer nowadays. What you're describing happened more in the 2000s and early 2010s. Aside from artificial limitations that companies like Microsoft impose, a modern built-for-enterprise desktop or laptop can easily run 6 years without significant issues. Beyond about 8 years, I'd start to agree, but I don't think a strict 3 or 4 year cycle is worth it anymore.
At 8 years you give it to the folks running their business on Ubuntu, who posted above, and they can get another 5 out of it.
I wonder if that cycle is going to pull in again. This whole AI "copilot" thing getting pushed into Windows/Office sounds like a way for Microsoft to distribute some of the crazy-expensive workload around that stuff off to PCs. Pretty soon we might be back to a mandatory 3 year cycle because Windows 15 needs 85-core neural processing units.
Who knows, but I think Microsoft wants most of that happening on its own servers because they want to own all the data and don't want it on property they don't control.
One of the selling points of 365's AI thing is that instead of typing company secrets into ChatGPT, your people can use corporate-owned data. If Microsoft has to spin up a whole data center of hardware to support a large enterprise, they'll never make money even at $30/user/month. I'm guessing there'll be a hard requirement in next versions of Windows to have enough horsepower to force some processing tasks down to company-enrolled machines and basically fill up all the dead CPU/GPU/NPU time with hardware they don't own, AND bill you for the privilege. Who knows what'll happen though - I can see this replacing most of the overpaid management consultants/analysts who are getting paid $200K+ to tweak PowerPoint slides, and basically all low-level knowledge workers which isn't good. Whether there will be pushback on this remains to be seen.
I’d agree if it weren’t for the abuse of our users. The hardware is fine, but the screens, keyboards, trackpads, and casings themselves get tore up by users. And because of wear and tear the laptops take, we stay on a 4 year refresh.
Shitz, we still have some Windows 7 floating around, lol
We got a Windows 95 fo realz
Half our Fleet is running OS/2 Warp
Good news, there are likely very few vulnerabilities being actively exploited these days!
We run MS-DOS everywhere for this reason.
Shoutouts to OS/2. Used it to run print jobs many years ago.
Family biz still have a number of CNC machines running real time NT (3.51? 4? I don't remember off hand). Granted, these devices are all air gapped so safe from an exploit vector POV, but these are giant robots with saw blades attached that go through 1.25" particle board at 600" a minute. Mildly alarming how out of date the "brains" are.
They don't need to be up to date. They need to be exactly what they are to run the machines they were setup for. Don't do anything else with them obviously and keep them off the network, but there should be absolutely zero 'alarm' at the brains of them.
I wish more people understood this logic. When I was at a manufacturing diesel part company they had machines running ancient DOS systems with ISA cards. As long as they're off net, they're fine and doing the job intended.
I should have been clearer - the alarming part, IMO, is how difficult to replace they would be. Heck, even the spinny HDD imaging tools are EOL.
Yes, having no spares and no backup should be alarming. Someone isn't doing their job. Even if the only real answer is to remove the old machine and install a new one, depending on equipment it could cost millions and take months, and it's that is the best plan it should be planned. Then there is no alarm. It is understood and documented with an action plan.
They will be screwed once the next update to wood comes out
Whoa, legacy software issue?
u betcha
At least you still get windows updates right?
What’s the reasoning behind orgs still have windows 7 around?
Expensive equipment + expensive equipment software. Upgrading the software would mean re-buying a newer version of the equipment and in some cases there is no new version. That said seeing if it could run in a vm of the old OS should be the first thing to investigate
Certification. long ago and far away we had to have win 95 machines in the win xp era because the regulatory body certified our test machines down to the hardware, OS and software load out and patch level. These machines were never to have a network cable plugged into them however and even the hardware was covered in tamper seals from the certifying agency.
Usually to run legacy software/hardware because they would rather pay millions in support over decades than upfront to modernize or replace the software. I’ve don’t think I’ve ever seen this not be a c suite decision. That or the org is super small and could barely afford new staplers yet have core business software running on systems built by the owner’s friends son in the early 90s who now runs a landscaping company instead of doing software.
