• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Tachytelic.net

  • Get in Touch
  • About Me

Windows update automatic e-mail notification

August 27, 2007 by Paulie 53 Comments

This script, will examine the machine it is running on and send an email report of all the windows updates that are available for installation.

The script sends e-mail notifications providing details of which Windows Updates are available for installation.  You can choose which of the five patch levels will trigger an e-mail alert:

  • Critical
  • Important
  • Moderate
  • Low
  • Unclassified

I would suggest that you at least choose Critical, Important and Unclassified. For some reason Microsoft do not mark all updates with a severity, but the “Unclassified” category seems to contain a lot of what I would consider to be important updates. My thanks to one of the guys that commented for pointing this out.

If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.

The script can be run manually or as a scheduled task. The report includes links to the relevant KB articles and further information made available by Microsoft.

Image showing Windows Update Email Notification

Windows update email notification script configuration

The script is very quick to setup and the most complicated part will likely be your SMTP configuration. At the top of the script you will see a number of variables:

Windows Update Alert Levels

First of all you should configure what severity of Windows update will trigger an email alert. These range from critical to low. Setting each value to 1 or 0 will enable or disable alerts for that category. As mentioned above some updates do not have any severity assigned. These seem to be things like Windows Defender definitions or updates to the malicious software removal tool.

I would recommend at least having Critical, Import and and Unclassified set to 1.

Configure email settings

Next you need to configure your SMTP settings:
Image showing SMTP Configuration for Windows Update Notifications

If you leave the SMTP server empty, the script will attempt to use the local machine to send the email. I suspect most people will use an internal or external relay, so configure it as per your environment. You can use SMTP over SSL by setting the SMTP_UseSSL variable to 1.

Testing Windows Updates Notification Emails

  1. Download the Script:
    Windows Update Email Notification Script
  2. Extract the contents to a folder on your server and then setup the variables to suit your preferences and environment
  3. Test the script
    1. Go into a command prompt
    2. Change directory to the location where you saved the script.
    3. Run:
      cscript winupdates.vbs
    4. Check your email

Once you are happy that the script is reporting correctly, setup a Windows Scheduled Task to do this automatically. Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:

C:\WINDOWS\system32\cscript.exe c:\scripts\winupdates.vbs

The script uses the Windows Update Agent API Com interface, which is quite interesting in itself.

Sample Email Configurations

EmailFrom 		= "[email protected]"
EmailTo 		= "[email protected]"
'If SMTP Server is left empty it will try to use the local SMTP Server without auth
SMTP_Server		= "smtp.office365.com"
SMTP_Port		= "25"
SMTP_User		= "[email protected]"
SMTP_Pass		= "YourOffice365Password"
'Set this variable to 1 to enable SMTP over SSL
SMTP_UseSSL 	= "1"
EmailFrom 		= "[email protected]"
EmailTo 		= "[email protected]"
'If SMTP Server is left empty it will try to use the local SMTP Server without auth
SMTP_Server		= "smtp.gmail.com"
SMTP_Port		= "465"
SMTP_User		= "[email protected]"
SMTP_Pass		= "gmailPassword"
'Set this variable to 1 to enable SMTP over SSL
SMTP_UseSSL 	= "1"
EmailFrom 		= "[email protected]"
EmailTo 		= "[email protected]"
'If SMTP Server is left empty it will try to use the local SMTP Server without auth
SMTP_Server		= "192.168.250.249"
SMTP_Port		= "25"
SMTP_User		= ""
SMTP_Pass		= ""
'Set this variable to 1 to enable SMTP over SSL
SMTP_UseSSL 	= "0"

I originally wrote this script in 2007 and noticed a lot of people were still downloading and using it. So this evening (December 2019), while my wife was at her work Christmas party I decided to see if it still worked and address some of the points made in the comments. I didn’t have a huge amount of time to spend on it, but found time to clean up the code a bit, enhanced the email options and added the functionality to include updates that do not have any severity assigned. It was tested by me on Windows 2008, 2012, 2016 and 2019 and they all worked!

I am glad people are still fining it useful more than 10 years after I wrote the original version!

