Incorrect default project administrator permissions in TFS 2015

When Team Foundation Server (TFS) creates a new project, a set of default permissions is applied. TFS 2015 updates (but not the RTM version) have an incorrect default setting for project administrators. This means that, by default for projects that are created after Update 1 is installed, project administrators can bypass Git branch policies. For projects that are created before Update 1 is installed or by future versions of TFS, the correct default setting of not set is configured.
More information
This permissions configuration may be intentional, and there is no automated way to detect whether it was incorrectly configured as the default setting or else set that way intentionally. TFS upgrades will not change the setting for projects that already exist. If you want to prevent project administrators from bypassing Git branch policies, reset that group's permissions to not set. For more information, see the Permissions and groups in Team Services and TFS.

Future versions of TFS will apply the correct default setting to new projects.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 3191968 - Last Review: 09/26/2016 18:50:00 - Revision: 1.0

Visual Studio Team Foundation Server 2015

  • KB3191968