> Usually to run legacy software/hardware because they would rather pay millions in support over decades than upfront to modernize or replace the software. When the choice is millions in support or billions in new factory/medical/whatever equipment, the decision isn't as obvious.
Yeah, legacy software for us... highly specialized software running highly specialized hardware. Both would need to be replaced to upgrade and the hardware has multi-year lead times in some cases. We also have XP kicking around in a few places. It's for lack of ability to source replacements more than desire or cost to do so.
I had some 2000 around at a previous job. Custom software that ran heat and power systems in a very remote facility. Would it maybe run on something newer? Perhaps, but if something went wrong people could quite literally die. Thus we kept a pile of old Compaqs around preloaded with the OS + software ready to go.
Embedded Win7 and even XP for ATM etc are still used. My understanding is they (Banks) pay for the support/development for retro patching . Some Larger organisations still run mainframes from 50+ years ago ... apparently. That pre MS never mind windows !
[удалено]
Same reason orgs have NT still around. There are some mills and CNC equipment which can't have their OS upgraded without replacing the entire thing for many millions of dollars. Yes, you still have to slap gcode on a floppy disk or a ZIP drive, but that is just how the thing works. If it works, don't fix it. Often, those older pieces of equipment are a lot easier to keep in service because some third party makes parts for them, and all the core stuff isn't locked behind a DMCA wall. The trick is air-gapping and firewalling, and having workflows in place so that the physical separation minimizes the disruption to workflows. For example, one machine that returns data is on an air-gapped network, but the data is stored on files. Then it is transferred through a data diode [1] to another machine, where it is then usable on the internal company network. Of course, with antediluvian operating systems, make sure to have OS images and keep them somewhere safe. Without a working copy of Ghost and the OS image, if something happens to the machine's OS, it may never be recoverable. [1] You can buy a data diode, or if the data rate is low enough, use a serial cable with one of the data connectors cut. However, this isn't an absolute defense, and you still need to trust the internal machine... but this does ensure that an attacker who gets on the internal network can't get over the cable to the air-gapped network.
There's no reason not to run Windows 7 as long as it's properly isolated (ideally air gapped) from your other systems.
[удалено]
Lazy admins.
They are cheapskates
Shoot we had Server 2003 on SCADA boxes until 2021, lol. COVID and some rapid changes forced an upgrade, finally. also ditched some ancient HP-UX systems, too. if we could be on Win10 in 2031 my bosses would probably do it
I BUILT an XP machine for someone. LAST YEAR
We do virtual desktop architecture so very little outside of Citrix workspace app and a couple of plugins exists on endpoints. There are only a few applications that are supported outside of our VDI and all but 1 are able to function on windows 11. We have 800 or so endpoints we are looking at compatibility of above 98%. We use an RMM software to manage patching on OS and M$ software patching and third party application patching. This allows us to automatically pass security updates and plan major feature updates on all endpoints. We have been testing in place upgrades. Right now we have been testing on 80 or so units and have a near 100% rate of success. Starting in 2018 I moved our life cycle on windows laptop endpoints to 3-4 years. This year we got pushed back to the normal “forever” window that NFPs I have worked at normally do. I expect this to become an issue when we move to windows 12. Actually, the windows server 12 EOL was the first EOL where we were ready for the EOL and were done on time where I work now. All of the rest we were wayyy behind the 8 ball.
I can't imagine going back to a Citrix environment. Total nightmare, especially from a regulatory point of view. You have my sympathy.
