What are the two main exploitation approaches for remote execution via GPO scheduled tasks?

If you have domain administrator privileges or edit permissions on a GPO, you can either (1) create a new GPO with a malicious scheduled task, or (2) modify an existing GPO that already contains scheduled tasks by replacing the `ScheduledTasks.xml` file. Both approaches require forcing a client policy refresh (e.g., `Invoke-GPUpdate`) and later cleaning up traces. The prerequisite is control over GPO editing, often achieved after domain compromise.