Looking for some "standards" or "Best Practices". I have been told to never edit the Default Domain or Default Controller Policies. Is that really "Best Practices"?
So as a general rule (and I know there are exceptions) most policies should be linked to either the Computer OU or the User OU depending on what the policy does?
Do you try and stay away from writing a new policy for every tiny setting and do something like make a generic "MyCompany Workstation Policy" and "MyCompany User Policy" and keep as many applicable settings in as few polices as possible?