Well, that's the point of using user mode - for example if there is a particular user A that has assigned the Application control policy you speak of, and there is the administrator that does not have this policy assigned. If you log out the user A, and log in as the Administrator the policy will not apply as it is a different user.
http://www.symantec.com/docs/TECH102686
https://www-secure.symantec.com/connect/forums/computer-mode-vs-user-mode-0
...as per above articles:
User mode:
The policies change, depending on which user is logged on to the client. The policy follows the user.