Visual Studio administrator guide
In enterprise environments, system administrators typically deploy and update software on end users machines. The Visual Studio product integrates well in these types of environments by giving system administrators the ability to manage and control when and how the Visual Studio software is deployed and updated. Visual Studio can be acquired from the internet, from a network share, or from a product cache, and it can be deployed and updated manually, programmatically or by using systems management software. Visual Studio provides the ability to create and maintain acquisition locations, pre-configure installation defaults, deploy product keys during the installation process, and manage product updates after a successful rollout. This administrator guide provides quick links to scenario-based guidance for enterprise deployment.
You will need to make a plan for how you deploy Visual Studio across your organization. Below lists some of the key things to think about, and it's best if your plan and decisions are made before the original installation happens on the client machine.
- Make sure that each target computer meets the minimum installation requirements. Note that Visual Studio does not support application virtualization solutions such as Microsoft App-V or MSIX for Windows or third-party app virtualization technologies.
- Make sure that each target computer meets the minimum installation requirements. Note that Visual Studio does not support application virtualization solutions such as Microsoft App-V or MSIX for Windows or third-party app virtualization technologies.
- Clarify your security and compatibility needs. Microsoft recommends that your organization always uses the latest and most secure software.
- Make sure you understand the support options for Enterprise and Professional customers. For more information, refer to the Visual Studio product lifecycle and servicing page.
- If your company needs to stay on a feature set longer but still wants to get regular servicing security updates, you should plan to use a long-term servicing channel (LTSC). For more information, see the Support options for Enterprise and Professional customers section of the Visual Studio product lifecycle and servicing page.
- Follow Windows security baselines. Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities.
How does Visual Studio get originally installed on the machine? The action of initially installing Visual Studio by using a bootstrapper requires administrative privileges on the machine. Do users have the ability to install the product themselves or will an IT admin need to facilitate it through an elevated process?
How are you licensing and distributing entitlement subscriptions within your organization? Does the installation require product keys?
What group policy settings need to be configured on your client machines? Can you use the Administrative Templates (ADMX) or the Microsoft Intune settings catalog to configure policies across your organization?
Which workloads and components does your company need? Do you plan to utilize
*.vsconfig
files to standardize your teams' installations?
Where should your client machines acquire the product updates from? This often depends on if clients have access to the internet or not. Should they get their updates from an IT managed and maintained company-wide network layout, or should they acquire the updates from the internet?
Who is allowed to update the client machines? By default, the action of updating Visual Studio requires administrative privileges on the machine, although starting in August 2023, an admin can delegate update capability to standard users by configuring the
AllowStandardUserControl
policy. Standard users can never use the bootstrapper, though. TheAllowStandardUserControl
policy just enables them to use the Visual Studio Installer functionality after the installer has already been installed on the client. Are users allowed to update their machines, or does an admin need to invoke it centrally or programmatically via a system context process?When should the updates happen? Should it be left to the user's discretion to decide when to update, or are there organizational policies that govern timeliness of updates?
Tip
We encourage all organizations to enroll their client machines into Visual Studio Administrator Updates, a system which delivers security updates on a monthly basis to devices that are enrolled in Windows Update for Business.
The following resources will help you do the initial install of Visual Studio in common enterprise scenarios. You'll typically only have to do this once.
Review the Install Visual Studio documentation to get a high level overview of the installation options available to end users. Select the workloads and components that you want available for install on your client machines.
Acquire the correct Visual Studio bootstrapper to install the product. There are different bootstrappers available for you to choose from. Some bootstrappers install a very particular version of the product, while other bootstrappers initialize the servicing baseline channel. You must be an administrator on the machine to execute any of the bootstrappers.
Use command-line parameters to install Visual Studio. Use a variety of parameters or use an installation configuration
*.vsconfig
file to programmatically control or customize your Visual Studio installation. You can build an installation script that automates the installation process. For more information, see command line parameter examples.Create a layout (network installation) of Visual Studio. A layout is a cache of the Visual Studio files in a folder on your network that you can use for both the initial installation as well as all product updates. A layout can be used if your client machines have limited internet connectivity. You can use an installation configuration *.vsconfig file to initialize the contents of the layout. You can use a response file, which allows you to set defaults when installing the product. After your layout is created, you should maintain it regularly. Remember to make sure that either the user or system account that's running the update has proper access to the network share that contains the layout. For more information, refer to Troubleshoot network-related errors when you install or use Visual Studio.
Deploy a layout onto client machines within your organization. Learn how to install Visual Studio from a layout onto client machines across your organization.
