But realistically the clueless "normal" end users who should update automatically don't know about group policies and aren't going to use them, not even by mistake.
You'd be surprised. A user who is annoyed at their computer shutting off while they're gaming because they kept it on for a few days will Google. Find some instructions and blindly follows them. Then they forget about that because they went back to their game. Fast forward a few months and their computer is part of a botnet and we're all worse off.
^ Exactly. If you don't make it user friendly, especially Windows users will track down a user-unfriendly way to do whatever they feel they need to do. Now you've got end users playing in your registry and group policy, to accomplish a thing that should've been doable with a dropdown select.
I used to regularly see advice shared around that if you got an SSL warning in Chrome when trying to visit Facebook, to just type "DANGER" in the keyboard, and everything would work again. I believe Google changed the workaround after a while because it was never intended to be used as a way for people to dismiss critical warnings without any real understanding of the risks.