Summary
This is an administrator update for the Microsoft Visual Studio 2017 product line. It is intended to be used for centralized administrators to easily deploy Visual Studio throughout their organization. The publication of this update presumes that an applicable version of Visual Studio 2017 is already installed on the computer. Applying this update will not initiate a new installation.
Administrator updates to Visual Studio 2017 serve two purposes:
-
Feature updates enable IT admins to advance computers in their organization to a particular minor version of Visual Studio 2017.
-
Quality and security updates are applicable to specific “servicing baseline” minor versions. They are designed to deliver performance and reliability improvements, and keep the computer secure.
For more information about which baselines are under support during which timeframes, refer to the Visual Studio Product Lifecycle and Servicing page.
For specific details about which fixes are in each version of administrator updates, see the Visual Studio 2017 version 15.9 release notes documentation.
The title of each administrator update describes the applicable version ranges of the update. For example, if the name of the update is “Visual Studio 2017 version 15.9.0 to 15.9.31,” then this update will apply to any clients from versions 15.9.0 through 15.9.30, and it will update them to 15.9.31.
Update characteristics
The following table lists the key characteristics of the three primary types of Visual Studio 2017 administrator updates: Security, Feature, and Quality.
Characteristic |
Security updates |
Feature updates |
Quality updates |
---|---|---|---|
Available in Microsoft Update Catalog |
Yes. |
Yes. |
Yes. |
Available in WSUS |
Yes, automatically |
Optional manual import |
Optional manual import |
MU category |
Security Updates |
Feature Packs |
Critical Updates |
SKU applicability |
All VS 2019 products |
Only products commonly found in Enterprises |
Only products commonly found in Enterprises |
Minor version boundary behavior |
Contained within a minor version |
Can cross a minor version boundary |
Contained within a minor version |
Types of changes included as compared to previous release |
Security fixes |
Feature changes |
Quality fixes |
How to obtain and install administrator updates
The Administrator Security Updates for Visual Studio 2017 version 15.9 will be published regularly on the second Tuesday of every month. The releases will be for automated deployment through standard enterprise management tools such as System Center Configuration Manager. These security updates will be available on both WSUS and Microsoft Update Catalog.
The Administrator Quality Updates and Feature Updates will be available through Microsoft Update Catalog. Enterprise admins can download the update directly to a client computer. Alternatively, they can select to Import the Update from the Microsoft Update Catalog into WSUS if they want to deploy it more broadly by using a tool such as Configuration Manager.
These administrator updates are functionally equivalent to the client updates that are released to and are available on the VisualStudio.Com and My.VisualStudio.Com websites.
Note: You might notice that some nonsecurity administrator updates for Visual Studio 2017 are published to WSUS between September 2020 and March 2021. These are preview proof-of-concept releases. They will be removed from WSUS soon.
Configuring client computers to receive administrator updates
Encoding administrator intent
The client computers must be enabled to receive administrator updates. This step is necessary to make sure that the updates are not unintentionally or accidentally pushed out to unsuspecting client computers.
The AdministratorUpdatesEnabled key is designed for the administrator to encode administrator intent. This key can be in any of the standard Visual Studio locations as described in the Set Defaults for Enterprise Deployments of Visual Studio documentation. Admin access on the client computer is required in order to create and set the value of this key.
-
To configure the client computer to accept administrator updates, set the AdministratorUpdatesEnabled REG_DWORD key to 1.
-
If the AdministratorUpdatesEnabled REG_DWORD key is missing or is set to 0, Administrator Updates will be blocked from applying to the client computer.
Note: In the future, the explicit action of configuring the client computer to accept administrator updates might be relaxed, and the absence of the AdministrativeUpdatesEnabled key will be an implicit opt-in.
Encoding Visual Studio user and developer intent
Users and developers can use a separate AdministratorUpdatesOptOut key to opt out of receiving administrator updates. The purpose of this key is to encode the intent of the Visual Studio user.
To configure the client computer to block administrator updates, set the AdministratorUpdatesOptOut REG_DWORD key to 1. The absence of the key, or a set value of 0, means that the Visual Studio user wants to receive administrator updates to Visual Studio.
Notice that the AdministratorUpdatesOptOut key (for encoding developer intent) is prioritized over the AdministratorUpdatesEnabled key (which encodes IT admin intent). If AdministratorUpdatesOptOut is set to 1, the update will be blocked on the client, even if the AdministratorUpdatesEnabled key is also set to 1. This action assumes that IT admins can access and monitor which developers chose to opt out, and that the two parties can then discuss whose needs are more important. IT admins can always change either key whenever they want.
Also notice that both of these registry keys apply to all instances of Visual Studio that may be installed on the computer.
Configuring the administrator updates
In the near future, we'll release additional configuration capabilities to administrator updates that will let organizations adjust the behavior of the updates. For example, we'll enable administrator updates to integrate with the concept of offline layouts, so that clients can acquire updated bits from an internal network location instead of the internet. Other configuration options will include the ability to encode client computer preferences for a particular servicing baseline level, or the ability for an administrator to force the update to occur, even if Visual Studio is in use. We'll announce these changes and update external online documentation when those configuration options become available.
Reports and diagnostics
How to verify that the update was installed
You can use either of these methods to verify that the update was installed correctly:
-
On the client computer, start Visual Studio 2017 version 15.9, select Help > About, and verify that the version number matches the last number in the title of the intended update.
-
Use the vswhere tool to identify the various versions of Visual Studio on the computer. For more information, see Tools for detecting and managing Visual Studio instances.
Error codes
Client error codes are defined in Use command-line parameters to install Visual Studio.
Note: Visual Studio must be closed before you install the update. If Visual Studio is open or being used, the update installation will be aborted.
Feedback and support
You can use the following methods to provide feedback about Visual Studio 2017 administrator updates or report issues that affect the updates:
-
Refer to the Troubleshooting Visual Studio installation and upgrade issues guidance.
-
Go to the Visual Studio support page, and check whether your issue is listed in the FAQ. You can also select the Support Link button for chat help.
-
Leave feedback on the dedicated Developer Community topic for this experience: Deploying Security Updates to Visual Studio 2017 and 2019 via WSUS and SCCM.
-
Install Visual Studio 2017, and suggest a new feature or report a problem through the IDE. This adds another item to the Visual Studio Developer Community.
-
Contact your organization’s technical account manager for Microsoft.