5.1 Security Considerations for Implementers
It is important for implementers to note that the server might (and often does) have nearly the same policy application sequence with multiple clients, which means that the protocol is not suitable for communicating confidential information for disclosure to only one computer (or to only one user) unless other security measures have been taken (such as a physical security mechanism, IP security, and so on).
Examples of such confidential information are passwords, asset account identifiers, and government-issued identification numbers. Even with additional security measures, the Group Policy: Core Protocol is not intended to transmit such sensitive information and thus it is recommended to be used to transmit administrative intentions to multiple client computers.
It is important for implementers to note that the GPO is made up of Active Directory objects under GPO DN and file system objects (files and directories) under the domain-based DFS path GPO path. Access to both the GPO DN and GPO path of a GPO needs to be secured to secure access to a GPO.
It is important for implementers to note that a person with the appropriate permission on the Group Policy server can modify the GPO settings. As specified in section 3.2.5.1.1, the client locates the Group Policy server - a domain controller (as specified in section 3.2.1.13) by invoking the DsrGetDcNameEx2 method ([MS-NRPC] section 3.5.4.3.1. A domain controller, by definition, is a trusted third party for the domain.