we have one issue that AD group(everyone) has been added in SharePoint Central Admin policy for web application level due to that all users have full control to access the all site.

if it remove the group from policy for web application level,user cannot access the site even-though user has permission in site level .

I would be greatly appreciated it if you help me.