On SEP 12.1, a simple script calling "sepliveupdate.exe" will cause an unmanaged client to attempt to update its definitions.
On SEP11, it's "LUALL.exe".
Both will call the LiveUpdate processm which will then contact whatever you've preconfigured as the update source (Symantec by default, but can be pointed at internal LUA Servers).
http://www.symantec.com/docs/TECH123388
http://www.symantec.com/docs/TECH166129