This script will run software updates only on machines that are logged out. This ensures you don’t reboot machines that are in use and don’t leave machines in an inconsistent state (by not rebooting after patching). This is not a perfect solution to patching but it’s better than nothing. You can even schedule this to run on a recurring basis.
Update: Added sleep command with random wait. This will help alleviate some load on your SUS and perhaps prevent a DOS attack. Thanks to rsaeks via Twitter.
Copy and paste the following into an Apple Remote Desktop (ARD) “Send Unix Command” window and send as root:
#!/bin/sh # Random number of seconds to wait # The more machines you use this with, the higher the number should be sleep `expr $RANDOM % 120` if who | grep console; then echo Machine is in use exit 1 fi COMMAND_LINE_INSTALL=1 softwareupdate -i -a shutdown -r now exit 0