How do you approach designing and implementing a clean Group Policy Object (GPO) structure to secure endpoints without degrading performance?