As the number of servers that I am responsible for managing increases, it becomes more difficult to ensure that they are all patched up to date.
As most of the machines I manage are SBS boxes I thought that it would be nice to put something together which behaves in much the same way as the SBS generated e-mail alerts.
So, the result is a script which sends e-mail notifications to a specified address and gives details of which patches are available to be installed. The administrator can choose which of the four patch levels will trigger an e-mail alert (Critical, Important, Moderate & Low).
If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.
The script is then run as a scheduled task every evening and I can quickly see if I have anything to action. The report includes links to the relevant KB articles and further information made available by Microsoft.
The script only takes a couple of minutes to setup as there are only six settings at the top of the file…
Setting any of the following to 1 will generate trigger alerts for that particular update severity:
- EmailFrom – Specifies the e-mail address the report will be sent from.
- EmailTo – Specifies the e-mail address to send the reports to.
As shown above I have been running with AlertCritical/AlertImportant set to 1 and the other two set to 0.
So, if you want to receive email alerts all you need to do is download this Zip file, extract the contents to a folder on your server and then edit the variables at the top of the script. To perform a test run go into a command prompt and change directory to the location where you extracted the script and run:
With any luck you should get an e-mail soon after with the results. If you find that it is not generating you an e-mail as expected, one reason may be that there are no patches available to install. Bear in mind that not all items from Windows update will appear. For example “Internet Explorer 7″ is not a patch and therefore will not be listed.
Running the script interactively as above will take a few moments while Windows Update(or WSUS if you have it installed) are checked for new updates.
Once you have completed a successful test you can go ahead and setup a scheduled task. Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:
Also worth a mention that I have used this on standard(non-sbs) Windows servers and it works well.
Perhaps if enough people use this script, it will actually save as much time as it took to make it, but I doubt it.