Looking for some "standards" or "Best Practices". I have been told to never edit the Default Domain or Default Controller Policies. Is that really "Best Practices"?
So as a general rule (and I know there are exceptions) most policies should be linked to either the Computer OU or the User OU depending on what the policy does?
Do you try and stay away from writing a new policy for every tiny setting and do something like make a generic "MyCompany Workstation Policy" and "MyCompany User Policy" and keep as many applicable settings in as few polices as possible?
My personal best practice tips
1. Always comment everything - future you will be grateful
2. enable verbose (highly detailed) status mode to make troubleshooting a bit easier.
Below are two articles on those two tips: