There are various ways of handling server and desktop computer patch management scenarios, some of which require no involvement from a IT perspective and others that will require a bit of work to put in to place. The hands off scenario is the method of controlling patch management that involves activating the setting within the operating system to download and install patches with out prompting the user to do so. The patch management process happens in the background as the user operates the computer, and will only prompt them if a reboot is necessary to complete the installation.
Other options will require server hardware and a development process to design and implement a server based patch management system that will handle the updates irrespective of the local settings of the built in patch management update program on a computer. One of the main benefits of putting the effort in to creating a patch management server is the ability to approve patches before they are distributed. In most cases, all patches will need to be distributed, but in rare cases a patch may cause a known issue with some applications and holding it back from deployment may be desirable.
Also of benefit are the tracking capabilities inherent to a patch management server solution. Whereas leaving updates to the computers themselves, a dedicated server will not only ensure that updates are being properly pushed, it will also log all actions and errors for your review, allowing issues to be brought to your attention before they precipitate a critical problem. Allowing computers to perform updates on their own lacks any accountability for the patch management process and leaves much of the security of the process to hope. When it comes to critical security measures, having a solid understanding of the state of your computers is the foundation of a secure desktop environment.