There's a high probability we won't plan to use the default root account, or even the default user account from our distribution (those ubuntu or centos users). There's an even higher probability we'll need a Unix account very early in the process, even before the proper configuration management tool enters the game.

Let's say our IT security policy wants us to have an emergency user account in a group named infosec for the IT security team with passwordless sudo rights and the simple /bin/sh shell. This account has one authorized public key automatically populated. The policy is also to remove the default ubuntu account.