If those computers are mixed around in AD, you have a challenge. You could (with epo 4.5) get fancy with tagging and different policies, I'm about to play with that a little bit. Otherwise, you would need those computers in a different ad container then sync them back in that way in epo. I guess the standard way that i should mention is to just note those individual computers and create different policies for them, then break inheritance for them and give them a test or special policy. so, 3 options -1- different policies for each, -2- move computers in ad and have that policy correspond to policy in an epo container -3- epo 4.5 tagging a computer, use a query to set policies on that tag.
Thanks for the response. I've been talking to one of the server admins, and we've agreed that, since there aren't that many special groups needed, we'll create them in AD to keep the structure the same. Looks like that will work best for our setup.