At the company I used to work at, I ran Windows Server Update Services (WSUS), which is a better solution for a Domain environment. It would go and get all the updates, and I could control which were installed on client machines. The clients had a Group Policy set so that they got their updates from the WSUS server. Because I was managing mostly servers, I never let Service Packs go on automatically, but I could have when the time was right.

Basically, WSUS is the difference between 100 machines each getting their updates from Microsoft, or one machine that downloads each update once and distributes it to others in the domain. I bet SP3 and Vista SP1 are going to be pretty huge.