Windows update automatic e-mail notification
ByAs the number of servers that I am responsible for managing increases, it becomes more difficult to ensure that they are all patched up to date.
As most of the machines I manage are SBS boxes I thought that it would be nice to put something together which behaves in much the same way as the SBS generated e-mail alerts.
So, the result is a script which sends e-mail notifications to a specified address and gives details of which patches are available to be installed. The administrator can choose which of the four patch levels will trigger an e-mail alert (Critical, Important, Moderate & Low).
If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.
The script is then run as a scheduled task every evening and I can quickly see if I have anything to action. The report includes links to the relevant KB articles and further information made available by Microsoft.
The script only takes a couple of minutes to setup as there are only six settings at the top of the file…
Setting any of the following to 1 will generate trigger alerts for that particular update severity:
- AlertCritical
- AlertImportant
- AlertModerate
- AlertLow
- EmailFrom – Specifies the e-mail address the report will be sent from.
- EmailTo – Specifies the e-mail address to send the reports to.
As shown above I have been running with AlertCritical/AlertImportant set to 1 and the other two set to 0.
So, if you want to receive email alerts all you need to do is download this Zip file, extract the contents to a folder on your server and then edit the variables at the top of the script. To perform a test run go into a command prompt and change directory to the location where you extracted the script and run:
cscript winupdates.vbs
With any luck you should get an e-mail soon after with the results. If you find that it is not generating you an e-mail as expected, one reason may be that there are no patches available to install. Bear in mind that not all items from Windows update will appear. For example “Internet Explorer 7″ is not a patch and therefore will not be listed.
Running the script interactively as above will take a few moments while Windows Update(or WSUS if you have it installed) are checked for new updates.
Once you have completed a successful test you can go ahead and setup a scheduled task. Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:
C:\WINDOWS\system32\cscript.exe c:\scripts\winupdates.vbs
Also worth a mention that I have used this on standard(non-sbs) Windows servers and it works well.
Perhaps if enough people use this script, it will actually save as much time as it took to make it, but I doubt it. 
Hi Paul,
Tried using this but the script would either give no output (even though there were needed updates on the server) or would give this following error even though I entered in my sendfrom and sendto email addresses correctly:
c:\scripts\winupdates.vbs(60, 4) CDO.Message.1: The “SendUsing” configuration value is invalid.
Any ideas? I tried on both Server 2003 R2 and Server 2000 SP4. WSUS is configured via GPO on these servers and is able to push out updates, so the update query to my WSUS 3 server appears to be working fine.
Ok, I figured it out. The VBScript you have assumes there is a local smtp server to send out the notification. If your using a remote SMTP server, then insert this code in the section that specifies the message objects (objMessage.Subject, etc):
‘==This section provides the configuration information for the remote SMTP server.
‘==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2
‘Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “smtp.myserver.com”
‘Server port (typically 25)
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25
objMessage.Configuration.Fields.Update
‘==End remote SMTP server configuration section==
objMessage.Send
Thanks Andy, I will add this into the default script.
Can you publish the completed script using a remote SMTP server?
I have updated the script to include support for remote SMTP servers.
Edit the variables at the top of the script to specify a server. Could be extended for SMTP auth as well.
Very nice feature.
I have tested it on Windows Server 2008 as well, and it seems to work OK. I’ll asume this will be the same on Vista
Paulie,
When you say “could be extended for SMTP auth as well,” what does it take to use, say, Gmail to send? I don’t see a variable for username and password for SMTP auth.
Paulie, this sounds like a very handy script! I am not script junkie though and I am not sure how to add SMTP authentication so that the server can send e-mail. Would you mind pasting in the code or updating the zip with that?
I would lovvve to be able to use this to keep on top of updates on all my servers, but without SMTP authentication, I can’t send e-mail!
Thanks soo much. I hope you, or someone still checks out this post.
for those who need SMTP authentication …
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendusername”) = RemoteSMTPUser
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendpassword”) = RemoteSMTPPass
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate”) = 1
by the way: … great script *thumbs up*
Gagget,
Thank you for useful addition. Veru useful. Glad you find script useful.
Is there anyway that we could add a listing of the machine’s IP address in the header along beside the computer name?
Have been tinkering with it, but no luck thus far.
Should be pretty easy using something like this:
http://www.codeproject.com/KB/vbscript/ipaddress.aspx
Give it a try, if you get stuck I will post an example.
Is there anyway to modify this so it wont alert you about hidden updates?
I am trying to get this work with gmail. Would it be possible to provide a working example I could use?