Research, and more research
Windows attack patterns in the last 12 months and local GPO defenses
Attackers have leaned hard on abusing Group Policy as a distribution and control layer for malware, scripts, and ransomware. The core pattern is: gain a foothold, live off the land, escalate, then use GPO