Windows – Edit Windows Update GPO Via Command Line

I am trying to find a way to edit the group policy for Windows Updates programmatically. I have a local WSUS server to which I want to point new installs of windows. Ideally, I just want to have a script I can run which does this, rather than going into gpedit.msc > administrative tools > windows update > set intranet server.

I looked into editing the registry as an alternative, but i ran into a wall. First, the entries are different across different operating systems, which is not a showstopper but it is annoying. The main issue, though, is that on older OS configurations (like, windows XP) the server address would show up in a whole bunch of strange, unique places for each computer. For example:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2975F3DE-F18A-9CE1-A731-5E6723AC64FD}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate

Near as I can tell, there isn't a way to identify what the registry key name will be prior to installing, so i can't set the keys correctly. I'm also leery in general of doing this over the registry, because I'm not 100% confident this is the only change being made in the GPO (is there anything else going on behind the scenes?)

Update in response to comments

@Ben – I know this isn't the ideal way to use GPO, I'm more limited by the fact that I can't see any other way to specify my WSUS server without the registry issues, rather than a desire to use GPO. There isn't an active directory currently set up, so as far as I know I can't set a global GPO which everyone inherits, and I don't want to set one up if I can avoid it.

@Jason – There are two problems, first that this is only setting registry values, which I can already do in cmd, and second that I'm not 100% sure if all the computers we're using will have powershell installed. And, at that point, its a chicken and egg problem – older copy of XP needs WSUS, WSUS is where it gets Powershell, which it needs to set WSUS.

@Ryan – I don't think those are the only registry settings changed. At least in a Windows 7 Account, it changes the entries you noted in both HKLM and HKEY_USERS, afaict. But, setting just those values on a windows XP box didn't allow the computer to connect to the WSUS server, it just error'd out. I will retry, however.
Second edit: Just tried this on a blank XP SP3 machine, and it couldn't connect to the server by only setting the following:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v "WUServer" /t REG_SZ /d http://myserver

reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v "WUStatusServer" /t REG_SZ /d http://myserver

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU /v "UseWUServer" /t REG_DWORD /d 1