I see that the topic "Group Policies Object" - GPO - is interesting.
In this regard, I would like to underline some ineluctable foundations for their correct management:
1) There are GPOs aimed at PCs that access the Company Domain (based on Active Directory), whose management is completely different
2) There are GPOs aimed at local PCs (our case)
In the case of local GPOs, we have 2 different situations:
1) GPO referring to the PC (Machines) which, once set, regardless of the access account - existing or new - will always be valid (except for possible variations dependent on updates and / or new software installations) and for everyone
2) GPO referring to the user (Users) which, once set, will be valid only and exclusively for the User only at the time of their creation; If new accounts are created on that PC, the previously created GPOs will not be valid.
This is why it is preferable to set up GPO for Machines...
However, various previously set GPOs may change as a result of software updates, new software installations, etc .: keeping any changes under control requires a fair amount of specific knowledge.
When setting up a PC, perhaps via ISO optimized with NTLITE, the only manageable policies are those of Windows, detectable via gpedit.msc.
In addition to downloading the respective admxs, it is necessary to import the same (preferably only the part in your own language) according to
this guide - specifically referring to Microsoft Edge but also valid for Office, etc.)
Here instead you can find the GPOs for various other software even if some info may be "dated".
There is a lot more to say but it would be extremely difficult, as well as dispersive, to deal with the different aspects.
Moreover, I think nuhi is taking an interest in this and if there were specific requests, in my small way, I'm here.