I have WSUS Build 22.214.171.12420 installed on a server on my work's network. Whenever I reformat a new PC or remove a PC from our domain and then re-add it, WSUS attaches itself to the machine within a few minutes of being on our domain. It grays out all the options under the Automatic Updates tab (right-click My Computer, Properties) so the user (or admin) cannot change the settings. Right now it defaults everyone's options under Automatic Updates to "Download updates for me, but let me choose when to install them". I would like to change this to "Notify me but don't automatically download or install them". I would also like to make it so that I could somehow choose what machines WSUS manages.
My main problem is with situations like below:
A user needs a laptop configured for them so I reformat and configure the laptop. I add the laptop to our domain and then reboot for the changes to take effect. After I reboot and log in, within a few minutes the yellow '!" shield appears in the task tray and then a message "New Updates are Available" appears above it. I right-click on My Computer, select Properties and then click the Automatic Updates tab and see that all of the options are now grayed out. Now if the user disconnects from our network and goes out of state because they are a remote VPN user, the update options are still all grayed out. The WSUS still has it's grip on the laptop and I'd like to remove it. The user can't recieve updates unless they connect through the VPN. If WSUS was off the laptop, they could update the PC using their home LAN connection and not have to be managed buy WSUS, many miles away.