Windows – Install and enforce a scheduled task across a Windows domain

We have a small domain of about 70 Windows computers (XP and 7). We want to schedule a command (an update mechanism) to run on all computers periodically, and we want the task to run regardless of the computer's connection to our network (i.e. the task should run even on a laptop that isn't connected to our VPN).

We have a Microsoft System Center Essentials 2010 server, so that might come in handy for this (we aren't sure exactly the extent of the capabilities that this provides).

The options I see are these:

• Do it completely manually. Install the scheduled task by hand or remotely using psexec (and the at command?) for each computer in our network. Enforce that newly imaged computers should have this task installed on them before deployed to the employee, or the task should be in the image. High initial cost (having to do this for each of 70 computers) but building it into the image might work… But there is some maintenance in making sure the task is added to everything. And I fear that a year or two down the road, we will have forgotten about it or gotten sloppy or had new IT employees who miss this step and some computers won't have the task.
• Having one of our servers run a script that loops through all computers and psexec's the command on each computer in the network — it would only run on running, connected computers, so this solution wouldn't work. I suspect SCE could do something like this too, but again this is not a good solution.

Neither of these are ideal, and I'm certain there is a better way to do it — right? What is the best way to accomplish this task?