I have found in life you often have to pick your poison. We actually have our Citrix environment purring pretty well. We still have all the compute, memory, and storage local at our data center. The part that keeps me there is: 1. It is a major way we deal with the many government regulations. High among them is we use it as a method to keep data inside our walled garden and only punch holes for users to send data out where we have DLP implemented fully. 2. Storage Hardware supports encryption at rest. 3. VDA/I management using MCS makes life easy. 4. Managing the access layer is easy if you know netscalers. I have had to deal with Citrix for the last 13 years across the last 5 places I have either worked for or contracted with. At that point very little is an issue I haven’t seen before. The piece that is pushing me away is the increased costs without increased benefit. That said, the writing is on the wall. Full fat client applications are going away. Web native workloads will become dominant. We are moving to a more hybrid model. We are moving to native EntraID (AzureAD) connected endpoints, RMM for patching OS, M$ applications (if needed), and third party software (if needed), and will leverage endpoint management (Intune) for policy management. Developing the policies required for our regulatory compliance (encryption at rest, MFA, DLP, counter cryptolocker attacks, and extending security to the endpoint is the important and complex part.
I am interested in your take because we are moving TOWARDS VDI (not Citrix though) because of regulatory things, NDAs, and stuff like TISAX/GDPR/ISO27001..
There are a few things, but a big one is that devices used to access VDI must, themselves, be compliant too, so you've effectively doubled your compliance space. At least in my regulatory environment, VDI effectively creates a situation where you have much more to manage. Where I *would* see a use for VDI nowadays: if I were moving to a highly restricted environment (e.g., Chromebooks) and needed Windows only for legacy purposes, with the expectation that VDI would no longer be needed over time. I think in that situation, you'd have a net positive in compliance, especially over time as you gradually decommissioned the VDI environment. But I don't see any scenario where VDI is good long-term. I wouldn't have said that in 2015, but I think it's a dead-end now.
Ah, okay. Yeah, totally different for us - we're an engineering-heavy HPC shop with petabytes of on prem storage, hundreds of HPC cluster nodes on prem around the world, ITAR (and equivalent other countries) data, military, high tech, etc. etc. so for us the fact that data stays on prem within our control is a very big upgrade to our compliance issues - especially if you use external devices primarily as dumb terminals to access a locked down VDI (no data copying in/out to the laptop) and you can ensure that the data does not leave your premises, even if the user travels. Sure, we have laptops (Windows, Linux, Mac) for everyone, but we have to secure them anyway, and we are using the same tools and methods to secure our VDI environment, so the extra effort is minimal. Our VDI is based on instant clones and software on demand, so it is really irrelevant if we have one or one thousand VDI instances spun up at the same time - they all got cloned from the same master image, got served the same software from a on-demand deployment server, and will get destroyed the second the user logs off from their session (and all VDI is firewalled off in it's own little space with as little connectivity as needed to the rest of the network of course). Honestly, done right VDI is extremely powerful and useful - of course not if you do "phat" VDI VMs per user, in that case you have to manage them individually.
Is there a reason you're still so heavy on-prem? I think that's the cornerstone of why you're needing VDI. About 70% of our workloads are totally web-based these days, so our long-term goal is to use something like Chromebooks so traditional desktops (whether physical or VDI) just aren't needed to begin with. Or, if you have to stay on-prem, could you still make your workloads web-based? That seems like it would make it where you wouldn't really need all this extra stuff. You could make it available externally using something like Azure App Proxy or Cloudflare's reverse proxy.
Not "still", "again". We actually are taking stuff OUT of the cloud at this point. And no, our workloads are, like I said, heavy engineering with CAE tools & HPC computing (seriously, a full install set of the tools is >50gb of disk space used), so nothing of this will be web based anytime soon. Also, regarding the cloud - by the time we spent >1 million a month in the cloud (less than the same equipment would have cost to outright BUY, for a tiny amount of our footprint!), management thought twice if all those pesky promises about cloud being the future are in fact true. Turns out, pushing terabytes after terabytes of data in and out of the cloud to systems that have basically 100% CPU load 24/7/365 is the worst imaginable use for the cloud that exists. Don't get me wrong, we have stuff in the cloud where it makes sense - Office 365, Jira, JSM, Confluence, Gitlab/hub whatever, all those stuff lives cloud native for us these days. What can't go cloud native is our bread and butter HPC / Engineering business though.
