Chapter 15 discussed how to create an efficient and secure Active Directory infrastructure. First, it relies on the administrator to create a role-based OU structure. Then, role-based security templates are imported into role-based GPOs that are then linked to the role-based OUs. A one-time, inclusive security template is applied to all computers. A Local Computer Policy is used to ensure that domain policies aren't bypassed and to apply moderately critical settings again. A domain-level baseline policy is applied to all users and computers. It pushes down critical security settings. Lastly, incremental policies are used to push down policy settings that will help each role-based computer and user. If appropriately planned, Active Directory security can be an efficient asset in the fight against malware and hackers.