You are looking for Windows Server Update Services (WSUS). It is a feature of Server 2000 and up. Install the feature from Add/Remove components on your 2003 DC, and set the GPO for the computers. The GPO is in Computer Configuration -> Addministrative Templates -> Windows Components -> Windows Update -> Configure Automatic Updates.
start <a href=”http://technet.microsoft.com/en-us/wsus/default.aspx”>here</a>
another good resource <a href=”http://www.wsus.info/index.php?s=326933fdaca5822293a154009db44d56&act=idx”>here</a>
and <a href=”http://technet.microsoft.com/en-us/library/cc720507(WS.10).aspx”>here</a>
you will also want to disable the current GP and create a new one pointing to the WSUS server. I strongly recommend a separate policy for workstation (this one automatically installs the updates) and one for servers (manually install after testing). Best practices are in the guidle=ines supplied by Microsoft, and you can check the other resources cited as well.
Another good resource is <a href=”http://PatchManagement.org”>here</a> and <a href=”mailto:Patch Management Mailing List digest “>here</a> put subscribe in the subject line,