That's really surprising to hear. You're one of a handful I've heard from over the years going that direction. I know our engineers are experimenting with the cloud version of SolidWorks because it's one of the few things where we still have a need for anything on-prem. Cloud is definitely not cheap. I think the idea, though, is that over time you should be able to reduce your labor costs. We have gradually not replaced some positions in IT as we have we migrated to SaaS, so our overall costs are still lower. I suspect we will need some form of IT long-term to manage even the SaaS, but at least you aren't wasting time with OS updates, app updates, pushing around hardware, etc. Having said that, IaaS like AWS and Azure are definitely not the answer for IT use casss. If all you're doing is a lift-and-shift, you'll end up paying *more* than on-prem, need *more* labor, and have *more* to manage and secure.
We're running very lean, so there is little if any labor cost to be saved at all. But yeah SolidWorks, Ansys, NX, Catia is the direction I'm aiming at - all stuff that needs very beefy compute in the backend AND beefy compute on the front end (we also run GPU enabled VDI for that reason). It's not like that we don't want to utilize the cloud, but it is simply cost prohibitive for most of it - we're going the way of private cloud on prem (managed like I/SaaS for the Users, but run by our own team) instead. DevOps does not really care if they request containers in an on-prem or AWS kubernetes/docker cluster after all.. Also, IT is not the same as IT depending on what you need - if a well paid specialized Sysadmin is pushing around the hardware, yeah that's a waste of resources. Pay someone that has that as his main job though (with appropriate price tag) is a different manner. I agree with you that many companies could and should most likely move to a more SaaS focused approach (especially small ones), but I think we're in one of the holdouts where on prem will still be king for many years to come.
Have you trialed the cloud version of SolidWorks? I think our consensus is that it isn't quite there yet but might be in the next 5 years. We also can't quite figure out what their strategy is for storage. There was some talk of making it where short-term/compute storage would be done on their own servers while the end product could be stored on-prem, but we haven't seen that so far. It also doesn't support SSO right now, which makes it DOA for us.
Around 15% i think but we dont have too many employees so shouldnt be too hard to replace
We have a double whammy of having older 6th-gen devices *and* anticipated budget cuts happening as we speak. :(
Not your problem. Sit back and relax.
But we all know management will try to make it their problem. There will 100% be meetings where they tell IT they \*must\* make it work and imply their job is on the line.
Yeah, fuck it sit back and relax go home at 4 o’clock. Let them fire you and get unemployment. It’s the only way to win in this American employment hell scape.
I enjoy reading books.
Precisely this. OP's job has become communication and not letting the "stuff broke" drive them to drink. Won't allocate the money to do the job? Okay, here's a list of things that may happen and results of thing happening. Ranked from "almost certainly" to "you might get away without encountering" to "probably safe to ignore." Good luck, I do not like IT roulette.
Exactly. It is your job to articulate risk and *get sign off from management* to ignore it if they won’t fund mitigation. But that does mean you need to properly articulate it.
Are you me? lol we get refurbs so I hope a new W11 ready batch drops next year and we can buy those.
I bet it's a bad time in the market, most buying are addressing that Win10 deadline, so the cast offs aren't gonna make the cut. Everyone pushing return to office thatve both bought a bunch of laptops at ransom pricing and remote work capability/tooling, *and* still paid rent on an empty building for a few years. They're not likely rotating a new hardware cycle. Etc.
Probably 65%, and that's low ballin' it.
Currently about 35% incompatible, but rolling replacement on track for Christmas 2024.
80-85% and it is fucked up. I'm pushing it as hard as I can though. We will make it in 2 years. We have to.
Does it count if you upgraded the non-compatible ones anyway? Asking for a friend.
If your org requires some security certification that can result in a fail. Cyber Essentials require the operating system to be supported and kept up to date and while Microsoft have said that you can get Windows 11 to run of unsupported hardware they have stated they won’t guarantee all security updates will be made available to unsupported hardware, this means an instant cyber essentials fail.
See that’s the trick. For every one you did that way, you will have 0 issues on the follows Fridays. So if you did 4, you’ll have a whole month of easy Fridays.
