(Using the 'Block Inheritance' functionality on individual OUs allows this behavior to be overridden, but that's more of an advanced topic.) The main default setting that comes out of this GPO is the domain password policy. The 'Default Domain Policy' is a GPO created during the creation of your Active Directory domain that contains settings that, by default, apply to all computer and user accounts in the domain. To answer your specific queries (at the risk of repeating what TechNet says): By leaving these settings in their default state you create a situation you can disable all your custom GPOs and return everything into a default state. You can create your own GPOs that contain your custom settings. I'd recommend strongly against modifying the 'Default.' Group Policy Objects (GPOs) that are created in Active Directory by default. Some background information on Active Directory would probably help you, too. It sounds like you'd do well to get some background information on Group Policy before you begin making changes.
