The content filtering option is an all on or all off option, all policies have it or none do.
The AD groups option is built in when you set up authentication so we know which AD user is using each client. Here is a document discussing the two options for authentication:
https://support.symantec.com/en_US/article.TECH97340.html