Patch management (WSUS) hasn't been in my court until recently so I am trying to get acclimated to its functionality. So currently we are using WSUS version 3.2 for our Windows Server patch management. Something I am finding lacking with this system, and maybe because it simply isn't a feature or I am not looking in the correct place, is being notified when patches are applied via email. The only E-Mail notifications I am finding are under Update Services>(Server name) Options and then the E-Mail Notifications settings. From here you can be notified of the synchronization of patches between your WSUS sever and Microsoft and that status report of your environment (summary of the status of your computers by computer groups).
What I want for notifications are, "This computer has just had patch X applied and it was rebooted" in my inbox. Is there a way for WSUS to do this or is this outside of the functionality of WSUS to do? I am looking to do this without purchasing any additional software, just using WSUS/Powershell/etc.
Best Answer
There isn't built-in functionality to do this.
The Event Log contains information about update installation, as does the
%SystemRoot%\WindowsUpdate.logfile. Either of those sources would be a good candidate to "scrape" for information about update installations.The WSUS server's database is updated when updates are installed but, unfortunately, Microsoft has not published the schema and doesn't consider it to be something you should be querying directly. It would be possible to (probably fairly elegantly) report on new update installations via the WSUS server itself if Microsoft published the schema. I won't write anything to touch the WSUS database directly because some significant fraction of my code would turn to garbage upon the next WSUS release.