In regards to what mdsindzeleta said - going about this programatically probably isn't the best solution. I would use the features built into Windows XP to download and install updates. I'm assuming that Vista has similar features.

I believe Windows updates are downloaded using the BITS service. You could use Bitsadmin.exe found in the Windows Support Tools. From the command line you can run bitsadmin.exe /list and you can see the status of BITS jobs. (i.e. download progress, job name, job status)

You could use WUApiLib:

UpdateSessionClass session = new UpdateSessionClass();

IUpdateSearcher search = session.CreateUpdateSearcher();

ISearchResult result = search.Search("IsInstalled=0 and IsPresent=0 and Type='Software'");

int numberOfUpdates = result.Updates.Count - 1;

Log.Debug("Found " + numberOfUpdates.ToString() + " updates");

UpdateCollection updateCollection = new UpdateCollection();

for (int i = 0; i < numberOfUpdates; i++)
{
    IUpdate update = result.Updates[i];

    if (update.EulaAccepted == false)
    {
        update.AcceptEula();
    }

    updateCollection.Add(update);
}

if (numberOfUpdates > 0)
{
    UpdateCollection downloadCollection = new UpdateCollection();

    for (int i = 0; i < updateCollection.Count; i++)
    {
        downloadCollection.Add(updateCollection[i]);
    }

    UpdateDownloader downloader = session.CreateUpdateDownloader();

    downloader.Updates =  downloadCollection;

    IDownloadResult dlResult = downloader.Download();

    if (dlResult.ResultCode == OperationResultCode.orcSucceeded)
    {
        for (int i = 0; i < downloadCollection.Count; i++)
        {
            Log.Debug(string.Format("Downloaded {0} with a result of {1}", downloadCollection[i].Title, dlResult.GetUpdateResult(i).ResultCode));
        }

        UpdateCollection installCollection = new UpdateCollection();

        for (int i = 0; i < updateCollection.Count; i++)
        {
            if (downloadCollection[i].IsDownloaded)
            {
                installCollection.Add(downloadCollection[i]);
            }
        }

        UpdateInstaller installer = session.CreateUpdateInstaller() as UpdateInstaller;

        installer.Updates = installCollection;

        IInstallationResult iresult = installer.Install();

        if (iresult.ResultCode == OperationResultCode.orcSucceeded)
        {
            updated = installCollection.Count.ToString() + " updates installed";

            for (int i = 0; i < installCollection.Count; i++)
            {
                Log.Debug(string.Format("Installed {0} with a result of {1}", installCollection[i].Title, iresult.GetUpdateResult(i).ResultCode));
            }

            if (iresult.RebootRequired == true)
            {
                ManagementClass mcWin32 = new ManagementClass("Win32_OperatingSystem");

                foreach (ManagementObject shutdown in mcWin32.GetInstances())
                {
                    shutdown.Scope.Options.EnablePrivileges = true;
                    shutdown.InvokeMethod("Reboot", null);
                }
            }
        }

Windows SUS works very well for several machines on a network.

In the end, Windows SUS wasn't an option, so I'm using the following in a batch file conjunction with ActiveState ActivePerl (recommended):

perl -nle "print $_ if m/updates detected/i" < c:\Windows\WindowsUpdate.log

This might be crude or dirty, and might break in future, but it currently does what I need.

Thanks for all the ideas.

The "easiest" way to tell is to setup Windows Updates to occur nightly and download the updates if available which then puts the update shield icon in the system tray. Just glance at the tray to see if the icon is present.

You could also setup Windows to check nightly for the updates, then download and install them at a specified time.