"So to turn off the updates altogether, makes it MANUAL"
I would consider "manual" updates to mean the "check automatically but ask me whether I want to download and install" setting. This is what I use. A visit to "control panel"-->"windows update" late each tuesday night or early each wednesday morning lets me see what is available, I also visit "windows update" whenever I see the yellow text in the bottom right corner of the screen just before I log in.
If a user knows to (on a weekly schedule and whenever they see that yellow text) go to "windows update" in "control panel"(don't go to "pc settings" I don't think you get the full list or options there), thick those saying "Security Update for ...", ignore the rest, and ensure never to install any of the updates on a certain blacklist they should be fine. I cannot think of a simpler way than this, because if you turn updates any further "off" than "check automatically but ask me whether I want to download and install" then the checking might be a bit trickier.
You are making sense, I think. If you are proposing what I describe in my second paragraph (If a user knows to...) of this post then it makes perfect sense, if you are proposing turning updates off entirely and encouraging the user to run a manual check every tuesday/wednesday (instead of letting checking be automatic) I think this might be a little more effort for them, but in principle it makes sense. As long as the download and installation is manual (checking can be automatic or it could be done manually on a weekly basis also I suppose, but this would be more effort) then enforcing a blacklist and a principle of "only the security ones, forget the rest" is fairly simple.
The only other way your post could be interpreted is if you are sayging you want to put updates so they only check when commanded to, and you intend to regularly contact certain clients and tell them "check your updates today, tick those saying security, untick the rest", this would be a lot of effort for you, and it's key problem is that your clients might be quite a while behind on their security updates (where with automatic checking and a weekly schedule to look in "windows update" on wednesday morning they would only be a day or so behind).
In an ideal world a user would check the descriptions for each of "the rest" and evaluate their necessity or lack of necessity individually for each update, but for "not computer people" just going by whether the update says "Security..." at the start of it's name is ok.
You say " For some, I can say "if it doesn't say 'security update', don't install it" " that is the best you can do, it combines ensuring they get security updates with ensuring they don't get nasty updates and ensuring they get security updates regularly. For users who cannot manage this I would be unsure how to suggest you advise them, perhaps show them through this step by step, write it down on paper (maybe even with screenshots if necessary) and hang it off the side of their screen. You could, yourself, put a scheduled task on their computer which would, first thing every wednesday morning, give them a little pop-up message saying "time to deal with updates, see how on the page hanging from the side of your screen".
P.S. I hope your users have their browser/plugins/antivirus all set to update fully automatically, these days we can't trust windows updates to take care of themselves but programs should be left to do their thing as they choose, they can all run automatically without problems.
Edited by rp88, 22 August 2015 - 10:06 AM.
Back on this site, for a while anyway, been so busy the last year.
My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB