Configure automatic updating group policy settings
One major monkey-wrench in all of this is Forefront Client Security (FCS) 2007.
FCS uses WSUS to push out its updates and definitions.
If there are, it will display its own notification (shown below) in addition to the Config Mgr notification.
The only difference I could see between XP and 7 is the ability in 7 to dismiss the notification set it to remind the user at a later time.
One thing to note is that setting the Configure Automatic Updates policy to Disabled does not disable the Windows Update service in Windows 7 or the Automatic Updates service in XP (these are the WUA service itself, just different names in the different versions of Windows).
It merely disables automatic functionality of the WUA including scanning.
The key word in the statement is “automatically”; with Config Mgr in the mix, the WUA doesn’t automatically do anything.
Additionally, because definition updates should happen without any user intervention you should also set a handful of other Windows Update related policies according to FCS recommendations.
As notes earlier though, these settings have no impact on the software updates functionality Config Mgr though.
It’s not that it can’t do work automatically, it’s that the WSUS server itself does not have any updates for it so it effectively does no work — recall once again that all updates are delivered via the software distribution mechanism in Config Mgr and not WSUS.
When Config Mgr wants to do anything related to software updates, it directly controls the WUA to achieve the desired result: this includes update scans, re-evaluations, and installation.