In SCCM for package deployments, there's an option to make the assignment mandatory and the schedule to be at logoff, and also options for only deploying packages when no user is logged on.
I'd like to deploy software updates in the same manner. I don't see the settings, so I'm assuming some hack workaround has to be used, and I'd like to know if anyone has done it, is doing this, or has an idea of what I can do for this to occur. I'm pretty versed in powershell, sccm, and c# so anything along those lines would be awesome. I'm using SCCM 2012 SP1 for reference.
Best Answer
After digging through SCCM's SDK Documentation, what I ended up doing was making the updates available but not mandatory. This populates a WMI class called CCM_SoftwareUpdate in the root/ccm/clientsdk namespace, see here. A simple query such as
will get you the updates that are available that haven't been installed yet. When updates have been installed, eventually they will be removed from this namespace, but it takes some time. If you have to stop and restart installing updates for some reason, it helps to filter out the updates that are partially installed. The msdn page has more info on the different compliance states and eval states. That array of updates is then passed to the InstallUpdates method of the CCM_SoftwareUpdatesManager class in the same namespace, and you can monitor the progress of the updates individually (which is why I chose to pass my updates to that method one by one instead of all at once. Passing them in all at once doesn't really do much beyond queuing them and installing them one by one anyway, from what I've seen).
I whipped up a quick and dirty gui in C# (You can view it here), which I set as a logoff script in group policy, so when it runs the users cannot ctl alt del out of it, or press buttons to close the window either. It's as close to the real thing as I could get (we have control over the login background so I made my app's background look the same for consistency).
The sad part is we probably won't adopt that solution b/c of the multitude of laptops in our environment. No one wants to shut down their laptop and take it home for the day only to have to wait an indeterminate amount of time installing updates, which will at that time seem like forever.