Should be as simple as having the ACL for the update server higher
than the proxy_auth ACL. This is all from memory so no promises at
all... :)

acl update_server dst 192.168.1.50/255.255.255.0 # Software Update Server
acl my_subnet src 192.168.1.0/255.255.255.0 # Local Subnet
acl admin_computers src 192.168.1.101/255.255.255.0 # Admin computer 1
acl admin_computers src 192.168.1.102/255.255.255.0 # Admin computer 2
acl admin_computers src 192.168.1.103/255.255.255.0 # Admin computer 3

# http_access allow my_subnet
http_access allow update_server # Allow unauthenticated access to the
update server.
http_access allow admin_computerse # Admin computers don't need proxy
authentication.
http_access allow proxy_auth # Allow authenticated proxy users.
http_access deny all # Deny everything else.

-- 
Andrew S. Zbikowski | http://andy.zibnet.us
SELECT * FROM users WHERE clue >0;
0 rows returned