Yes, you are correct.
Trusted Networks policy lists IP addresses and networks that are safe for communication.
Trusted networks can include individual IP addresses or ranges of IP addresses. Marking networks
as trusted eliminates or reduces the need for network IPS exceptions and additional firewall
rules. For Windows clients only.
Trusted Networks and Trusted Applications policies can reduce or eliminate
false positives, which aids in tuning a deployment.
Thanks for clarifying.
I think I might do it the other way round as follows:
Keep my trusted networks list to include all internal networks that need to communicate with each other e.g. the subnet with servers and the one with workstations and printers.
Create a rule on all servers that allows TCP In/Out between all servers that fall within the range of IP addresses that I use for my servers, i.e. not the trusted networks so excluding workstations and printers.
That way I can use the default corporate firewall rule set that includes rules that you would want between workstations and servers such as netbios and AD and means I don't need to treat workstations as entirely untrusted and create separate rules for them.
So, in summary, my servers allow all traffic to and from all other servers and some traffic to/from clients on the trusted networks. Servers running web services or other apps can have custom rules to allow traffic inbound as required.