This confirms that we're not getting values from policy, but rather from
local settings.
And... because the policy is not set, the client has no way to know it's
supposed to use a WSUS server, and thus ends up using Automatic Updates,
downloading from windowsupdate.microsoft.com, and waiting for the updates to
be installed.
Hmmm... a tutorial on Group Policy configuration and management is a bit
beyond the scope of this newsgroup, and it's a bit more complex than a
simple answer, but I'll try point you in the right direction.

First, it's going to require some orientation and familiarity with these
tools, available on your server.
- Active Directory Users and Computers
- Group Policy Management Console

Next best place to go is the WSUS Deployment Guide, starting with the
section "Determine a Method to Configure Automatic Updates Clients" on p58.
You can get the Deployment Guide at
http://www.microsoft.com/downloads/details.aspx?FamilyId=E99C9D13-63E0-41CE-A646-EB36F1D3E987&displaylang=en

No... WSUS gets "All Computers" from itself. "All Computers" is a rollup of
whatever is in "Unassigned Computers" along with whatever is in the rest of
the user-created target groups.

WSUS only gets computer information in one way. The client computer initiate
a detection and registers with the WSUS server by reporting its status.
Both..and then some more. First, understand that on SBS2003 you actually
have /two/ websites you need to be aware of for WSUS functionality.

The Default Web Site, on port 80, has the bare functionality necessary to
provide selfupdating capabilties for legacy AU clients. This consists of two
virtual directories, 'selfupdate' and 'clientwebservice' (technically,
'clientwebservice' is an application directory, but for our purposes the
moniker virtual directory will serve the purpose), and two files in the root
of the website: iuident.cab and wutrack.bin, which are copied from the
%programfiles%\update services\webservices\root folder into
C:\inetpub\wwwroot.

The second website is the WSUS virtual server, on port 8530, which is where
all of the functionality for WSUS is contained.

ALL virtual servers and ALL virtual directories must have anonymous access
permissions enabled /except/ the WSUSAdmin virtual directory, which should
only have "Integrated Authentication" enabled. (This is what ensure that
only admins can get to the WSUSAdmin site.)
'403' errors are quite often a sign that a proxy server is interfering.
Typically, if the client has connected to the web server, but is being
denied access because of permissions. I'm going to defer any more
information in this response, because I know you posted a message a couple
hours after this one, and it seems to indicate you're making good progress.
This is definitely part of the problem.
It needs to be added to both websites (Default Web Site /and/ WSUS
Administration)
/and/ it also needs to be added to all of the directories in each of those
two websites,
which includes 'selfupdate', 'clientwebservice', 'simpleauthwebservice',
'content' at a minimum for client functionality.

Do not add anonymous access to the virtual directory named 'WSUSAdmin'.

Winfried,

I am all set. I just did not wait long enough for all of the clients to
respond. One other question. I did notice that the updates downloaded to
the clients but did not install. I have the gpo set to run every day at
12:00 p.m. Does that mean that the updates will not install until that time.
This service was fully functional after noon today.

Thank you for your response.