As Kyle stated set the Software Update Plug-In Policy to somewhere far in the future. Then build a task with a script starting aexpatchutil.exe /Xa /q. Make sure you set the timeout for the task high enough. We had to wrap a script around to kill the aexpatchutil.exe process as it sometimes gets stuck running.
This task you can put in a software delivery policy which you can schedule then as you want and add the jobs that need to run before and after. As it is a task it doesnt have a detection rule, so it will run immediatly.
One thing to consider is that this will only install the patches till it needs a reboot. Some patches depend on others and can only install after a reboot. One way would to be to have a fake software with a reboot commandline that has a detection rule on the rebootrequired key in the registry under altiris/patchmanagement.