Automatic Update service keeps stopping, change security descripto

All of our Windows XP computers have the following problem. After a system
restart, the Automatic Update service stops because of a problem with the
security descriptors. To “fix� it, we run the following command:

sc sdset wuauserv
DA;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLO CRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRP WPDTLOCRRC;;;PU)

And then start the Automatic Update service. It will remain in the started
state until one time when the machine is restarted, at which time the service
will fail when the machine comes up again. This appears to happen on every
XP machine in our environment. This does not affect the Windows 2000
machines.

Obviously the Automatic Update service is critical to ensure that each PC
receives patches in a timely manner. We utilize WSUS internally, but this
happens on machines that are set up to receive from the Internet Windows
Update site as well.

Some background info:

Event Log entry when the service fails

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 10/11/2006
Time: 3:07:28 PM
User: N/A
Computer: MYCOMPUTER
Description:
The Automatic Updates service terminated with the following error:
The class is configured to run as a security id different from the caller
Data:

Windows Update log

2006-10-11 15:07:22 1352 6e4 Misc =========== Logging initialized (build:
5.8.0.2607, tz: -0400) ===========
2006-10-11 15:07:22 1352 6e4 Misc = Process: C:\WINDOWS\System32\svchost.exe
2006-10-11 15:07:22 1352 6e4 Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2006-10-11 15:07:22 1352 6e4 Service *************
2006-10-11 15:07:22 1352 6e4 Service ** START ** Service: Service startup
2006-10-11 15:07:22 1352 6e4 Service *********
2006-10-11 15:07:25 1352 6e4 Agent * WU client version 5.8.0.2607
2006-10-11 15:07:25 1352 6e4 Agent * SusClientId =
'13f617ba-92e5-4999-bace-24430fc1c59c'
2006-10-11 15:07:25 1352 6e4 Agent * Base directory:
C:\WINDOWS\SoftwareDistribution
2006-10-11 15:07:26 1352 6e4 Agent * Access type: No proxy
2006-10-11 15:07:26 1352 6e4 Agent * Network state: Connected
2006-10-11 15:07:26 1352 6e4 Agent FATAL: Client call recorder fails to init
with error 0x80004015
2006-10-11 15:07:26 1352 6e4 Agent * FATAL: Failed to initialize with
error 0x80004015 from component Agent
2006-10-11 15:07:26 1352 6e4 Service FATAL: Failed to initialize WU client:
0x80004015
2006-10-11 15:07:26 1352 6e4 Service *********
2006-10-11 15:07:26 1352 6e4 Service ** END ** Service: Service exit
[Exit code = 0x80004015]
2006-10-11 15:07:26 1352 6e4 Service *************



What MS has to say that seems related:

http://support.microsoft.com/kb/555336

CAUSE
This reason for such behavior is, If you change the properties of the
Automatic Updates service (via Group Policy - Computer Configuration, Windows
Settings, Security Settings, System Services) to set it as Disabled or edited
the Access Control, ACL on Automatic Update Client (WUAUSERV) service.
__________________________________________________ ___

Any suggestions or advice would be appreciated. At this point we must run a
script on every XP machine to change the descriptors and restart the AU
service regularly.