Let's say that we want to restrict a lot of settings/policies to a group of computers that are physically placed so that the public (external clientèle) can use them to consult some of your services; you might want to apply these policies to those computers, because you want to make sure that your security measures will still apply, even if an internal user account was used to log in.