This script, will examine the machine it is running on and send an email report of all the windows updates that are available for installation.
The script sends e-mail notifications providing details of which Windows Updates are available for installation. You can choose which of the five patch levels will trigger an e-mail alert:
I would suggest that you at least choose Critical, Important and Unclassified. For some reason Microsoft do not mark all updates with a severity, but the “Unclassified” category seems to contain a lot of what I would consider to be important updates. My thanks to one of the guys that commented for pointing this out.
If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.
The script can be run manually or as a scheduled task. The report includes links to the relevant KB articles and further information made available by Microsoft.
Windows update email notification script configuration
The script is very quick to setup and the most complicated part will likely be your SMTP configuration. At the top of the script you will see a number of variables:
Windows Update Alert Levels
First of all you should configure what severity of Windows update will trigger an email alert. These range from critical to low. Setting each value to 1 or 0 will enable or disable alerts for that category. As mentioned above some updates do not have any severity assigned. These seem to be things like Windows Defender definitions or updates to the malicious software removal tool.
I would recommend at least having Critical, Import and and Unclassified set to 1.
Configure email settings
If you leave the SMTP server empty, the script will attempt to use the local machine to send the email. I suspect most people will use an internal or external relay, so configure it as per your environment. You can use SMTP over SSL by setting the SMTP_UseSSL variable to 1.
Testing Windows Updates Notification Emails
- Download the Script:
Windows Update Email Notification Script
- Extract the contents to a folder on your server and then setup the variables to suit your preferences and environment
- Test the script
- Go into a command prompt
- Change directory to the location where you saved the script.
- Check your email
Once you are happy that the script is reporting correctly, setup a Windows Scheduled Task to do this automatically. Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:
The script uses the Windows Update Agent API Com interface, which is quite interesting in itself.
Sample Email Configurations
EmailFrom = "email@example.com" EmailTo = "firstname.lastname@example.org" 'If SMTP Server is left empty it will try to use the local SMTP Server without auth SMTP_Server = "smtp.office365.com" SMTP_Port = "25" SMTP_User = "email@example.com" SMTP_Pass = "YourOffice365Password" 'Set this variable to 1 to enable SMTP over SSL SMTP_UseSSL = "1"
EmailFrom = "firstname.lastname@example.org" EmailTo = "email@example.com" 'If SMTP Server is left empty it will try to use the local SMTP Server without auth SMTP_Server = "smtp.gmail.com" SMTP_Port = "465" SMTP_User = "firstname.lastname@example.org" SMTP_Pass = "gmailPassword" 'Set this variable to 1 to enable SMTP over SSL SMTP_UseSSL = "1"
EmailFrom = "email@example.com" EmailTo = "firstname.lastname@example.org" 'If SMTP Server is left empty it will try to use the local SMTP Server without auth SMTP_Server = "192.168.250.249" SMTP_Port = "25" SMTP_User = "" SMTP_Pass = "" 'Set this variable to 1 to enable SMTP over SSL SMTP_UseSSL = "0"
I originally wrote this script in 2007 and noticed a lot of people were still downloading and using it. So this evening (December 2019), while my wife was at her work Christmas party I decided to see if it still worked and address some of the points made in the comments. I didn’t have a huge amount of time to spend on it, but found time to clean up the code a bit, enhanced the email options and added the functionality to include updates that do not have any severity assigned. It was tested by me on Windows 2008, 2012, 2016 and 2019 and they all worked!
I am glad people are still fining it useful more than 10 years after I wrote the original version!