Install required certificates for offline installation. Install necessary certificates if the client machine is completely disconnected from the internet.
Configure the policies that govern machine wide Visual Studio behavior. Configure and deploy policies across your organization, such as opting in to Administrator Updates, allowing standard users to update, and removing out-of-support components. The Visual Studio policies are available in the Microsoft Intune settings catalog as well as the Visual Studio Administrative Templates (ADMX).
Automatically apply product or subscription keys when deploying Visual Studio. You can programmatically apply a subscription or product key as part of a script that is used to automate the deployment of Visual Studio so that users don't need to activate the software separately. You can set this key either during an installation of Visual Studio or after an installation completes.
Install and use Visual Studio and Azure Services behind a firewall or proxy server. If your organization uses security measures such as a firewall or a proxy server, then there are domain URLs that you might want to add to an "allowlist" and ports and protocols that you might want to open so that you have the best experience when you install and use Visual Studio and Azure Services.
The following resources will help you keep your Visual Studio updated, current, and secure. Best practice is to plan for monthly updates.
Review the Update Visual Studio documentation to get a high level overview of the update options available to end users, and how end users are notified that updates are available.
Make sure you have configured the long-term servicing channel (LTSC) properly if you want to tightly control when and where updates come from.
Make sure you have enabled standard users the flexibility to update on demand if your organizational allows it.
Enable Administrator Updates using Microsoft Endpoint Configuration Manager (SCCM and Intune). Visual Studio administrator updates are available and deployable through the Microsoft Endpoint Manager software collection which includes all Intune and SCCM managed devices that are enrolled in Windows Update for Business. This is our recommended approach for how enterprises stay secure. Learn more here.
Keep your layout (network installation) updated on a regular basis so that it remains current and secure with the latest product updates. Layouts are meant to be used as both as an installation point for new client installs of Visual Studio as well as a source of updated product bits for installations that are already deployed to client workstations. Visual Studio releases security updates on patch Tuesday, the second Tuesday of the month, and we strongly recommend that you update your layouts on a monthly cadence immediately afterwards.
Use command-line parameters to update Visual Studio. Use a variety of parameters to programmatically update Visual Studio. For more information, see command line parameter examples.
Update client machines that are based on a network layout. After you've updated your layout, you can then update your client installations of Visual Studio from the updated network layout. This scenario is also designed to work with Administrator Updates, and for clients that are not connected to the internet.
For computers that are not connected to the internet or not attached to a layout, you can update Visual Studio using a minimal offline layout.
Configure policies that affect the behavior of Visual Studio Use the Microsoft Intune settings catalog or the Visual Studio Administrative Templates (ADMX) to easily configure Visual Studio policies on client machines across your organization. This includes configuring policies that govern installation and update behavior such as who is allowed to update, where some packages shared with other versions or instances are installed, where and whether packages are cached, if administrator updates should be enabled or how they should be applied, which update channels are available and how they're presented to the client, if unsupported components should be removed during an update, and how notifications appear or don't appear. This also includes configuring policies that govern customer feedback, telemetry, Live Share, and Dev Tunnelsbehavior.
Create custom bootstrapper packages. Learn advanced techniques for how to create custom bootstrapper packages to further control your installation configuration by creating product and package manifests.
- Import or export installation configurations to other machines or to layouts.
Detect, verify, and manage installed Visual Studio instances on client machines.
Get troubleshooting tips. Get help when you’re installing or updating Visual Studio, and learn how to report a problem if you’re blocked. These tips include step-by-step instructions that should resolve most online or offline installation issues.
Repair Visual Studio to fix update issues. Sometimes your Visual Studio installation becomes damaged or corrupted. A repair is useful for fixing install-time issues across all install operations, including updates.
Sometimes, things can go wrong. If your Visual Studio installation fails, see Troubleshoot Visual Studio installation and upgrade issues for step-by-step guidance.
Here are a few more support options:
- Use the installation chat (English only) support option for installation-related issues.
- Report product issues to us by using the Report a Problem tool that appears both in the Visual Studio Installer and in the Visual Studio IDE. If you're an IT Administrator and don't have Visual Studio installed, you can submit IT Admin feedback.
- Suggest a feature, track product issues, and find answers in the Visual Studio Developer Community.
- Enabling administrator updates
- Applying administrator updates
- Use command-line parameters to install, update, and manage Visual Studio
- Configure policies for enterprise deployments of Visual Studio
- Visual Studio Administrative Templates
- Install certificates required for Visual Studio offline installation
- Visual Studio product lifecycle and servicing
- Synchronous autoload settings