On "Computer Selection Rules" we have the ability to filter Active Directory computer by many option and one is to "Only include computer that are a member of Active Directory Group". On the current version this option is available, so this means Patch Manager can evaluate computer group membership.
In our case, we need just the opposite!!! Let me explain... We have a security group named "g_VPNComputers" were we group all computers to which users, via VPN, can Remote Desktop to. This security group is used to apply specific Group Policies (Ex: Activate Remote Desktop, set Firewall rules, set Local Group Membership, etc.). Those computers must remain powered-on so users, accessing our network from VPN can Remote Desktop to. Our current update and patch policy is to WOL all workstations on "non business hours", schedule update installs to that time window and after shutdown all systems (only workstations). The exception to this rule is "g_VPNComputers"!!!
It would be nice to have the ability, on Patch Manager rules to exclude computers based on Group Membership. This would allow us to use the current existing groups, instead of creating new groups just to do the opposite of the existing ones!!! (Selecting a few computers as members of g_VPNComputers is a lot different tha selecting a bunch of them as Not g_VPNComputers!!!! Had to script this one...)