Hi,
Thank you for posting in Symantec community.
I would be glad to answer your query.
Adding one more article for reference: http://www.symantec.com/docs/TECH102686
If the client software runs in user mode, the client computer gets the policies from the group of which the user is a member. If the client software runs in computer mode, the client computer gets the policies from the group of which the computer is a member
Policies in the Symantec Endpoint Protection Manager (SEPM) can be applied to users or computers organized together or separately into groups. When a Symantec Endpoint Protection (SEP) client connects to the Manager it can provide user and computer information for the purposes of identifying itself. In addition, if there exists a match for both the user and the computer in the Manager, then the client's preference configuration will determine which setting is applied.