@sigit FOG is a one to many bare metal imaging solution. I don’t think that fits your requirements about updates and patches. PDQ Deploy and Inventory might be a good fit for that bit. FOG does have a snap in function (application deployment) that can be connected to image deployment, but its not really a stand alone solution.
With inventory it can scan for installed software and then you can create policies and have pdq deploy enforce those policies.
Also you could look into chocolatey https://chocolatey.org/ for patch/ application deployment if you wanted to stay in the FOSS user space.
In any case for a non-domain environment you will need to have a consistent admin user account across all non-domain computers for the above solutions.