Running a patch management server is a fairly standard practice for most large scale networks. The importance of having updated patches is critical in production environments, as the risk of compromise due to insecure software is too great to allow machines to run amok with outdated software. A patch management server can help remove the chance of a computer being used with an outdated patch level and becoming a risk not only to itself, but to other computers connected to the network.
A patch management server uses administrator rights to access and enforce policies on client and server computers under its control. The server will override any changes made by an end user to the patch management policies on their system in favor of its own, forcing updates as they become available and are released by the system administrator in control of the patch management solution. Those patches will not only be forced down to client computers, the record of the update will also be centrally managed by the patch management server application to allow the admin to view the results of an update to determine if there is any need for attention on a computer that failed to take an update.
Not using a patch management solution leaves too much to chance. Computers that do not have all the known and fixable security holes closed present the potential for loss of business either by stopped production due to down time to repair a hacked computer, or even the possibility of proprietary and sensitive business information. It may be true that patch management can be handled by the operating system itself on most computers, but what it lacks is accountability and control over what and when a certain patch is deployed and is therefor not considered to be of enterprise level control and management of the process.