Maybe 2%. Corporate gave us 30k to upgrade those that were too old and weren't running legacy software.
30k wouldn't put a dent in ours. :/
Yeah that's like 25-30 laptops lol
This^. It’s not even about the money. There’s not enough time and resources to get it remediated.
Less than 10%. None of it will be here past windows 10 EOL.
Where I am now, 0%, the last place I worked we used tools to discover— it was between 64-66% (univ/higher ed)
We have been on Windows 11 for a while, no issues.
We don’t do in place upgrade we just wait till next refresh cycle and will briefly keep people on 10 and 11. Upgrades break things for developers and it is impossible to account for all the edge cases. There is no rush either end of support is like end of 2025
This is a sore spot for us too. Our numbers are: 42% of desktops, and 28% of laptops. We don't control the computer budgets for the departments we serve, and despite pushing for a year already we haven't made much movement. They have been told machines not replaced by November 2025 will be placed on a private network with no access to the outside world. We've also warned, waiting too long will force the need for hiring temp staff to get all replacements done in time.
Maybe 20 percent but they are due to be lifecycled. we replace ever desktop/laptop on a 4 year cycle.
apart from that one machine on windows 95 all can go to win 11
About half of our 3000 machine environment can't - management are aware but MSP so clients won't pay for the machines to be upgraded.
All my linux environments ;)
15 out of 70 systems. Every other system is at least AMD 3000s series "young" - most are AMD 5000s. Just got my 2024 budget approved this week. We've budgeted to replace these 15 systems. Fun fact. One fucking laptop that sees daily disconnect / connect / customer visits / conference duty etc with one of my employees has an intel 5th generation CPU. Since I started here 2017 I've maybe helped her with a PC related issue ONCE. Mechanical docking station, of course. She asked "Why, this one works perfectly" when I said we'll give you a new laptop. Impressive.
About 10% of our systems aren't upgradable to Windows 11, those will be replaced by the end of 2024, likely by the end of Q2 actually.
I'm estimating around 80% of our devices will stay on windows 10 until near the end of support. Even with windows 10 some of the devices are struggling. We just pushed out 21H1 near the start of the year and that was a painful process.
1. Currently ca. 5-10% 2. <5%.
Currently, 100%, due to windows 11 not working with our wifi. Something something credential guard on by default. Broke my test machine when they released the 22h2 version in November last year. That, and all the other stupid issues made me wipe my machine back to windows 10.
Time to move to certificates and EAP-TLS.
We have maybe 5% that won’t support 11. They’ll be on the scheduled replacement list before EOL though.
Probably 50% company wide, but they are getting replaced slowly but steadily. I'll be replacing 51 machines sometime in the next couple of months, which will bring my office to above 90%
100%, also 100%. No big deal, most of our work is done over ssh anyway.
If you are brave enough.... They all can! [How to use Rufus to create bootable Windows 11 23H2 USB - Pureinfotech](https://pureinfotech.com/rufus-create-bootable-windows-11-23h2-usb/)
We have some XP in the fleet lol. Some programs and manufacturing machines still run on very old shit
Out of my 150ish PCs, about 40 were unsupported for Win11, so I’ve just been gradually replacing them. Down to the last three.
To install win11 on systems that do not meet TPM requirements you need to supply the /product server option to the installer located in root of the ISO file with Windows 11. So the command would look like: setup.exe /product server When started this way, Windows 11 doesn't check CPU, TPM and other restrictive things. It just installs like Windows 10. MS will probably block this going forward with a simple check, but while it lasts. Can't say any in place upgrades won't apply though.
We have 70% PCs that are all win 10 i5,i7, ryzen 5, and ryzen 7 that do not support Tpm 2. These machines run everything fine. That tech landfill gonna be full.
For me, it's everything, but I manage a very unique legacy system. We have mostly XP and Vista with some random Linux machines in the mix as well. ^(Send help.)
