Your mention of a “manual group” and “site subscription” is confusing the issue.
Create an automatic group with the following relevance:
windows of operating system
AND
exists values whose(TRUE = it as string as trimmed string as boolean) of settings "Custom_Patching" of client
Then you target windows patching baselines at this group. You have a task that can be an offer or could be something the distributed IT run that sets that client setting.
DO NOT USE manual groups. They are a bad idea. NEVER USE THEM.
The task you run to add the client setting to opt clients into patching is the following:
Relevance:
not exists values whose(TRUE = it as string as trimmed string as boolean) of settings "Custom_Patching" of client
Actionscript:
setting "Custom_Patching"="TRUE" on "{now}" for client
You can use this same task to opt-in any client to patching regardless of OS. You just create a different automatic group to contain all of the clients of the other OSes that also have this setting.
In general, it is probably not a good idea to use Client Settings for tons and tons of stuff, but it is one of the best ways to store some info that is completely cross platform.
Opt-ing clients into patching is a perfect example of the use of a custom client setting.