One essentially to each cover:
- All your production systems
- All your production systems minus the 65 devices.
... the 65 devices can be excluded by including a "AND COMPUTER NAME NOT = 'Device_1'" through to Device_65 (tip - use the "Multi-insert" option to add up to 50 devices at a time).
... If that department has a single identifier for themselves / those devices, it can be even easier. Add a piece of custom data to those boxes and just include a
... AND "Custom Data - My Tag - Special Status" != "I am Special"
There's all sorts of ways of skinning this particular cat. But the above two are two fairly simple ways to approach this.
Does that help?
It's also important to know how you currently patch.
Are you using autofix by scope? Then in that case you would just need a new scope that doesn't include them.
We don't have an exclude list per se.
You could maintain seperate settings so that autofix was turned off on specific systems that at times (would have to be fairly regular to be worth it) can not be patched, then have a process to patch them. (pretty simple thing to get around)
Essentially you just have to think of it as a list of what to include, and there isn't any way to exclude, you just don't include, if that makes sense.
It all comes down to what process you use though to get into more specifics.