This script, will examine the machine it is running on and send an email report of all the windows updates that are available for installation.
The script sends e-mail notifications providing details of which Windows Updates are available for installation. You can choose which of the five patch levels will trigger an e-mail alert:
- Critical
- Important
- Moderate
- Low
- Unclassified
I would suggest that you at least choose Critical, Important and Unclassified. For some reason Microsoft do not mark all updates with a severity, but the “Unclassified” category seems to contain a lot of what I would consider to be important updates. My thanks to one of the guys that commented for pointing this out.
If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.
The script can be run manually or as a scheduled task. The report includes links to the relevant KB articles and further information made available by Microsoft.
Windows update email notification script configuration
The script is very quick to setup and the most complicated part will likely be your SMTP configuration. At the top of the script you will see a number of variables:
Windows Update Alert Levels
First of all you should configure what severity of Windows update will trigger an email alert. These range from critical to low. Setting each value to 1 or 0 will enable or disable alerts for that category. As mentioned above some updates do not have any severity assigned. These seem to be things like Windows Defender definitions or updates to the malicious software removal tool.
I would recommend at least having Critical, Import and and Unclassified set to 1.
Configure email settings
Next you need to configure your SMTP settings:
If you leave the SMTP server empty, the script will attempt to use the local machine to send the email. I suspect most people will use an internal or external relay, so configure it as per your environment. You can use SMTP over SSL by setting the SMTP_UseSSL variable to 1.
Testing Windows Updates Notification Emails
- Download the Script:
Windows Update Email Notification Script - Extract the contents to a folder on your server and then setup the variables to suit your preferences and environment
- Test the script
- Go into a command prompt
- Change directory to the location where you saved the script.
- Run:
cscript winupdates.vbs - Check your email
Once you are happy that the script is reporting correctly, setup a Windows Scheduled Task to do this automatically. Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:
C:\WINDOWS\system32\cscript.exe c:\scripts\winupdates.vbs
The script uses the Windows Update Agent API Com interface, which is quite interesting in itself.
I originally wrote this script in 2007 and noticed a lot of people were still downloading and using it. So this evening (December 2019), while my wife was at her work Christmas party I decided to see if it still worked and address some of the points made in the comments. I didn’t have a huge amount of time to spend on it, but found time to clean up the code a bit, enhanced the email options and added the functionality to include updates that do not have any severity assigned. It was tested by me on Windows 2008, 2012, 2016 and 2019 and they all worked!
I am glad people are still fining it useful more than 10 years after I wrote the original version!
Hi Paul,
Tried using this but the script would either give no output (even though there were needed updates on the server) or would give this following error even though I entered in my sendfrom and sendto email addresses correctly:
c:\scripts\winupdates.vbs(60, 4) CDO.Message.1: The “SendUsing” configuration value is invalid.
Any ideas? I tried on both Server 2003 R2 and Server 2000 SP4. WSUS is configured via GPO on these servers and is able to push out updates, so the update query to my WSUS 3 server appears to be working fine.
Ok, I figured it out. The VBScript you have assumes there is a local smtp server to send out the notification. If your using a remote SMTP server, then insert this code in the section that specifies the message objects (objMessage.Subject, etc):
‘==This section provides the configuration information for the remote SMTP server.
‘==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2
‘Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “smtp.myserver.com”
‘Server port (typically 25)
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25
objMessage.Configuration.Fields.Update
‘==End remote SMTP server configuration section==
objMessage.Send
Thanks Andy, I will add this into the default script.
Can you publish the completed script using a remote SMTP server?
I have updated the script to include support for remote SMTP servers.
Edit the variables at the top of the script to specify a server. Could be extended for SMTP auth as well.
Very nice feature.
I have tested it on Windows Server 2008 as well, and it seems to work OK. I’ll asume this will be the same on Vista
Paulie,
When you say “could be extended for SMTP auth as well,” what does it take to use, say, Gmail to send? I don’t see a variable for username and password for SMTP auth.
Paulie, this sounds like a very handy script! I am not script junkie though and I am not sure how to add SMTP authentication so that the server can send e-mail. Would you mind pasting in the code or updating the zip with that?
