We use Ninite Pro to keep applications like Chrome/Firefox/Flash/Adobe Reader/etc updated. If you haven't heard of it, feel free to jump over to Ninite.com to learn more. Ninite Pro is different from the free version because it allows you to audit currently installed applications, cache updates, create offline installers, and automate with simple scripts.
We decided that the best approach would be to use a Shutdown Script via Group Policy. Unfortunately, many laptops and some workstations are offline during our usual weekend update window.. For a computer that is fully patched, it only adds 4 seconds to the shutdown time. Computers requiring significant updates may take a long time to shutdown and subsequently we notified our users that slow shutdowns should be expected shortly after implementation.
The script is very simple, it runs the first instance of Ninite Pro and checks for %ERRORLEVEL% = 0 to indicate the updates were successful. If a program was unsuccessful in updating, it will loop back and run Ninite Pro a second time. In the source code below, the paths are highlighted that should be customized for your environment. For more information on Ninite Pro parameters, take a look at their Command-Line Switch Reference link.
REM Ninite Scheduled Updater
set /a COUNTER=1
@start /wait "" /D"\\path\to\ninite" NiniteOne.exe /allusers /disableautoupdate /disableshortcuts /select ".NET" ".NET 4" ".NET 4.5" ".NET 4.5.1" Air Audacity Chrome Firefox Flash "Flash (IE)" GIMP "Google Earth" iTunes Java "Java x64" "Java x64 6" Office QuickTime Reader Shockwave Silverlight /silent C:\windows\ninite-defaults.txt
if %ERRORLEVEL% == 0 goto END
set /a COUNTER+=1
IF %COUNTER% LEQ 3 goto NINITE