I've got a domain-assigned GPO that I want every machine to get except a handful of machines. Those machines are in their own OU and only way I can differenciate them is with a specific program in Add/Remove Programs. Is it feasible to write a WMI Filter that will apply the GPO to only those machines with this program? How would that query look? Perhaps a sub-select query maybe?

this is the string that determines if what I'm looking for exists.

select * from Win32Reg_AddRemovePrograms where DisplayName like '%Virtualization%'