"Configure Automatic Updates" group policy setting not taking affect on PC

Are you using the GPMC?  If so, so go to Group Policy Results and see if the client is getting policy.  You can also do a GPresult on the client machine to see if the policy is getting applied.

No, I am not using GPMC, I'm just using the default group policy editor.  Also, I ran the GPresult command and it's not showing a policy for Windows Update.  The only "Applied Group Polciy Objects" that came back was the one I created for the screen saver policy under "User Settings".

Under "Computer Settings" in the GPresult output, only "Applied Group Polciy Objects" is the default domain policy.

Does the GPresult show the Group Policy Object not applied?  What are the permissions on that GPO you created?  

Are you getting 1030 events in the application log of the client?  
Are you getting 1704 events in the application log of the client?  This would imply that GPO's are applying properly.

Are you rebooting the clients or just having them logon/logoff or doing a GPupdate /force?  If it is a Computer Setting then that policy is only applied at reboot.

See GPresult output below:

Also, I rebooted the client machines and still no good.

I am not seeing 1704 events.

I AM seeing 1030 and 1058 events in the event log on the client.

The following users/groups have permissons to the GPO I created:

Authenticated Users, CREATED OWNER, Domain Admins, Enterprise Admins, ENTERPRISE DOMAIN CONTROLLERS, SYSTEM.

COMPUTER SETTINGS
------------------
    CN=DL026,OU=Computers,OU=Boston,DC=us,DC=corp,DC=sa
    Last time Group Policy was applied: 6/16/2006 at 1:06:53 PM
    Group Policy was applied from:      usbdcadc.us.corp.sa
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        DL026$
        Domain Computers

You need to add "domain computers" to the permissions group. The computer is not applying it because its member ship of "Domain Computers" is not listed with your applied group.

>The following users/groups have permissons to the GPO I created:
>
>Authenticated Users, CREATED OWNER, Domain Admins, Enterprise Admins, ENTERPRISE DOMAIN CONTROLLERS, >SYSTEM.

*Domain computers not listed in your posting.

That should have been covered by Authenticated Users as the machine account would be an authenticated user.  I think he has other issues because of the 1030 and 1058 errors.  

Authenticated user does not include workstations (in my testing and experience). Hence the word users. These update settings are (should) be applied via GPO to workstations not users. It's the same principle for publishing an application with GPO.

You can clearly see why his workstation is not getting the policy. There is no matching security groups from his applied permission list and the workstations membership list.

err, nvm! its late and im ready to go home. authenticated users is listed. The same principle still applies from pushing an application out, domain computers should be specified.

As a side note, I would highly recommend creating a new GPO for this, not piggybacking on the existing default domain policy.

Is this test workstation pre-SP1? If it is you will need to create a policy to update the client first.

Interesting.  I'm not sure what is different.  Everyone of my GPO's that are created via the GPMC all have only the Authenticated Users under the Security Filtering.   When I look at the permissions directly at the policy in the sysvol folder, there is no Domain Computers for any of my policies and I have lots of computer policies and don't seem to have GPO issues.

Even in his GPresult dump it says the computer is in the following group:

  The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users  <------
        DL026$
        Domain Computers


Weird, it's worth a shot.

Hang on a sec...

Your users will NOT be notified unless they are local Admins to their PCs.

Now, with respect to your Userenv errors - your DNS settings should only point to your DNS server, not the ISP.  Remove all ISP DNS entries from every NIC inside your LAN.  Set your DNS server Forwarder to the ISP.  This is the only place to enter the ISP info.

Let us know.

Oh, and Authenticated Users contains domain-joined workstation accounts.  I don't think it's a permission issue on the Policy.  There might be SYSVOL permission issues, but rather than mess with them let's illiminate the easy stuff.

I created a separete policy just for the windows updates.  This got me to the point that it would at least show up in gpresult.  However, it was showing up as "filter, not applied (empty).

I did some searching on google and came accross an experts exhange article (Q_21412022.html).  After reading this, I realized that I was creating the policy on my Users OU and not the Computers OU.

I re-created the policy on the computers OU and it's now applying.

Is this the right way to be applying group policy?

I've got all of my user objects in an OU called "Users" and all of my computer objects in an OU called "Computers".

Is the right thing to create the "windows update" GPO and apply it to the computers OU and create a "screen saver" GPO and apply it to the users OU?