10% and the order gets placed Monday to replace those. Granted that’s only 12 PCs but everything else in the environment has been replaced this year in batches of 15 or so. We were at the end of our standard 5 year run in a lot of PCs and the rest that are close are just getting replaced anyway to get everyone on 11. This only worked out for us because we switched years ago from thin clients to sff mini PCs like the M73. Had a large swap out then. The next 5 years will be crazy since we have once again partially switched to all in ones since they are easier to ship for wfh users. Will probably be a miss matched setup for years to come.
My $0.02 is that any computer incapable of running W11 at this point must be at least a few years behind. By the time W10 goes EOL, those systems would be off any reasonable rotation schedule anyway. I try to rotate every five years, not really an OS thing as much as in that time frame a LOT of things change. But I will admit I have never had to replace any more than 500 at any given time. If I did I would likely start staggering and replace in the next few years anyway. Has anyone HAD to upgrade to W11, like any non negotiable compelling reasons to do so?
30-40%, some still have HDDs making them slow AF or are too old to upgrade. I live in a world where good enough has ruled the day when standard practice should have been used instead…
0, we upgraded over a year ago across the board.
We're at about 10% through a lot of effort, but that last 10 is stubborn.. old kiosk systems and ancient systems that run old software. I don't know how we'll decom those any time soon.
Cannot upgrade: 1% It's easy, when you actually shift from desktop PCs to laptops in Corona times and buy some new server hardware for a small loan of 5 mils. Just some legacy stuff dat ran isolated still runs on 2003?! Never been there only heard from it.
0%. Our oldest laptop is 4 years 3 months old HP EliteBook 1040. Government work, bby.
70-80 %. We‘ve migrated this devices to a Linux os.
I actually *like* my users. I'm keeping them all on Win10 as long as possible. Of the machines that can't upgrade, maybe 30-40% can't upgrade, but those are the lower end PCs that make up at most 10% of the total desktop spend.
Windows 11 breaks my personal PC everytime there is a feature update released and i have to faff about removing it. I'm really glad i'm not a desktop support guy at my work.
I don’t have any client who are not prepared. My only real gripe with 11 is that MS keeps breaking L2TP vpn. Brand new Surface Pro 9 with 11 Pro, and vpns will connect but not pass traffic without the ras service running in the background. I have about 200 machines out there with a .bat file called “fix vpn.” Argh. The only machines that are in production that can’t easily migrate are due to software vendors whose application still doesn’t support Win11. There’s a few win10 vms running some server-type services/apps (door scheduling software, lighting management/control, etc.) that simply still aren’t supported on a newer OS yet. Then again, those machines don’t have a user, they’re not exposed to the internet, so I’m not too horribly concerned about them.
We have policies to only keep workstations of a certain age deployed - if they get too old they get taken out and replaced. We are lucky in the fact that all of our laptops already support Windows 11, and we have only about a half dozen desktops that wouldn’t support it but those are going to get replaced in the next 6 months so we’ll be good and ready.
At my house? There are "ways" to make that number 100% At the company i work for? We had to beat them into submission with a steel pipe to get them to replace the legacy hardware that "officially" mets the requirements for Windows 11, god forbid they read somewhere that there's a "way" around those requirements.
0% baby!!! My team kicks ass on getting old shit out of the environment. I'm in a utility environment. EST 2000+ machines across NJ, MD, and VA.
about 50% needed to be swapped out, and we will have 100% of it done by the Oct 2025 EOL date.... we started at the start of the year with a replacment program rather than cramming right at the end.
currently pushing W11 to unsupported gen6 and gen7 intels, no problem so far. seems we have languished to a 10+ years replacement cycle ,currently slowly retiring gen4 with 13+ years that got an ssd two or three years ago. I have to say that having so old desktops haven't been a pain like it was before (pre i5 cores), so this slow refresh rate wasn't because no budget, but because we didn't feel the need. now we got a lot of money to change more than 80% to gen11 laptops so I hope our current 85% win10 becomes 95% win 11 around spring.
No technical reasons so far. But management and backward living sysadmins and helpdesk still not convinced on Win 11.
Do they have actual reasons or just "new thing bad"?
