This is what I do now:

Disclaimer: I don't consider my web sites, email etc. that are available from the public network to be mission critical...... We do no e-commerce and the hit rate for the sites will hardly have the phones ringing off the hook because people can't donate their $10......

So - if the machine faces the internet it get's auto-updated at 3:00 am daily regardless of the potential downing of the system. 3:00am is the time that the system state and daily backups have completed. In almost 2 years of doing this none of the machines have dropped - but then again I'm running pretty "plain jane" machines.

My reasoning: It's a whole lot easier to regenerate a server from scratch or from a backup because a patch blocking a hole messed it up than it is to carry out a forensic investigation to determine which of my other 650 machines got "jumped off" onto..... and if I miss something in that investigation.... I'm screwed and I don't even know it......

I would suggest that if your internet facing machines are not mission critical - ie: cost the company mucho dinero and you your job if they are down for more than a blink of an eye then you should probably use the auto-update right after a backup sequence daily too.

But that's just the way I do things.......

I noticed a few of you mentioning how long the updates can take, reading the article I got the impresssion that "critical" updates will not include such things as service packs etc. and that they will be being packaged with some new system that reduces them in size by 30-80%..... Now that can't be bad at all........