What way do you recommend implementing host based access control? Should I use GPO or LDAP host attribute?