Assign GPOs to machines

You could place the GPOs at the domain (root) level in your AD structure, assuming that you intend to apply them to all domain joined machines. Otherwise, you're going to be creating a computer group.

Computer settings can only be applied to computers. You cannot apply a computer setting to a user.

It is possible to get a user setting to apply to every user on a computer. That is different, and requires GPO loopback processing, and isn't what you want or need.

Best I can tell, as long as your GPO is applied to the correct OU where your computers are located, then the computers will receive the policy. I believe that are trying to solve a problem that you don't actually have.

I think loopback processing might complicate things.  I'm going to have to create a group for all PCs.

Computer settings don't apply to users.
If you put all of your computers into one or more OUs that don't contain users, (which you should be doing anyway), then you can apply the GPOs to the computer OU and not worry about any group management, even if the GPOs did contain user settings.

Even if you are using Loopback, you don't have to create a group for all computers. All loopback will do is either replace any users settings with the user settings in the GPO that has Loopback set or will Merge them. (Depends on your settings). To make a GPO only apply to Computers, just don't put user settings in it. Also, you could use the domain computers group in the security filtering instead of Authenticated users if you wanted.

Loopback is totally inappropriate here. I only mentioned it because while it is IMPOSSIBLE to have COMPUTER settings apply to USERS, it is possible to have USER settings apply to all USERS of a COMPUTER, even if the user in question would not ordinarily have the GPO applied because it is not applied to an OU containing the user.

I only mentioned it because the Author did. Wasn't sure if he was trying to apply other User settings along with the Edge settings.

Domain computers would be great however, this is a very large domain spread out over several states across the USA.  If I use domain computers then all machine will be in that policy and I'm not sure that's the best way to do this, even though I have other domains blocked. There's about 500,000 machines - could that work?

Wait, you're working on a domain with half a million domain members and you don't know how to scope GPOs?

Surely there must be someone in the organization that knows how to do this. That's a very large organization, and there should be lots of people involved with managing GPOs. There may be specific and particular ways things are done inthe organization.

In general, I can tell you that GPOs get applied based upon which OUs the GPO is linked to, AND the security filtering on the GPO. There is also item level targeting, which is honestly something that I am not operationally familiar with but I know of it.

Not sure I get your concern. the number of machines really does not matter. As long as you want all machines to get the GPO, then of course it would work.
  But understand, if your GPOs only have Computer settings in them,  then you can still just use Authenticated users (the default) and it will only apply the settings to Computers. GPOs have 2 sections; Computer configuration and User Configuration. Settings in the computer configuration will only apply to computers affected by the GPO. Settings in User Configuration will only apply to users affected by the GPO.

No you have it all wrong..I have 100's of domain OU's each admin is responsible for his/her domain OU.  The group Domain Computers encompasses all the OU's (Domain) machines.  I have my GPO's blocked from other OU's but I don't know how this will be applied because of the OU separation. Does that make sense?  

As for Authenticated Users - that's where is all began - it seems my computer configuration isn't working on my Authenticated Users.  It wasn't until I actually create my own Computer group and applied it that it started to work.