Hardening clients and servers requires an understanding of the available methods for establishing the security settings in an efficient and consistent manner. Two tools are designed to harden clients and servers: security templates and security policies. Security templates can configure the majority of the security settings to harden any client or server. Security policies are created with the Security Configuration Wizard, which is more intuitive to use and is based on server roles, administrative functions, and other aspects of the servers.

Whether you use a security template, a security policy, or both, you should use Group Policy whenever possible to deploy these settings. As we saw earlier in this book, a key aspect of security hardening is how you design your OUs and link your GPOs in Active Directory. With hundreds of security settings available in a single security template or policy, you must rely on the security best practices detailed in this chapter to get a head start on establishing your security baselines and hardening guidelines. Once you deploy the security settings, you only need to monitor the affected computers for errant behavior or malfunctions to ensure that your security settings don’t cause any problems.