KB 4576341 – Administrator update to Visual Studio 2017 version 15.9

Summary

This is an administrator update for Microsoft Visual Studio 2017. It is intended for centralized IT administrators to easily deploy a Visual Studio update throughout their organization. This update presumes that Visual Studio 2017 is already installed on the computers. Applying this update will not initiate a brand new installation.

Administrator updates to Visual Studio 2017 serve two purposes:

Feature updates enable IT admins to advance client computers in their organization to a particular minor version of Visual Studio 2017.
Quality and security updates are applicable to only the Visual Studio 2017 version 15.9 minor version. They are designed to deliver performance and reliability improvements, and to keep computers secure.

Refer to the online documentation for how to Enable administrator updates and Apply administrator updates.

For more information about which baselines are under support during which timeframes, refer to the Visual Studio Product Lifecycle and Servicing page.

For specific details about which fixes are in each version of administrator updates, see the Visual Studio 2017 version 15.9 release notes documentation.

The title of each administrator update describes the applicable version ranges of the update. For example, if the name of the update is “Visual Studio 2017 version 15.9.0 to 15.9.31,” then this update will apply to any clients from version 15.9.0 through 15.9.30, and it will update them to 15.9.31.

Administrator update characteristics

The following table lists the key characteristics of the three primary types of Visual Studio 2017 administrator updates: security, feature, and quality.

Characteristic	Security updates	Feature updates	Quality updates
Available in Microsoft Update Catalog	Yes. April 2021	Yes. April 2021	Yes. April 2021
Available in WSUS	Yes, automatically	Optional manual import	Optional manual import
Update Category	Security Updates	Feature Packs	Updates
SKU applicability	All VS 2017 products	Only products licensed for Enterprise use	Only products licensed for Enterprise use
Types of changes included as compared to previous release	Security fixes Quality fixes	Feature changes Security fixes Quality fixes	Quality fixes

How to obtain and install administrator updates

Administrator security updates for Visual Studio 2017 version 15.9 will be published regularly on the second Tuesday of every month. These security updates will be available on both the Microsoft Update Catalog and Windows Server Update Services (WSUS) so that they will be automatically available for deployment through standard enterprise management tools such as Microsoft Endpoint Configuration Manager.

Administrator quality updates and feature updates will be available through Microsoft Update Catalog. Enterprise admins can download the update from the catalog and run it directly on a client computer. Alternatively, they can select to Import the Update from the Microsoft Update Catalog into WSUS if they want to deploy it more broadly by using a tool such as Configuration Manager.

These administrator updates are functionally equivalent to the Visual Studio 2017 updates that are released to and are available on the VisualStudio.com and My.VisualStudio.com websites.

Note: You might notice that some nonsecurity administrator updates for Visual Studio 2017 are published to WSUS between September 2020 and March 2021. These are preview proof-of-concept releases. They will be removed from WSUS soon.

Configuring client computers to receive administrator updates

The complete list of administrator update configuration options is documented online. The most common ones are listed below.

Visual Studio Client Detector Utility

The Visual Studio Client Detector Utility must be installed on the client computers for the administrator updates to be correctly recognized and received. This tool is included together with all recent Visual Studio 2017 updates since May 12, 2020, and it is also available to independently deploy from both WSUS and the Microsoft Update Catalog.

Encoding administrator intent

The client computers must be enabled to receive administrator updates. This step is necessary to make sure that the updates are not unintentionally or accidentally pushed out to unsuspecting client computers.

The AdministratorUpdatesEnabled key is designed for the administrator to encode administrator intent. This key can be in any of the standard Visual Studio locations as described in the Set Defaults for Enterprise Deployments of Visual Studio documentation. Admin access on the client computer is required in order to create and set the value of this key.

To configure the client computer to accept administrator updates, set the AdministratorUpdatesEnabled REG_DWORD key to 1.
If the AdministratorUpdatesEnabled REG_DWORD key is missing or is set to 0, Administrator Updates will be blocked from applying to the client computer.

Note: In the future, the explicit action of configuring the client computer to accept administrator updates might be relaxed, and the absence of the AdministrativeUpdatesEnabled key will be an implicit opt-in.

Encoding Visual Studio user and developer intent

Users and developers can use a separate AdministratorUpdatesOptOut key to opt out of receiving administrator updates. The purpose of this key is to encode the intent of the Visual Studio user.

To configure the client computer to block administrator updates, set the AdministratorUpdatesOptOut REG_DWORD key to 1. The absence of the key, or a set value of 0, means that the Visual Studio user wants to receive administrator updates to Visual Studio.

Notice that the AdministratorUpdatesOptOut key (for encoding developer intent) is prioritized over the AdministratorUpdatesEnabled key (that encodes IT admin intent). If AdministratorUpdatesOptOut is set to 1, the update will be blocked on the client, even if the AdministratorUpdatesEnabled key is also set to 1. This action assumes that IT admins can access and monitor which developers chose to opt out, and that the two parties can then discuss whose needs are more important. IT admins can always change either key whenever they want.

Also notice that both of these registry keys apply to all instances of Visual Studio that might be installed on the computer.

Reports and diagnostics

How to verify that the update was installed

You can use either of these methods to verify that the update was installed correctly:

On the client computer, start Visual Studio 2017 version 15.9, select Help > About, and then verify that the version number matches the last number in the title of the intended update.
Use the vswhere tool to identify the various versions of Visual Studio on the computer. For more information, see Tools for detecting and managing Visual Studio instances.

Error codes

Client error codes are defined on the Applying Administrator Updates page.

Note: Visual Studio must be closed before you install the update. If Visual Studio is open or being used, the update installation will be aborted.

Feedback and support

You can use the following methods to provide feedback about Visual Studio 2017 administrator updates or report issues that affect the updates:

Refer to the Troubleshooting Visual Studio installation and upgrade issues guidance.
Ask questions of the community on the Visual Studio Setup Q&A Forum.
Go to the Visual Studio support page, and check whether your issue is listed in the FAQ. You can also select the Support Link button for chat help.
Leave feedback on the dedicated Developer Community topic for this experience: Deploying Security Updates to Visual Studio 2017 and 2019 via WSUS and SCCM.
Contact your organization’s technical account manager for Microsoft.