Software on a computing device frequently requires updates, (i.e., the installation of software update packages containing new or updated software), to respond to changes in the underlying operating system or hardware, fix errors in the previous software version, or implement additional functionality. Within an enterprise, an administrator may be responsible for managing the installation of these software update packages on end-user devices of an administered network. The software update packages may be of different formats depending on the operating systems of the end-user devices. For example, the software update packages may be Windows Installer Packages (“MSI packages”) in the context of the Windows™ operating system, or other software update packages in the context of other operating systems, such as the Mac OS operating system or the Linux operating system.
Frequently, prior to installation of a software update package, the administrator must “advertise” the software update package to the operating system of a given computing device. That is, the administrator must first register the software update package with the operating system and authorize subsequent installation of the software update package by a user having restricted privileges. Once advertised, the restricted user may, upon logging into the computing device, install the software update package with elevated privileges. While this procedure enables the restricted user to install software update packages that the restricted user would not normally be able to install due to the user's restricted privileges, the process has certain limitations. For example, the process requires that the administrator must know the particular software update package to be installed and must have an electronic copy of the software update package in order to advertise it to the operating system. Moreover, the administrator must have access to the computing device to advertisement of the software update package.
Administrator access to the computing device becomes more problematic when the administrator is responsible for updating software residing on computing devices connected to the administered network via a virtual private network (VPN). In this instance, the administrator may require access to a computing device residing hundreds or thousands of miles away from the administered network in order to determine whether a software update package is needed and, if so, to advertise the software update package to the operating system.
Moreover, although the administrator may be able to remotely access and advertise the software update package on the computing devices using the VPN, the restricted user typically is still forced to only install the registered software update package with elevated privileges, i.e., within the system context, or as a “SYSTEM” user, of the operating system. For complete installation, however, some software update packages, such as some MSI packages, require that the user install them under a user context of the operating system in order to preserve user-specific details. Thus, despite remote advertisement, the restricted user may not install these MSI packages that require installation under the user context, or if installed using conventional advertisement techniques, user-specific installation details may be lost.