Filed Under: Scripts & Utilities, Technical Posts Tagged With: VBScript, Windows Update

Reader Interactions

Comments

  1. Andy Butler says

    December 6, 2007 at 10:47 pm

    Hi Paul,

    Tried using this but the script would either give no output (even though there were needed updates on the server) or would give this following error even though I entered in my sendfrom and sendto email addresses correctly:

    c:\scripts\winupdates.vbs(60, 4) CDO.Message.1: The “SendUsing” configuration value is invalid.

    Any ideas? I tried on both Server 2003 R2 and Server 2000 SP4. WSUS is configured via GPO on these servers and is able to push out updates, so the update query to my WSUS 3 server appears to be working fine.

  2. Andy Butler says

    December 6, 2007 at 11:44 pm

    Ok, I figured it out. The VBScript you have assumes there is a local smtp server to send out the notification. If your using a remote SMTP server, then insert this code in the section that specifies the message objects (objMessage.Subject, etc):

    ‘==This section provides the configuration information for the remote SMTP server.
    ‘==Normally you will only change the server name or IP.
    objMessage.Configuration.Fields.Item _
    (“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2

    ‘Name or IP of Remote SMTP Server
    objMessage.Configuration.Fields.Item _
    (“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “smtp.myserver.com”

    ‘Server port (typically 25)
    objMessage.Configuration.Fields.Item _
    (“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25

    objMessage.Configuration.Fields.Update

    ‘==End remote SMTP server configuration section==

    objMessage.Send

  3. Paulie says

    January 3, 2008 at 12:21 pm

    Thanks Andy, I will add this into the default script.

  4. Jon Kuhn says

    August 12, 2008 at 4:51 pm

    Can you publish the completed script using a remote SMTP server?

  5. Paulie says

    August 12, 2008 at 6:56 pm

    I have updated the script to include support for remote SMTP servers.

    Edit the variables at the top of the script to specify a server. Could be extended for SMTP auth as well.

  6. Bjorn says

    December 14, 2008 at 3:02 pm

    Very nice feature.
    I have tested it on Windows Server 2008 as well, and it seems to work OK. I’ll asume this will be the same on Vista

  7. Martin says

    February 14, 2009 at 8:54 am

    Paulie,

    When you say “could be extended for SMTP auth as well,” what does it take to use, say, Gmail to send? I don’t see a variable for username and password for SMTP auth.

  8. Tyson says

    June 23, 2009 at 9:30 pm

    Paulie, this sounds like a very handy script! I am not script junkie though and I am not sure how to add SMTP authentication so that the server can send e-mail. Would you mind pasting in the code or updating the zip with that?

    I would lovvve to be able to use this to keep on top of updates on all my servers, but without SMTP authentication, I can’t send e-mail!

    Thanks soo much. I hope you, or someone still checks out this post.

  9. Gagget says

    February 23, 2010 at 7:44 pm

    for those who need SMTP authentication …
    objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendusername”) = RemoteSMTPUser
    objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendpassword”) = RemoteSMTPPass
    objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate”) = 1

    by the way: … great script *thumbs up*

  10. Paulie says

    February 23, 2010 at 7:54 pm

    Gagget,

    Thank you for useful addition. Veru useful. Glad you find script useful.

  11. KL says

    March 10, 2010 at 1:32 pm

    Is there anyway that we could add a listing of the machine’s IP address in the header along beside the computer name?

    Have been tinkering with it, but no luck thus far.

  12. Paulie says

    March 10, 2010 at 1:51 pm

    Should be pretty easy using something like this:

    http://www.codeproject.com/KB/vbscript/ipaddress.aspx

    Give it a try, if you get stuck I will post an example.

  13. David says

    July 27, 2010 at 3:48 pm

    Is there anyway to modify this so it wont alert you about hidden updates?

  14. Michael says

    August 9, 2010 at 5:02 pm

    I am trying to get this work with gmail. Would it be possible to provide a working example I could use?

  15. Shane says

    December 2, 2010 at 3:50 pm

    I am trying to get this working as well. Does the cdo webpage still work (Microsoft)? When I try to go to the URL, I get a page not found.

  16. Paulie says

    December 2, 2010 at 3:52 pm

    Still working for me, what problem are you having when you try to use it?

