Is .NET upgraded as part of Windows Update?
Wikipedia provides short and long lists of the default versions of the .NET framework on various versions of Windows. Are any of these upgraded automatically through Windows Update?
I understand that Windows XP does not provide any version of the .NET framework, even in SP3, and that Windows Update will not install it. However, if .NET is installed, will Windows Update ever automatically update .NET to another major version number (say version 1 → 2 or 3 → 3.5)?
Minor bugfix updates are pushed out automatically.
Major version updates to the CLR (nothing → 1.0, 1.0 → 1.1, 1.1 → 2 (which includes 3 and 3.5), 2 → 4) are available as optional updates. You can go in and select them in Windows Update, but they are not installed by default.
I am trying to determine the minimum version of .NET is that I can expect to find on client machines
As Raymond Chen points out, Windows is not a .NET Framework delivery channel. At a minimum, you can expect no .NET Framework.
If you're developing a program that uses the .NET Framework, you have to have a backup plan if the version of the .NET Framework you need is not installed on the computer.
...
Windows XP didn't come with any version of the .NET Framework. Windows Vista came with version 2, and Windows 7 came with version 3.5, but these were provided as optional components which were installed by default. You can go into the Programs and Features control panel to remove them.
Emphasis mine :)
Windows Update will always supply security updates and service packs for installed .NET Frameworks. This is particularly true for versions of the .NET Framework which are automatically installed on more recent versions of the operating system (Vista and 7).
If you configure Windows Update to use Microsoft Update instead of just Windows Update in Windows XP, or, if you're using Vista or 7 if you configure Windows Update to receive updates "For Windows and other products from Microsoft Update" then the .NET Frameworks which are not installed will be offered under "Optional Updates".
I always have Windows Update configured for Microsoft Updates (this allows you to get updates for Office, for example) so I'm not sure if you must be in the MU channel for non-security updates to the .NET Frameworks. Non-security updates are, unsurprisingly, listed simply as "Updates" rather than "Security updates".
As far as I know, there is no fixed rule about .NET versions, and there is no way to find out which version to expect on a client machine.
The minimal version number to expect can be the one that was installed with Windows by default: None for Windows XP, 2 for Windows Vista, and 3.5 for Windows 7. But these are optional components which can be uninstalled.
As a recent example, take .NET 4:
.NET Framework 4 Client Profile is released as a recommended update on Windows Vista and Windows 7 (automatically installed depending on the Automatic Update settings of the computer). Also released as an optional update for Windows XP, so one has to manually run Windows Update and select it, and the same goes for Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.
Conclusion: There are no rules, and the results vary for each .NET version and then again for each Windows flavor. Better not look for any persistent logic in the decisions of the Windows Update team at Microsoft, and expect anything and nothing on the client computer.
All major versions of the .NET framework can be installed concurrently, so even if it did update from 2.0 to a new version (which it will offer to do on a Server 2008 server), any existing 2.0 applications will continue running without issue. This should not break any existing software using older versions.
All the bits get their own folders in c:\windows\microsoft.net\frames\vVERSION
Source: I work with software that requires all 4 major .NET versions.