This is my net-startup script that I use at work, that's been sanitized a bit for security reasons (server names and ip addresses have been removed using a script, so if you see a Symantec10.x.x.x. that's not what's in the production login script it's a product of the automated search and replace).

There's two main sections
1) tester: this checks for if various things are already present or not (usually a text file who's presense would indicate that that item has already been ran), but it could be anything from an executable to a directory.
2) The actual items, these are the commands that actually install the patches or programs, or put in new dns settings etc... After the item has been ran it will output to a log file that it has been ran along with the username, computername, and date and time and the item ran. At that point it goes back upto tester to see what else needs to be done if anything.

This is hearby in the public domain with no guarentees of support unless you provide my paycheck. Questions on this go to nccuss17 at hotmail.com