What WSUS are you using? And what the hell are you replacing it with for patch management across a few hundred windows PCs? It takes me only a matter of a half hour a week to handle and check up on patches and updates.
WSUS is a free application for deploying and controlling patches that would normally be handled via automatic updates. Automatic updates still downloads and installs but it pulls from WSUS instead of directly from MS. You can deny patches when there are issues or conflicts and you can see where problems are. You must be thinking of something entirely different or you don't know what the hell you are doing.
I avoided mentioning more detail as I didn't want to see my post modded down for vendor spam.
I work for a company whose Windows patch management component leverages the Microsoft update API without needing a WSUS server, while providing the same patch approval/deny policy controls and using the same online MS patch database. Remote sites get their patches either from MS directly or from a local file share cache. No VPN connection required, our agent takes care of everything with an encrypted outbound connection to a central server. For those against agents, I can personally vouch for it's rock solid stability and minimal resource usage (no
Our customers range in size from companies who manage a hundred machines to 15,000.... all from one server. Most are service providers managing hundreds to thousands of Windows or Macintosh desktops/servers/laptops across remote sites. Linux agent is in beta
Finally, www.kaseya.com if you're interested.
I can't say it will match the price point of WSUS but if you're managing hundreds to thousands of machines, it is worth a look. Patch management is only one of over a dozen major features (e.g. Monitoring, Remote control, ITIL-aligned Service Desk, Audit, etc).