  17. Philipp says

    July 9, 2011 at 1:56 pm

    Works like a charm on Server 2008 R2 – very helpful. thanks!

  18. Adriaan Bredero says

    November 2, 2011 at 6:51 pm

    Dear Sir/Madam,

    Script sounds nice, can you tell me where i can download the script ? is theire any download link ?

    I looking forward to hear from you, thanks and have a nice day.

    Best regards,
    Adriaan Bredero

  19. Paulie says

    November 3, 2011 at 8:43 am

    Hi,

    It is at:

    https://tachytelic.net/wp-content/winupdates.zip

    I will make the download link more obvious in the post, it is well hidden!

  20. Adriaan Bredero says

    November 7, 2011 at 4:23 pm

    Hi Paulie,

    Thanks for the link, i have downloaded the file but i have another question.

    Is it reguired that i fill in a remote SMTP server ? when i leave the SMTP server empty. (will the server try to send the e-mail by himself ?)

    Does the script also works with Windows Server 2003 ? or only with the 2008 versions and higher ?

    I looking forward to hear from you, thanks and have a nice day.

    Best regards,
    Adriaan Bredero

  21. Adriaan Bredero says

    November 9, 2011 at 3:45 pm

    Hi Paulie,

    I have added the SMTP credentials to the script, but i get an error.

    Is it possible that you can change the script so the auth SMTP credentials can be filled in, in the script ? now i can only fill in the SMTP address but not the loginname and password. (reguired to send e-mail)

    I looking forward to hear from you, thanks.

    Best regards,
    Adriaan Bredero

  22. Graham says

    May 24, 2013 at 3:03 pm

    HI Paul

    I find this script extremely useful in its purpose. Well done.

    However, I have installed it (and modified to fit my personal SMTP server API object instead of the one you have included) but I notice there is a problem that maybe you might have an answer for.

    I noticed that with a lot of the updates the ‘MsrcSeverity’ value was not being filled and therefore the script was not performing correctly (for readers, the value of this ‘field’ contains the severity “Critical”, “Important” etc and is need to filter out and report whats what). I did a number of tests on various updates by using the wscript.echo command to output the value and quite often (but not always) it was blank. It took a long time to figure this out by involving using the script to list all patches and updates, even ones that have already been installed (removing Isinstalled from updateSearcher.Search(“IsInstalled=0″ ) and adding WScript.Echo update.Title & ” ‘”&update.MsrcSeverity&”‘” for everyone found to show their title and severity. As a consequence I have slightly mod’ed the script to assume all ‘blank’ severities (MsrcSeverity) as important. Im no specialist and made the following change:

    severity=”‘”&update.MsrcSeverity&”‘”
    Select Case severity
    Case “‘Critical'”
    CriticalCount = Criticalcount+1
    CriticalHTML = CriticalHTML & MakeHTMLLine(update)
    Case “‘Important'”
    ImportantCount = Importantcount + 1
    ImportantHTML = ImportantHTML & MakeHTMLLine(update)
    ‘ Next added to incorporate missing severity report (seems common) and default assume them to IMPORTANT
    Case “””
    ImportantCount = Importantcount + 1
    ImportantHTML = ImportantHTML & MakeHTMLLine(update)
    .
    .
    .
    (note the intro of the variable ‘severity’ and the inclusion of quotes around the CASE tests)

    I dont know why only some updates have the MsrcSeverity value filling because you would think they all do (assuming this is what drives the Windows Update screen too). An example of an update that has it missing is the IMPORTANT update for Windows Defender definitions (but there are many other ‘patches’ too)

    Do you have any idea as to what is happening or a better way of handling this?

  23. Mark Vinten says

    June 17, 2014 at 10:44 pm

    You are right to make the blank ones appear as important because they may well be so it’s safer to include them. You can do that better by making the Case “Important” because a Case Else and moving the section to the bottom of the case list so that anything not understood is caught.

    I just tried this script on a Windows Server 2012 R2 and it worked great. I may even translate the principles into a c# program that I have for monitoring disk space, etc. as it’s that useful a script 🙂

  24. Paulie says

    June 17, 2014 at 11:16 pm

    I am glad that you approve of code that I wrote seven years ago! I can hardly remember the code but I am very pleased, and surprised to hear that it still works in Windows Server 2012 r2!

