This script will run software updates only on machines that are logged out. This ensures you don’t reboot machines that are in use and don’t leave machines in an inconsistent state (by not rebooting after patching). This is not a perfect solution to patching but it’s better than nothing. You can even schedule this to run on a recurring basis.
Copy and paste the following into an Apple Remote Desktop (ARD) “Send Unix Command” window and send as root:
# Random number of seconds to wait
# The more machines you use this with, the higher the number should be
if who | grep console; then
echo Machine is in use
COMMAND_LINE_INSTALL=1 softwareupdate -i-a
shutdown -r now