This question is more for Quora, StackOverflow or superuser. In the future, redirect your general IT questions there.
GPO's are not guaranteed to be "massive", it depends on the organization's need for granular controls. Enforcing a single, universal policy is trivial.
But some orgs need specific sub-rules for individual departments, server roles, or even employees -- which grows the complexity.
Take the time to read a good Active Directory book from the library.
Group Policy is really a set of registry changes, which are stored in policy files. Policy files may be implemented, or audited. Within AD, GPO's are pushed to target systems and installed locally. Local policy files can be copied or imported into images.
Policy files work by creating or changing reg keys. But you can get the same results from directly editing the registry. It's just a top-level system to push changes around multiple PC's. There's no magic, it's just a distributed management tool.