Probably the second most common question I get from people starting to use XP Embedded is "Why can't I update my Embedded runtime directly from the Windows Update web site?" (the first question I get is "Are you Windows CE?" <grin>). Here are some of the reasons I respond with.
Windows Update has no knowledge of Embedded as an OS platform, therefore there is no built-in logic to assess what features (and files) are present on the runtime. This means that Windows Update would blindly push down all security updates that were not already present on the runtime, whether they were appropriate or not. There are a number of reasons why this is a scary scenario:
Windows update packages include a payload that contains previous versions of files, which facilitates "roll-back" to a previous version of a file if the updated one causes a problem. This has footprint implications, because the install packages may be bigger than desired on an Embedded device. Also, XP Embedded does not support Add/Remove, so it would not support rolling back to a previous version.
XP Embedded does not have Windows File Protection. This means there is nothing to prevent the updated version of a file from overwriting the original one and causing other applications and features to break because of versions incompatibility.
Applying unnecessary updates to the device could cause it to run out of disk or memory space and to crash- having your Embedded device "blue-screen" in the field is not on any customer's wish list.
Ultimately the owner of the image would lose all control of that image, and not be able to reliably see what state it was in.
Some people may ask why Windows Embedded Point of Service devices, which are built on top of XP Embedded, can support servicing through Windows Update. This is because WEPOS is a "known" configuration, in other words it is a fixed platform with known features that do not change significantly. This means that when feature updates are being labeled for the Operating Systems they are applicable to it is possible to easily identify if they are appropriate for WEPOS or not because the same features are always guaranteed to be on the system. Obviously an XP Embedded image could an infinite combinations of features in any image.
So what are the options for servicing XPe? For small footprint devices or ones not in a large enterprise environment Device Update Agent may be the way to go. For deployments in larger connected environments both WSUS ands SMS can be used. In the case of SMS, updates are downloaded from Windows Update to the SMS server and then the IT Administrator decides which updates are appropriate for the Embedded devices s\he has connected to their network and would make only those updates available for pull down by the SMS client on the Embedded device.