To reduce workload on the server, the server is a 'reactive' entity only. The clients will send information to a server when they have it, or request information from a server when they need it, but the server will never actively upload information to clients or query clients for information.
The server will cache as much information as possible, for instance, which rules apply to which computers. Furthermore, the server only calculates which set of rules apply to a computer and sends back these rules on request. It does not calculate whether or not someone is allowed to log on. These calculations are done entirely by the client itself upon logon.