{"id":245050,"date":"2023-09-13T09:30:11","date_gmt":"2023-09-13T16:30:11","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/visualstudio\/?p=245050"},"modified":"2023-09-13T09:24:10","modified_gmt":"2023-09-13T16:24:10","slug":"standard-user-update","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/visualstudio\/standard-user-update\/","title":{"rendered":"Balancing User Updates with Security Best Practices"},"content":{"rendered":"

In today\u2019s world, it is imperative for IT administrators and organizations to manage security effectively and embrace security best practices. One common best practice involves implementing appropriate permission levels to ensure that only authorized accounts can access sensitive data and functionality. Another widely accepted best practice involves keeping software up to date with the latest security patches. Visual Studio recommends both of these security best practices as described in the online documentation for User permissions and Visual Studio<\/a> and Applying Administrator Updates<\/a>.<\/p>\n

Up until now, we\u2019ve had a bit of a catch-22 situation with respect to the Visual Studio installer, which is the tool that installs and updates the Visual Studio product. The installer requires administrator permissions to use, because it needs to write into \u201cprotected\u201d areas of Windows. However, if the user running the installer doesn’t have the required elevated permissions, then they are blocked from using the installer\u2019s functionality to update or modify Visual Studio. Thus, when organizations follow security best practices and limit user permissions, it can hinder the developer’s ability to acquire the latest product functionality, bug, and security fixes.<\/p>\n

Standard Users can now update and modify Visual Studio<\/h5>\n

We are excited to announce a new feature designed especially for developers who have limited permissions on their machines. The purpose of this feature is to give developers with restricted permissions better control of their development environment by enabling them to update or modify their installation at will. In fact, this feature is the solution to one of our top developer community reported issues<\/a>.<\/p>\n

We\u2019ve addressed this permissions friction with the most recent release of Visual Studio 2022 version 17.7.\u00a0 Now, standard users \u2013 i.e. those without<\/em> administrator permissions \u2013 can be granted the capability to fully utilize the installer to acquire updates and make changes to Visual Studio. An administrator must explicitly delegate control to a standard user and enable this feature by performing two discrete and simple steps on the client machine:<\/p>\n

    \n
  1. Perform the initial install of the installer. Acquiring the installer for the first time on any client machine will always require administrator permissions.<\/li>\n
  2. Configure the AllowStandardUserControl policy<\/a>. Configuring Visual Studio policies will always require administrator permissions too.<\/li>\n<\/ol>\n

    Once these two steps are complete, then a standard user can access and execute any installer functionality \u2013 updates, modifications, and even new product installations from the Available tab.<\/p>\n

    This standard user update capability applies to all versions of Visual Studio 2017 and above, provided that that the latest installer is installed on the machine. Fortunately, we\u2019ve made acquiring the latest installer easy, as all future releases and updates of Visual Studio will always contain the latest installer<\/a>.<\/p>\n

    Other Security Management Features<\/h5>\n

    Over the past several minor releases, Visual Studio has made it much easier for enterprise administrators to follow these common security best practices. For example, we recently introduced the capability for administrators to easily configure Visual Studio policies<\/a> and enable automatic monthly security administrator updates<\/a> using Microsoft Intune. It is also possible to automatically remove components during an update that have transitioned to an out-of-support state<\/a>. We hope that this new ability for standard users to update and configure their installation will offer developers more flexibility in managing their development environment within an organization\u2019s security best practice framework. Lastly, we have a few more complementary features planned for this space, so stay tuned in for upcoming announcements.<\/p>\n

    We welcome and value your feedback on this experience. Feel free to add comments below or submit a new problem report on the Visual Studio IT Administrator feedback page<\/a> about any challenges you have or improvements you\u2019d like to see regarding this solution. We appreciate your feedback on other topics too – you can leave a suggestion for another experience<\/a>\u00a0you\u2019d like us to deliver and fill out our Customer Deployment Profile survey<\/a>, so we have a better understanding of your operational environment and needs.<\/p>\n","protected":false},"excerpt":{"rendered":"

    In today\u2019s world, it is imperative for IT administrators and organizations to manage security effectively and embrace security best practices. One common best practice involves implementing appropriate permission levels to ensure that only authorized accounts can access sensitive data and functionality. Another widely accepted best practice involves keeping software up to date with the latest […]<\/p>\n","protected":false},"author":584,"featured_media":255385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[155],"tags":[6362,6849,6828,147],"class_list":["post-245050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-visual-studio","tag-administrator","tag-installer","tag-security","tag-update"],"acf":[],"blog_post_summary":"

    In today\u2019s world, it is imperative for IT administrators and organizations to manage security effectively and embrace security best practices. One common best practice involves implementing appropriate permission levels to ensure that only authorized accounts can access sensitive data and functionality. Another widely accepted best practice involves keeping software up to date with the latest […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/245050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/users\/584"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/comments?post=245050"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/245050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media\/255385"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media?parent=245050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/categories?post=245050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/tags?post=245050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}