As you have probably noticed while following along with our lab build so far, there is this thing hanging out inside GPMC called the Default Domain Policy. This is a GPO that always exists by default in a fresh domain implementation. In fact, I have never seen an environment where this policy did not exist, so it is not a common practice for anyone to remove or delete it.
The Default Domain Policy contains a handful of security-related settings. The most important part to understand about this default policy is that it applies to everyone: a users on all domain-joined systems. Any settings you plug into the Default Domain Policy will roll out on a very large scale, which could cause you a lot of grief if not done properly. ...