sudo has a last match policy, NOT best match! So, if %wheel is allowed to execute everything as anybody with password, but you want a member of %wheel to execute a specific command without password, the rule for the password-less command has to be ordered after the general rule:
%wheel ALL=(ALL) ALL
wheelmember ALL=(ALL) NOPASSWD: /usr/bin/mycommand
It says so in man 5 sudoers:
When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
Nevertheless, it was counter-intuitive for me. I expected first or best match, but not last match… Another quirk: When using visudo “:w” won’t update the sudoers file. You have to “:wq”.