Doc,
I've worked in several banking and financial organizations that require strict control of desktop and email settings. I agree that a large number of GPOs can impact performance - I worked for a client that had over 1200 GPOs and 430 login scripts! (got that down to 16 GPOs and 1 script. 
) Performance there was horrible until we consolidated and eliminated the policies.
The prevention of desktop configuration and user restriction is also critical in an RDP/Citrix environment. Other industries and small businesses may not have the same control requirements, but an image-consious organization will not want potentially offensive (or simply personal statements of politics, religion, or sports) to be interpreted as corporate policy.
I generally have one workstation and one user policy that configures the user environment. These overlay a general computer policy, and may be supplanted by a GPO that further controls specific workstation types, such as laptops or tablets. I also never mix User and Computer settings in a single policy, so I might have a few more than minimally required, but they are smaller and more specific.
Bottom line, if you want to prevent the use of unauthorized desktop images, you must specify the image to use. Simply defining the desktop settings to disabled isn't enough. We found that referencing an image file that does not exist AND is in a path that a user does not have write access to provides the control without any overhead of actually creating and deploying an image file.
Glenn
_________________________
Actually I
am a Rocket Scientist!
