1Password 6.4 silent install

Hello,
With older 1Password releases based on MSI, we were able to specify TARGETDIR= and /verysilent arguments to the install MSI which allowed us to push 1Password from PDQ Deploy to all our workstations. With the new 6.4 release, that appears to not be possible any more. Are there plans to provide this kind of functionality? Our workstation users are normal users, they do not have any admin rights on the machines so we either have to push software from PDQ Deploy or log into every workstation manually.


1Password Version: 6.4
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Teams

Comments

  • Greg
    Greg
    1Password Alumni

    Hello @adamkennedy,

    Thank you for reaching out and using 1Password with your team! We really appreciate it! :)

    We have indeed changed the installer for 6.4, so we use Inno Setup instead of MSI now. In order to achieve your goals, please take a look at the following help page:

    Inno Setup Help

    Inno Setup has /VERYSILENT and /DIR parameters to control what you want. Please let us know if it works for you. :+1:

    The only thing is that we do not recommend to install 1Password into shared folder where user can't write to. It will cause installer to fail later when it's started without admin rights (from within the app).

    We will be looking forward to your reply!

    Cheers,
    Greg

  • [Deleted User]
    [Deleted User]
    Community Member

    Hi, I am also having this issue.

    I have tried to specify a directory with the /DIR parameter, but it still installs for the current user running the installer (in my case the SYSTEM user).

    If I simply copy all the files installed by the installer to a location that is user writable, will the user be able to run it without Administrator privileges? We need to be able to deploy this to a number of workstations where the users don't have Administrator privileges, and we can't practically go around to every machine manually to install.

    Also where is the recommended install location for users? By default it seems to install in %LOCALAPPDATA%/1password/6 - is that where you would recommend when specifying /DIR ?

    Any help on this would be greatly appreciated, and honestly it's a deal breaker for us, as we were looking to move to 1Password Teams from Lastpass Enterprise, but if we can't automate deployment, I can't see it happening unfortunately. (Unfortunately as 1Password seems a better solution for us).

    Thanks in advance.

  • MikeT
    edited November 2017

    Hi @creamelectricart,

    Thanks for writing in.

    I have tried to specify a directory with the /DIR parameter, but it still installs for the current user running the installer (in my case the SYSTEM user).

    That's correct, 1Password is a single user installer and installs with the rights of the user that initiates the installer. There is no admin rights required but at the end of the installer, it may ask for the admin rights to create a custom 1Password event group in Event Viewer, this can be denied with no impact on 1Password. However, in the next update, 1Password 6.8 (in beta now), it will not use Event Viewer anymore, so there will be no more UAC dialog at the end of the installer.

    If I simply copy all the files installed by the installer to a location that is user writable, will the user be able to run it without Administrator privileges?

    Yes, in fact, that is what we would suggest (we officially do not support this in general):

    1. Install 1Password on a testing machine but do not sign in.
    2. Xcopy the %LOCALAPPDATA%\1Password\ via Group Policy or your deployment method to everyone's %LOCALAPPDATA%\1Password directory.
    3. Run the /setup command line parameter on the AgileBits.OnePassword.Desktop.exe file (which runs silently and terminates once it is done) to setup the registry keys to enable the Native Messaging support for 1Password extension like so: %LOCALAPPDATA%\1Password\app\6\AgileBits.OnePassword.Desktop.exe /setup
    4. After that, your user can sign in.

    You can also deploy a standardized defaults file to everyone if you want to do something like disabling 1Password's automatic update, so that you can deploy it once you test it first. Here's how it would work:

    1. Copy the app.json file in the %LOCALAPPDATA%\1Password\app\6\ directory, which lists the defaults we use
    2. Rename this file to be admin.json, configure the settings you want, and then xcopy it to everyone's data folder via %LOCALAPPDATA%\1Password\data.

    I would encourage testing this before you deploy company-wide.

  • [Deleted User]
    [Deleted User]
    Community Member

    Hi Mike,

    Thanks so much for the detailed response, I really appreciate it. I'll test it out, sounds like that should work for us no problem.

    Thanks again.

  • AGAlumB
    AGAlumB
    1Password Alumni

    On behalf of Mike, you are most welcome! It sounds like you should be all set, but don't hesitate to reach out if we can be of further assistance. Cheers! :)

  • [Deleted User]
    [Deleted User]
    Community Member

    Hi Mike,

    It seems that running %LOCALAPPDATA%\1Password\app\6\AgileBits.OnePassword.Desktop /setup requires Administrator privileges? So how to do this for users without Administrator privileges? Or if I do this once with a different account with Administrator privileges it should then work ok for other users?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @creamelectricart: Just click "No". As Mike mentioned in his previous comment, admin rights is only needed for Event Viewer. The app works fine without it, and 6.8 won't use that at all.

  • [Deleted User]
    [Deleted User]
    Community Member

    Hey brenty,

    Sorry, just to confirm then, I should be running the app with the /setup parameter for each user then? They just have to click 'No' when asked for Admin credentials by the app?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @creamelectricart: Yep! I think it might be easier to just copy the app folder (since you could automate that), but that will work too. :)

  • [Deleted User]
    [Deleted User]
    Community Member

    @brenty : So I only need to do one or the other? Not both? At the moment the script I have copies the app folder, then runs /setup...

  • Hi @creamelectricart,

    Creating a custom event group in Windows' Event Viewer always required admin rights but only once per application for all users on the machine. If the permission is denied, 1Password's log will go into the general administrative event group.

    Before deploying the script, run /setup (without xcopy) on the machine once as an admin. This will create the custom 1Password event group in the machine's Windows Event Viewer, which all users on the said machine can reuse without admin rights, thus the /setup in your script will proceed without any admin rights.

    In 1Password 6.8, we will not use Event Viewer anymore, so /setup will run without admin rights as well.

This discussion has been closed.