my company develops and uses proprietary software to roll out security updates and everything else.
it was buggy and sucked at first, but now it works extremely well... does windows updates twice a month unless something is critical, rolls out it's own security updates from time to time. if you're update client is 2 revisions out of date, you can't login to the network. it's actually considered a hardened OS.