    I’d be worried to look at the code again now, normally when I look at anything I wrote over a year ago it makes me shudder, but I do remember being quite pleased with this one in particular.

  25. Luan Nguyen says

    July 9, 2014 at 5:49 pm

    Thank you very much Paulie.

    I modified it to categorize MsrcSeverity to Important when it’s blank and use Gmail SMTP with authentication.
    Here it is: http://luan-itworld.blogspot.com/2014/07/windows-update-automatic-e-mail.html

  26. RDK says

    September 26, 2014 at 6:07 am

    Paulie…..We are in the process of moving from Windows Server 2003 to Windows Server 2008. We had several scripts using CDO to send e-mails which on our new 2008 server do not work. The new machine has Office 2010 installed.

    Did you do anything special to get CDO installed and running on the 2008 server?

    Thanks…..RDK

  27. Paulie says

    September 26, 2014 at 2:58 pm

    Is your server 2008 64-bit?

  28. RDK says

    September 26, 2014 at 9:21 pm

    Yes, both 64 bit and 2008R2….RDK

  29. Paulie says

    September 26, 2014 at 11:01 pm

    You need to run your scripts in 32-bit mode and the will work again, take a look in:

    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\SysWOW64\wscript.exe

  30. RDK says

    October 1, 2014 at 6:09 am

    Paulie…Thanks for the information, but the decision seems to be to rewrite the scripts in Powershell. We’ll see how that goes….RDK

  31. Alex says

    December 16, 2014 at 4:37 pm

    Hey great job with the script can you think of anyway to make it so we’d receive an email when the updates are finished installing like bringing on a new Domain controller and waiting for it to finish patching can take hours.

  32. Jeremiah says

    July 7, 2016 at 11:36 pm

    Years later and this thing is still rockin’. Sincere thanks and appreciation!

  33. skal says

    August 4, 2016 at 9:55 am

    Kudos on a long-life good tool.
    Someone once asked about not listing hidden updates, and I needed that myself, a quick web search gave me the solution: add “and IsHidden=0” to the search query:
    Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'")
    becomes
    Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")

  34. Dante Labon says

    July 24, 2017 at 4:13 pm

    This script is fantastic!! I do have a question though. I am in charge of maintaining 100 computers, and I cannot possibly sort through 100 emails everyday. Is there any way to add a piece to the script that would only send the email if there are updates for the computer? That would be awesome.

    Thanks…DL

  35. Paulie says

    July 24, 2017 at 4:16 pm

    I believe it already does that, for example if you set AlertCritical to 1 and all of the others to 0, it will only email you regarding that particular computer when there are critical updates. If there are none, then it won’t send the email.

    I could be wrong, it’s been many years since I last looked at it,but I am pretty sure that is how it works.

  36. Dante Labon says

    July 24, 2017 at 4:35 pm

    Oh. Ok. I didn’t notice that yet. Haven’t put it on any other computers yet. But, this script is really going to make my life a little easier!! Thank you very much for it.

  37. sebus says

    June 14, 2018 at 9:54 am

    Very nice indeed!

  38. Dave Wain says

    August 8, 2018 at 7:11 am

    August 2018 and this script is still relevant. Much appreciated.
    If you are still monitoring these comments the script isn’t working on W2012. There are updates apending (bright yellow notification on login screen tells me so) and I have set all alert types to 1.
    It is working on a W2008R2 instance and I tried c:\windows\sysWOW64\cscript specifically to no avail.
    Any ideas?

  39. Paulie says

    August 8, 2018 at 7:14 am

    Are you sure the updates that are pending are windows updates abs not updates to other Microsoft products?

  40. Dave Wain says

    August 8, 2018 at 11:37 pm

    Hey Paulie, good to hear from you.
    On RDS Server 2012, “Update for Windows Server 2012 R2 (KB3118401) & (KB3162835)” are both downloaded and pending install.

