Windows 7 Extended Security Updates
February 28, 2020
The time has finally arrived! On January 14, Microsoft formally announced the end of support for Windows 7. If you haven’t made any updates in a while, now might be the time to get the final Windows updates available to you.
I’ve had a few customers ask about the delivery and activation mechanism for Extended Security Updates (ESUs). In this post, I will cover what Windows 7 end of support means for you and how you can get Windows ESUs for eligible devices.
Windows 7 End of Support
What does it actually mean now that Windows 7 has reached end of support? For Windows 7, Microsoft will not fix any security issues, even if they are openly reported. If you are planning to use Windows 7 without Internet access, then you may not have any issues – if not, you should proceed with caution. Malware creators and unethical hackers have been waiting for this date and will be ready to exploit unsecure systems. Not only will they try to steal data from unsecured computers, but you could be at greater risk of a ransomware attack or these devices being used to spread viruses on your network. There is significant risk in the ‘do nothing’ approach.
Windows 7 Extended Security Updates
Microsoft is offering one last chance to those who are serious about moving to Windows 10, through the ESU subscription plan. With this you can pay per user, per computer on a yearly basis, to get access to fixes for any new vulnerability that is found or reported. It is the best option for anyone that needs to keep using the Internet for their business and applications.
ESUs are available through specific volume licensing programs and coverage is available in three consecutive 12-month increments from January 14, 2020.
How to Install Windows 7 or the Extended Security Updates
Prerequisites
The following must be completed before installing and activating ESU keys:
- Install the following SHA-2 code-signing support update and servicing stack update and servicing stack update (or later):
Windows 7 SP1
- Install the following SSU and monthly rollup:
Windows 7 SP1 and
- Once activated, continue to use your current update and servicing strategy to deploy ESU
Installation and Activation
First, install the ESU product key using the Windows Software Licensing Management Tool (slmgr):
Note: Installing the ESU product key will not replace the current OS activation method being used on the device. This is achieved by using the Activation ID to differentiate between the operating system’s activation and the ESU activation.
- Open an elevated command prompt
- Type slmgr /ipk <esu key> and hit Enter
- A dialog box will notify you if the product key was installed successfully
Next, find the ESU Activation ID:
- In the elevated Command Prompt, type slmgr /dlv and select Enter
- Note the Activation ID as you will need it in the next step
Activate the ESU product key:
- Open an elevated command prompt
- Type slmgr /ato <ESU Activation Id> and press Enter
Once you have activated the ESU product key, you can verify the status at any time by following these steps:
- Open an elevated Command Prompt
- Type slmgr /dlv and select Enter
- Verify Licensed Status shows as Licensed for the corresponding ESU program
We recommend using a management tool, such as System Center Configuration Manager, to send the slmgr scripts to your enterprise devices.
Get in touch if you need assistance with the procurement of the ESU licenses or activation and deployment of ESUs within your organisation. If you’re ready to begin your migration to Windows 10 take a look at the blog by Data#3 National Practice Manager for Microsoft, Scott Gosling – Clinging to the Windows 7 Ledge: Are You Ready to Make the Leap to Windows 10?
Tags: Malware, Microsoft, Microsoft Office 2010, Microsoft SQL Server 2008, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows Server 2008, Ransomware, Security
