AMP Policy for Terminal Server

chris.ekert1 · ‎04-22-2020

Hi Team , Struggling to get straight answer on this one...

Not sure best practice for the AMP Policy to cover our Terminal Servers, We run 90% of our clients in Terminal server Farms. They are no VDI environment. Trying to determine best policy to enable workstation or server features?

Trying to ensure we have the right features turned on to capture but not to much to cause perfromance deg. Just need baseline that we can work with..

Thanks Chris

Ken Stieers · ‎04-22-2020

As an Citrix guy since MetaFrame 1.8, I wouldnm treat them like workstations...I'd turn off the system tray app though.

chris.ekert1 · ‎04-22-2020

Thanks Ken, Just confirming you would treat them like workstations ?

Currently we do turn off the system tray - we have to so that we can deploy via GPO.

Ken Stieers · ‎04-22-2020

Yep, like workstations.

Muhammad Awais Khan · ‎04-22-2020

Hi,

I usually treat it like server for these type of situations as you said we want to avoid performance degradation and at the same time setup base line policies.

Features like Network and Malicous Activity protection can be disabled, since it is a terminal server and we may expect lot of connections. Turning features like Network can create some performance issues.

I know it is debatable but below is the policy worked well in one of my client for Term server:

Files - Quarentine

Network - Disabled

Malicious Activity Protection - Disabled

System Process Protection - Audit

Script Protection - Audit

Tetra - On

Exploit Prevention - On