I agree that letting microsoft doing the updates even with P2P isn't perfect, and for some people it doesn't work as intended (damn m$ randomness), the method i described work for me but may not for others.
Hence why i listed other solutions like :
http://www.portableupdate.com/You prepare the offline bundle of update you want, and you can deploy it through all your hardware with just a copy of one folder and you can even script the portableupdate exe to be silent and apply update using the windows update engine as if it was done by the internet service, it's a great tool. And you can safely disable the normal windows update from the GPO (or registry but it's the same as touching the GPO's) to not be annoyed by any unwanted update time.
Cheers.