Check Windows Update Settings on Remote PCs / Servers

A common task for I.T. people is managing updates for their Windows servers and workstations.  While WSUS is nice, free tool it does lack some advanced reporting.  Another issue is that if a workstation or server hasn't ever contacted or isn't using WSUS, you can't get a grasp on it's status.

I wrote this handy script that gathers Windows Update information from remote servers and workstations.  It currently gathers the following:

  • Computer Name
  • Operating System
  • Service Status
  • Update Agent Version
  • Configured WSUS server
  • WSUS Target Group
  • Last Detection Time for Updates
  • Last Download Time for Updates
  • Last Installation Time for Updates
  • Notification Settings (Download, Notify, Prompt)
  • Install Schedule
  • Updates Currently Waiting
  • Reboot Status (Pending reboot for updates)

This is all logged to a CSV file so that it's easily opened in your favorite spreadsheet program.  In addition to this, you can force the remote PC to check for updates.


  • PSEXEC from the Sysinternals PSTOOLS kit (free) - Download Here
  • Administrator privileges on the computers you're running this against
  • Windows 2000, 2003, 2008, XP, Vista, 7


There are two parts to this script: CheckUpdates.vbs and CheckUpdates.bat.  Checkupdates.vbs is the actual script.  CheckUpdates.bat is a batch executed on the remote PC that calls the script.  Some examples may help.

Here's a basic example of how to execute CheckUpdates.vbs on a remote PC using psexec:

psexec \\computername -e -u domain\username -c CheckUpdates.bat

For those not familiar with psexec, this runs CheckUpdates.bat on the remote PC as domain\username.  The contents of CheckUpdates.bat are:

%WINDIR%\System32\cscript.exe \\PATH_TO_SCRIPT\CheckUpdates.vbs \\PATH_TO_LOG\CheckUpdates.csv check append //NoLogo

You will need to change PATH_TO_SCRIPT and PATH_TO_LOG to suit your needs.  I typically used an admin share such as D$.  Something like \\workstation\D$\tools\CheckUpdates.vbs.  As you can see, the batch file is what controls the options for CheckUpdates.vbs.  Speaking of...

There are three parameters for the script itself: LOG_PATH, check, and append.  All three are optional.

  • LOG_PATH [OPTIONAL]: This is the path to your log file.  If you omit this option, no log is written.  Information is still displayed on the screen.
  • check [OPTIONAL]: Forces the remote PC to check for available updates.  This can cause the script to take additional time while it waits for a response.  If you omit this option, the PC will not check for new updates.
  • append [OPTIONAL]: This will append to an existing log file.  If you omit this option, it will overwrite the existing log file.


Download CheckUpdates script and batch file

Your rating: None Average: 4.2 (13 votes)