1. Run Windows Update in a Network logon script or run it using the schedular
The only problem i see with approach #1 is the chance that one of the updates might break some app. happens all the time. If you have 300 machines hopefully you have a test enviroment to check these things out before pushing them out using sms or what have you.. Then you have the problem of testing these patches in a timely fashion before the exploit or problem they fix hits your enviroment. Vicious evil circle.
Slashdot Mirror
The only problem i see with approach #1 is the chance that one of the updates might break some app. happens all the time. If you have 300 machines hopefully you have a test enviroment to check these things out before pushing them out using sms or what have you..
Then you have the problem of testing these patches in a timely fashion before the exploit or problem they fix hits your enviroment.
Vicious evil circle.