Here's the scenario:
We host our software on our servers. It's a web and SQL app with a small client that gets downloaded to the local user. The former developers never never ran windows updates because they were worried their code would break.
Now we want to get our Windows servers up to speed with patches and SP's etc. I put WSUS on a server and want to push the patches out in a limited way so that when we go code complete in one phase we can have all the same patches limited as we go through the stages. Each phase (Dev --> QA --> Staging --> Production) has its domain, so I can't really use a GPO to push out the WSUS updates. That means going the regedit path.
Basically I want the servers to download, but not install from the WSUS server, and just have the shield icon in the system tray for when we do the build for that stage. Then we also install the updates and reboot.
This is what I have for the registry so far.
Windows Registry Editor Version 5.00
I'm looking to get it to that downloaded, waiting to install mode.