We want to prevent our servers from rebooting after an update is automatically applied, as this has happened in the past and one server sat on a "press F1 to continue" screen.
I think if we create an OU that has our server computers, and apply a GPO to that OU, we can prevent the servers from taking updates and also prevent rebooting. Please advise.
You can put both servers in an OU and apply a GPO to that OU that prevents automatic installation of updates (and the subsequent reboot) or, alternatively, you can leave the servers where they are in the AD, create a security group and make the server computers members, then apply a GPO at the root of the domain filtered by the security group you created such that only the members of that group can apply the policy.
Either way will work. I generally have all my server computers below a single OU (with the exception of Domain Controller computers) and just have a "Member Servers and Domain Controllers" GPO that includes this kind of setting linked at both the "Domain Controllers" OU and the top-level OU of the hierarchy of OUs that contain the member server computers. (I almost never allow server computers to apply updates and reboot on their own.)