Steve Pruitt at myITforum.com

Many people have come up with different settings for DSUW, based on their environment and personal preferences. Here are the settings I chose, with the reasons. The ITMU scanner is always run prior to running the updates, with the advertisement set to download and run to assure the latest data is in vpcache.

Interactive Updates - User schedulable, includes reboot

• Each patch has Authorized on 12:01 AM on Patch Wednesday.
  This makes it easy to allow postponing until midnight of a particular day, and prevents confusing 12 noon with 12 midnight (which is AM, which is PM?). Testing begins on Wednesday, and all deployments use the same package. We just change the postponement time in the package command line to the proper number of hours.
• Collect client inventory immediately
  This provides faster reporting of patch status after the updates have run.
• Postpone restart for servers
  This allows restarts for workstations if the updates require.
• check Close running programs and discard unsaved data
  If we reboot, we mean it. If a user didn't log off and has files open, data will be lost.
• Uncheck Perform unattended installation
  That option is appropriate for silent updates. If present accidentally for interactive updates it causes the update to run immediately with no option for postponement.
• Countdown: 30 minutes
  We chose this because if a machine (especially a laptop) doesn't have patches run before the deadline, they will run shortly after the machine is online. We want to provide a little flexibility for users in this situation. This means the updates actually run at 30 minutes after the deadline or scheduled postponement time, and reboot 30 minutes after updates are completed in that situation.
• After countdown: postpone installation
  This allows users to postpone the updates and reboots.
• Maximum run time: 60 minutes
  This is arbitrary, and depends on the machine speed, etc.
• Check Notify users about update activity
  This is required to have the balloon appear.
• Allow users to postpone for 2 days [or as desired]
• From time authorized
  This forces a consistent deadline of x hours/days after the time authorized set in the individual updates, based on local time at the PC. This is what makes the deadline be expired, and patches applied immediately, on machines that were offline during the patching deadline.
• When at least one update has reached a deadline install all updates
  Why would you apply just some?

Silent Updates, no reboot

We use this for baseline patching. The baseline package contains non-superseded updates from prior months. This is intended to catch machines that have software or updates installed that require reapplying past updates.

• Each patch has Authorized on 12:01 AM on Patch Wednesday.
  This makes it easy to allow postponing until midnight of a particular day, and prevents confusing 12 noon with 12 midnight (which is AM, which is PM?). Testing begins on Wednesday, and all deployments use the same package. We just change the postponement time in the package command line to the proper number of hours.
• Collect client inventory immediately
  This provides faster reporting of patch status after the updates have run.
• Postpone restart for None
  This does not allow restarts for any computers.
• Check Perform unattended installation
  Causes updates to run immediately after advertisement is available. 
• Uncheck Notify users about update activity
  We want this to be silent, no balloon. 

These settings won't work for everyone, but they have been very effective for us.