  41. Paulie says

    December 15, 2018 at 12:29 am

    Hi All,

    Been a long time coming but I noticed a lot of people were still using this script I wrote back in 2007. I was at a loose end tonight while my wife was at a work party, so I have updated the script to address most of the questions you have left in the comments.

    The SMTP options have been enhanced.
    Updates with no severity assigned have an option to be included in the email report.
    I cleaned up the code a bit and fixed a couple of issues.
    Updated the blog post with a bit more guidance.

    Have a great Christmas! 😀

  42. Dave Wain says

    December 15, 2018 at 9:21 am

    You are too kind 🙂 Have a wonderful and safe Christmas my friend.

  43. Brian Richardson says

    April 8, 2019 at 2:02 pm

    Getting an error message “Transport failed to connect to the server”. Any suggestions?

  44. Paulie says

    April 8, 2019 at 2:20 pm

    It sounds like you have not configured valid SMTP server settings.

  45. John bales says

    June 28, 2019 at 8:45 pm

    Trying to set this up in an environment with all the servers allowed to relay without authentication through the Exchange server. Only on 3 servers (2012 R2 and 2016), the script works but it is unable to send the message. Have you seen this error before?

    Failed to send email, the error was:
    The message could not be sent to the SMTP server. The transport error code was 0x80040217. The server response was not available

  46. coque iphone 79 says

    September 12, 2019 at 3:50 am

    Below is a contact we gotten merely now: Mr. Nesson
    coque iphone 79 https://www.saxy.fr/sitemap.xml

  47. Peter Geremia says

    December 22, 2019 at 3:30 pm

    I tried to use the script. I am sending email to my postfix server.
    When the email sends I get this message:

    The server rejected one or more recipient addresses. The server response was: 550 Invalid HELO string (WINSERVER)

    Is there a way to specify the HELO message. I think it needs to be the full FQDN.

  48. Erik says

    December 27, 2019 at 2:42 pm

    Marry X-Mas in 2019 – yes the script is useful – thanks a lot for this.

  49. Erik says

    December 27, 2019 at 3:04 pm

    My local mail Server don’t want an authentication, so I left username and PW empty.
    To get this working, I had to change two lines in the Mail function – here my code – maybe it’s useful for someone:

    if SMTP_Server “” Then
    With Fields
    .Item (“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2
    .Item (“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = SMTP_Server
    .Item (“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = SMTP_Port
    .Item (“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate”) = 0
    if SMTP_User “” then
    .Item (“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate”) = 1
    .Item (“http://schemas.microsoft.com/cdo/configuration/sendusername”) = SMTP_User
    .Item (“http://schemas.microsoft.com/cdo/configuration/sendpassword”) = SMTP_Pass
    end if
    if SMTP_UseSSL = “1” then
    .Item(“http://schemas.microsoft.com/cdo/configuration/smtpusessl”) = True
    end If
    .Update
    End With
    Set objMessage.Configuration = objConfig
    end if

  50. Paulie says

    December 27, 2019 at 3:05 pm

    Thanks for posting, I need to update the original. I think someone else reported the same a while back. Glad it is useful to you. Happy New Year!

  51. sharath says

    January 3, 2020 at 5:21 am

    Hi ,
    Iam configuring from gmail and getting below error.

    Checking for available updates…
    2 Updates Found
    Failed to send email, the error was:
    The message could not be sent to the SMTP server. The transport error code was 0
    x80040217. The server response was not available

    Can any one help me to resolve this issue.

    thanks! in advance.

  52. Erik says

    January 21, 2020 at 7:53 am

    Hi,

    is there a possibility to exclude some updates from notification. I need to setup the level to “Unclassified” to see the monthly role up updates, but this will also bother me stupid silverlight updates, which I dont have installed on my windows 2019 server.

    Any idea?

    Thanks

  53. Elias Haisch says

    August 27, 2020 at 9:58 am

    Add
    .Item(“http://schemas.microsoft.com/cdo/configuration/sendtls”) = True
    to be able to use starttls,
    .Item(“http://schemas.microsoft.com/cdo/configuration/smtpusessl”)
    has to be false then
    Greetings

Leave a Reply Cancel reply

Primary Sidebar

Link to my LinkedIn Profile

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 107 other subscribers.

Go to mobile version