How Do You Customize Your Policy?

As part of planning for our next release, we're interested in collecting some data on how you customize your security policy.  We're intereseted in as much information as you have to offer.  For instance, do you mainly add code groups to the machine level, or do you use the enterprise and user levels as well?  Generally are you just adding StrongNameMembershipConditions and PublisherMembershipConditions to grant higher trust to specific assemblies, or does your tinkering get more involved than that?  Is the main tool you use caspol, or do you use the .NET Framework Configuration tool in the Control Panel, or possibly even use your own tools?