Thin clients in a high security windows network

Apologies in advance, I'm a windows administrator with no experience with Thin clients :emotion-1:

I am about to apply security settings from Microsofts Security Configuration Manger GPO's to domain controllers. I want to import the GPO "WS2012R2 domain controller security compliance 1.0" in a GPO targeting the domain controllers. The current domain controller GPO contain many low security settings, and I need to fix this. I believeThe settings of interest are:

Domain Controller: LDAP server signing requirements: Require signing

Domain Member: Digitally encrypt or sign secure channel data (always).

Mirosoft Network Server: Server SPN target name validation level: “required by client”

Network security: Allow local system to use computer identity for NTLM.

Network security: Allow localsystem NULL session fallback: disabled

Network security: Configure encryption types allowed for Kerberos: not allowed DES_CBC_CRC or DES_CBC_MD5.

Network security: LAN Manager Authentication level: Send NTLMv2 only, refuse LM and NTLM.

Network security: Minmum Session Security for NTLM SSP based servers (including RPC) clients: NTLMv2 and 128 bit.

Network security: Minmum Session Security for NTLM SSP based servers (including RPC) servers: NTLMv2 128 bit.

Most users are using Wyse thin clients. They log on to the thin clients using domain credentials. CItrix and storefront is used in the organization. I have very little knowledge of the thin clients, but the version number is 8.0_210. I believe there are different versions in the organization, but i can find out.

Will the thin clients continue to work after i apply the SCM GPO to the domain contollers? Do i need any software update or specific configuration on the thin clients to make this work?

Advice is highly appreciated!

Ragnar