You have agents and you have plug-ins. The settings for the agent are covered under two areas, Global and Targeted. Global is global, so the settings you apply here will apply to all agents. Targeted can be--yes, targeted--toward specific systems. Just clone the policies that exist or create new ones, change the settings, apply to a new target (i.e. 'Windows Workstations'), and enable the policy.
For plug-ins, these really follow the behavior of the Symantec Management Agent global and targeted settings, but the plug-in behavior itself may be modified by other policies. For example, the Software Update plug-in's behavior is modified by the Default Software Update Plug-in policy, the Windows System Assessment Scan (or Vulnerability Assessment in older version) settings, and the software updates (patches) you choose to apply to the systems.
Does this answer your question?