MS Visual Studio Installations

After downloading the Visual Studio Installer Elevation configuration feed, follow the below best practices to elevate Visual Studio Installer packages.

Customizing the Policy

1. In the Verify Privilege Manager console search for ThyPS_Example Elevate MS VisualStudio Installs.

2. On the results page click the ThyPS_Example Elevate MS VisualStudio Installs policy.

   

   The policy

   • is set to a priority of 9.
   • incorporates various filters, covering various Visual Studio versions. Each File Specification Filter incorporates a Certificate Filter for the signing cert and a Win 32 Filter for the targeted file attributes.
   • adds Administrative Rights to each of the application targets.

3. Save any changes and set the policy to active for it to take effect.

Best Practices

Four Microsoft Initial download files and subsequent two Windows Start Menu target files are defined as Application targets in this default policy.

If you use this policy in your environment, check frequently to update when new versions are released. Verify if there are any versions of Visual Studio you would need to include for your customization. To cover additional versions, use these filters as a basis and download desired versions including signature certificates from Microsoft. If you make changes to the default policy, take action to prevent accidental overwriting your changes when updating via configuration feed. Save the policy under a new name and compare with any IBM Security provided updates in the future.

Additionally, work is needed to sort out what needs elevation when using the application's various modules. Not every module installation was tested with these filters.

The Applications Elevation Policy should be a separate Policy, as it should be located differently in the Policy Stack.

Prior to rolling this out to a production environment, proper testing by a developer should be performed.