This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dr_Steve_Brule
Participant
‎2023-02-06 12:00 PM
Jump to solution

MUH2 Terminal Server Identity Agents on regular computers and laptops + ID Collector

Can the MUH2 client be applied to all clients in an AD environment regardless if they're a terminal server or not?

Customer has several Windows 10 Enterprise multi-hosts (per sk177024) mixed in with their regular desktops and laptops within their departments and they would like to more granular identity-based enforcement on those machines.  Since these are mixed in everywhere among different AD groups/departments, they would like to push out the MUH2 client to all endpoints regardless of where they reside.  Is there any harm on running the MUH2 agent on regular desktop/laptops?  Customer is also using ID collectors to complement the agents.

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2023-02-07 06:52 AM
In response to Dr_Steve_Brule
Jump to solution

MUH2 agents are only for multi-user hosts. For hosts without multi-user you have to use the normal identity agent or no agent.

With identity collector you can get the identities without installing an agent on normal desktop clients.

View solution in original post

4 Replies
Wolfgang
Authority
Authority
‎2023-02-06 12:12 PM
Jump to solution

@Dr_Steve_Brule Yes, Windows10 Enterprise multisession is supported Terminal Server Identity Agent v2 (MUH2) supported in Windows 10 Enterprise multi-session 

Some limitation with MUH2 agent …. as an example 1000 agents per PDP gateway, see Terminal Server Agent v2 (MUH2) - FAQ 

0 Kudos
Dr_Steve_Brule
Participant
‎2023-02-07 06:39 AM
In response to Wolfgang
Jump to solution

Thanks @Wolfgang .  But any harm on installing the agent on regular desktops that aren't multi-user hosts?

0 Kudos
Wolfgang
Authority
Authority
‎2023-02-07 06:52 AM
In response to Dr_Steve_Brule
Jump to solution

MUH2 agents are only for multi-user hosts. For hosts without multi-user you have to use the normal identity agent or no agent.

With identity collector you can get the identities without installing an agent on normal desktop clients.

PhoneBoy
Admin
Admin
‎2023-02-07 08:16 AM
In response to Dr_Steve_Brule
Jump to solution

You should only install agents on systems that actually need it.
At a high level, this includes:

  • Multi-user hosts
  • Roaming users (specifically roaming within a site, like with WiFi, where the user IP might change)

There are some scalability issues that will need to be accounted for on the gateway the agents are connected to.
I believe an R81.10 gateway can handle up to 50 MUHv2 agents connected to it.
R81.20 should be able to handle far more. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events