I would lovvve to be able to use this to keep on top of updates on all my servers, but without SMTP authentication, I can’t send e-mail!
Thanks soo much. I hope you, or someone still checks out this post.
for those who need SMTP authentication …
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendusername”) = RemoteSMTPUser
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/sendpassword”) = RemoteSMTPPass
objMessage.Configuration.Fields.Item (“http://schemas.microsoft.com/cdo/configuration/smtpauthenticate”) = 1
by the way: … great script *thumbs up*
Gagget,
Thank you for useful addition. Veru useful. Glad you find script useful.
Is there anyway that we could add a listing of the machine’s IP address in the header along beside the computer name?
Have been tinkering with it, but no luck thus far.
Should be pretty easy using something like this:
http://www.codeproject.com/KB/vbscript/ipaddress.aspx
Give it a try, if you get stuck I will post an example.
Is there anyway to modify this so it wont alert you about hidden updates?
I am trying to get this work with gmail. Would it be possible to provide a working example I could use?
I am trying to get this working as well. Does the cdo webpage still work (Microsoft)? When I try to go to the URL, I get a page not found.
Still working for me, what problem are you having when you try to use it?
Works like a charm on Server 2008 R2 – very helpful. thanks!
Dear Sir/Madam,
Script sounds nice, can you tell me where i can download the script ? is theire any download link ?
I looking forward to hear from you, thanks and have a nice day.
Best regards,
Adriaan Bredero
Hi,
It is at:
https://www.tachytelic.net/wp-content/winupdates.zip
I will make the download link more obvious in the post, it is well hidden!
Hi Paulie,
Thanks for the link, i have downloaded the file but i have another question.
Is it reguired that i fill in a remote SMTP server ? when i leave the SMTP server empty. (will the server try to send the e-mail by himself ?)
Does the script also works with Windows Server 2003 ? or only with the 2008 versions and higher ?
I looking forward to hear from you, thanks and have a nice day.
Best regards,
Adriaan Bredero
Hi Paulie,
I have added the SMTP credentials to the script, but i get an error.
Is it possible that you can change the script so the auth SMTP credentials can be filled in, in the script ? now i can only fill in the SMTP address but not the loginname and password. (reguired to send e-mail)
I looking forward to hear from you, thanks.
Best regards,
Adriaan Bredero
HI Paul
I find this script extremely useful in its purpose. Well done.
However, I have installed it (and modified to fit my personal SMTP server API object instead of the one you have included) but I notice there is a problem that maybe you might have an answer for.
I noticed that with a lot of the updates the ‘MsrcSeverity’ value was not being filled and therefore the script was not performing correctly (for readers, the value of this ‘field’ contains the severity “Critical”, “Important” etc and is need to filter out and report whats what). I did a number of tests on various updates by using the wscript.echo command to output the value and quite often (but not always) it was blank. It took a long time to figure this out by involving using the script to list all patches and updates, even ones that have already been installed (removing Isinstalled from updateSearcher.Search(“IsInstalled=0″ ) and adding WScript.Echo update.Title & ” ‘”&update.MsrcSeverity&”‘” for everyone found to show their title and severity. As a consequence I have slightly mod’ed the script to assume all ‘blank’ severities (MsrcSeverity) as important. Im no specialist and made the following change:
severity=”‘”&update.MsrcSeverity&”‘”
Select Case severity
Case “‘Critical'”
CriticalCount = Criticalcount+1
CriticalHTML = CriticalHTML & MakeHTMLLine(update)
Case “‘Important'”
ImportantCount = Importantcount + 1
ImportantHTML = ImportantHTML & MakeHTMLLine(update)
‘ Next added to incorporate missing severity report (seems common) and default assume them to IMPORTANT
Case “””
ImportantCount = Importantcount + 1
ImportantHTML = ImportantHTML & MakeHTMLLine(update)
.
.
.