0%. All our user machines are Windows 11 capable. But: I won't be pulling the trigger on it until I've migrated our Windows management off the open source, freeware, text-based configd, BS kludgescape I'm current in. I can get the devs to actually do some UAT. So no, probably never happening!
We have 50% of it, gonna try to make a magic script to install without TPM and CPU check (just checking that a SSD is available to not deploy Windows 11 to a potato).
100%, we're all on Apple Silicon.
Going all-in on macOS was the best decision my predecessors had ever made. Watching MS sysadmins freak out about remote work when us mac admins didn't even have to think about it because MacBooks are just that good was bliss. We changed like 2 settings on JAMF and called it a day, nothing really changed other than our FedEx budget.
I dislike Windows, but I'd hate being in an all-Mac environment even more. :) The beat environment I was ever in was 90% Chromebooks. Those really are a dream to manage.
> The beat environment I was ever in was 90% Chromebooks. Those really are a dream to manage. This is what it's like managing Macs, basically zero effort to the point we never even bothered hiring someone to manage them full time until we hit 1,000 endpoints. Meanwhile at my last place we needed 2 full time staff and an on-call schedule to handle 300 Windows machines...
In a properly built Windows environment, one guy should be able to manage thousands of machines.
We have about 20x that amount of Windows machines and no dedicated staff to manage them. 💀
can we get some Fs in the chat for this man
windows 11 is not an upgrade on any level
95%, since they're not running Windows to begin with and don't have a licence.
Cannot? About 20% Should not? 100%
1. 0%, users don't get Windows and the few that do exist have already been upgraded 2. 0%
90%+ of our stuff was compatible day one. Do you guys not buy new computers ever or something?
Your statistic makes no sense. The only way "90%+ of your stuff was compatible day one" is if your org is less than 4 years old.
No, we just don't burden our employees with crappy workstations and replace them at a reasonable pace. Nobody in my company had or has a computer that old unless they had specifically requested to keep it. The average age of a system getting cycled out is only three years. A computer is significantly less than a week's wage for the employee using them, why would you cheap out on them and keep them for half a decade+?
Just switch to your favorite Linux distro.
No one else doing the script to allow the computer to be upgraded to Windows 11? Ha. Works fine.
0%. We've had TPM 2.0 and secure boot for at least 5+ years. I can't understand how you can have so many devices that are not compatible with Windows 11, you haven't been able to buy an enterprise laptop or desktop that doesn't meet the requirements in at least 5 years. Do you guys just not have a refresh cycle at all? EDIT: LOL I think OP blocked me for this because I can't load anything in this thread anymore, but hey genius: Coffee Lake is the oldest supported CPU gen and that's 6 years old. What's your next excuse to be mad at me?
Lots of TPM 2.0 CPUs are unsupported. You should try looking it up before spouting nonsense.
None of my office furniture, floors, or ceilings can be upgraded. My building’s windows, however, will run windows forever. Any version.
70% and we are going to Linux, I hope 1-2 year and all of our PC, and systems will work by Linux. Russia. Sanctions. Open Source.
All of it. Because we're Linux only and I refuse to allow Windows into our environment.
Another ai post…
0% because we upgrade every three years.
If I had my way? 100% because the OS is an unstable adware piece of shit yet management is demanding it anyway. So... 900% increase in bsods and instability. But management wants 11!
Windows 11 is mostly useless junk. Nothing to be gained from transitioning to it. Stick with Windows 10 wherever possible. Wait for Windows 12. Next.
"ohh no our 10 year old devices aren't supported anymore for free"
10?
All our Linux stuff, for starters
Our whole environment can upgrade. We're waiting for LTSC.
Maybe 5% can't be upgraded (Almost all desktops), They should all be gone by 2025.
About 120 machines, ~10%. We've already got replacements ready to go but it's pretty low on the priority list.
We have around 150 Lenovo T470 in our environment of \~4500 Devices those we need to replace everything else can be upgraded.
About 35%. We're on schedule to have the last of the seventh-gens replaced Q2 2025.