I am having a discussion with a co-worker on when/if we should be patching our templates. We use templates for the OS only, no applications are installed. We simply built the VM, ran MS updates, set a few settings to match our environment and shut the VM down. We converted the VM to template and then use it to deploy new servers (Windows 2012 R2). We did not join to the domain before converting to template, it's just a basic server. When we deploy from the template, we do not do a custom deploy. We bring the new VM up, set the IP address info, run patches then join to the domain. I believe that we should be routinely converting the templates back to VMs and running MS updates every 2 or 3 months. My co-worker claims that doing this is no different than creating a template from a template and we will have issues with SIDs and other items. I'm hoping someone here can help me understand what direction we should be going.
Thanks in advance.