Andy is right, but creates some dependencies, that might also cause the package installation to fail.
What happens if someone doesn't check to install the patch in the policy?
What happens if someone forgets to "fix" the download location in the policy?
I like my software "standalone". No admin can forget settings, or needs to read a documentation ... just call install.cmd.
Yes, you have to care for the errors in the install.cmd yourself... you probably have to anyway.
Both solutions will work ... your choice.