(note the intro of the variable ‘severity’ and the inclusion of quotes around the CASE tests)
I dont know why only some updates have the MsrcSeverity value filling because you would think they all do (assuming this is what drives the Windows Update screen too). An example of an update that has it missing is the IMPORTANT update for Windows Defender definitions (but there are many other ‘patches’ too)
Do you have any idea as to what is happening or a better way of handling this?
You are right to make the blank ones appear as important because they may well be so it’s safer to include them. You can do that better by making the Case “Important” because a Case Else and moving the section to the bottom of the case list so that anything not understood is caught.
I just tried this script on a Windows Server 2012 R2 and it worked great. I may even translate the principles into a c# program that I have for monitoring disk space, etc. as it’s that useful a script 🙂
I am glad that you approve of code that I wrote seven years ago! I can hardly remember the code but I am very pleased, and surprised to hear that it still works in Windows Server 2012 r2!
I’d be worried to look at the code again now, normally when I look at anything I wrote over a year ago it makes me shudder, but I do remember being quite pleased with this one in particular.
Thank you very much Paulie.
I modified it to categorize MsrcSeverity to Important when it’s blank and use Gmail SMTP with authentication.
Here it is: http://luan-itworld.blogspot.com/2014/07/windows-update-automatic-e-mail.html
Paulie…..We are in the process of moving from Windows Server 2003 to Windows Server 2008. We had several scripts using CDO to send e-mails which on our new 2008 server do not work. The new machine has Office 2010 installed.
Did you do anything special to get CDO installed and running on the 2008 server?
Thanks…..RDK
Is your server 2008 64-bit?
Yes, both 64 bit and 2008R2….RDK
You need to run your scripts in 32-bit mode and the will work again, take a look in:
C:\Windows\SysWOW64\cscript.exe
C:\Windows\SysWOW64\wscript.exe
Paulie…Thanks for the information, but the decision seems to be to rewrite the scripts in Powershell. We’ll see how that goes….RDK
Hey great job with the script can you think of anyway to make it so we’d receive an email when the updates are finished installing like bringing on a new Domain controller and waiting for it to finish patching can take hours.
Years later and this thing is still rockin’. Sincere thanks and appreciation!
Kudos on a long-life good tool.
Someone once asked about not listing hidden updates, and I needed that myself, a quick web search gave me the solution: add “and IsHidden=0” to the search query:
Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'")becomes
Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")This script is fantastic!! I do have a question though. I am in charge of maintaining 100 computers, and I cannot possibly sort through 100 emails everyday. Is there any way to add a piece to the script that would only send the email if there are updates for the computer? That would be awesome.
Thanks…DL
I believe it already does that, for example if you set AlertCritical to 1 and all of the others to 0, it will only email you regarding that particular computer when there are critical updates. If there are none, then it won’t send the email.
I could be wrong, it’s been many years since I last looked at it,but I am pretty sure that is how it works.
Oh. Ok. I didn’t notice that yet. Haven’t put it on any other computers yet. But, this script is really going to make my life a little easier!! Thank you very much for it.
Very nice indeed!
August 2018 and this script is still relevant. Much appreciated.
If you are still monitoring these comments the script isn’t working on W2012. There are updates apending (bright yellow notification on login screen tells me so) and I have set all alert types to 1.
It is working on a W2008R2 instance and I tried c:\windows\sysWOW64\cscript specifically to no avail.
Any ideas?
Are you sure the updates that are pending are windows updates abs not updates to other Microsoft products?
Hey Paulie, good to hear from you.
On RDS Server 2012, “Update for Windows Server 2012 R2 (KB3118401) & (KB3162835)” are both downloaded and pending install.
Hi All,
Been a long time coming but I noticed a lot of people were still using this script I wrote back in 2007. I was at a loose end tonight while my wife was at a work party, so I have updated the script to address most of the questions you have left in the comments.
The SMTP options have been enhanced.
Updates with no severity assigned have an option to be included in the email report.
I cleaned up the code a bit and fixed a couple of issues.
Updated the blog post with a bit more guidance.
Have a great Christmas! 😀
You are too kind 🙂 Have a wonderful and safe Christmas my friend.