Suggestion - Portable Version [Not planned]

OLLI_S
OLLI_S
Community Member
edited April 2017 in 1Password 4 for Windows

A colleague of mine wanted to try 1Password, but he is not allowed to install software (most of the employees have these restrictions).
Only some special users (like me) have the permission to do so.
But he is able to run portable applications (if they are located in a special folder).
So he uses Firefox Portable and other portable applications like KeePass.

It would be cool when he also could use 1Password.
So maybe you try to offer also a portable version of 1Password 6 (it is OK if you implement this in the upcoming version 6).
Then also users with restricted rights can use 1Password.


1Password Version: 4.6.0.604
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @OLLI_S: It's on our list of "someday, maybe", but unfortunately there's a lot more we need to prioritize. But most importantly, your description is really useful. Usually when dealing with these kind of restrictions having things run on the computer is the issue. It's interesting to know that some folks are actually able to run their own apps, just restricted in where they can be installed. It sounds like your friend would be helped simply by allowing a custom installation destination. Is that correct? But a portable version would be useful to others as well. And we're very sensitive to the fact that some people simply won't have admin rights regardless. Thanks for sharing this! :)

  • OLLI_S
    OLLI_S
    Community Member

    @brenty
    Here at work users have not many rights.
    Any installation of applications is strictly forbidden, they have no permission (never-ever).
    Also the execution of applications is strictly prohibited, except some folders where the execution of applications is possible (but installation is still not possible).

    So the only chance to execute 1Password is to create a sub-foder this "special" folder and copy the required portable application there.
    This is how he is using KeePass.
    He created a folder "KeePass", downloaded the portable version of KeePass and unzipped the files in this folder.
    This way he can execute it.

    Allowing a user-defined folder for the installation of 1Password is not working here, because the installation is still blocked.
    When my colleague clicks on the installer an "Admin" prompt is shown (where he needs to enter the Admin password).

    I have 1Password installed because I have local Admin rights, but they are only working on my computer!
    So I can not log into his computer and install 1Password for him. :(

  • Hi @OLLI_S,

    A portable version of 1Password is on the list. The main 1Password app itself doesn't require admin rights, the admin right is being requested by the MSI installer but we don't want it. We're trying to resolve this but no ETA on this yet.

    You can just copy over 1Password 6 directory as well as its data directory to another computer and it would work. We just need to do the same via the "installer" but not sure which one will do this yet.

  • mia
    mia
    Community Member

    I have been screaming about this for years. This is by far the most ridiculous thing that's missing in every 1PW version since it's inception.
    It's almost to the point of unbelievable.

    Why can't 1Password use .config files instead of registry and spreading files like "C:\ProgramData\AgileBits" and "C:\Users\rawr\AppData\Roaming\AgileBits" in my user directories?

    At the very least, can't we CHOOSE where want our settings to be stored using a command line entry?
    I even tried to have it launch in Sandboxie for portability, but it doesn't work.

    This makes me very sad indeed.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @mia: I'm sorry that the Windows data conventions we're following make you sad. We can certainly consider other paradigms for the future. Thanks for sharing your feelings about this. :blush:

  • mia
    mia
    Community Member

    I am confused. With all due respect, how is it millions of other programs are able to create portable programs, but 1Password needs to put these files in other folders?

    If someone can explain to me how this is a "Windows data convertion", I am all ears.

  • Emulty
    Emulty
    Community Member
    edited September 2016

    Ничего не стоит переписать даже пакет msi, главное всё писать и регистрировать не выше профиля пользователя. Это HKCU, AppData\Local (%LOCALAPPDATA%) и AppData\Roaming (%APPDATA%). Да каждому пользователю PC придётся ставить копию приложения самостоятельно, но в msi можно добавить возможность регистрации приложения как для CurrentUser, так и для EveryOne. Нужно только желание в реализации со стороны разработчика, т.е. команды 1Password.
    Потом не менее актуальна портативная версия для USB устройств. Там нужно хранить всё настройки в файлах, не трогая реестр системы. Иногда случается оказаться в гостях за чужим ПК, а с собой только flash drive. Там может даже оказаться старенька Windows XP без .NET FrameWork 4, даже на Windows 7 может не быть NET4, и тут сегодня уже полный тупик, если брать в расчёт выбранное направление развития.
    Правда, учитывая разительное отличие текущей версии под Mac OS и Windows, которое уже год почти без изменений и ещё большую разницу в usability 4 версии 1Password для Windows (которую уже похоронили пару лет назад). Можно полагать, что ничего толкового в виде Portable версии мы никогда не увидим, у разработчика явно и так не хватает ресурса, чтобы просто поддерживать в каком-то терпимом виде развитие продукта под Windows платформу, и уж тем более дополнительные ветки продукта.
    P.S. Извините за мой английский, используйте переводчик. Иначе бы вообще ничего здесь не написал, на родном языке куда легче излагать мысли.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Emulty: I think there are pros and cons to each approach. We've chosen this one for now, but we're open to other possibilities too. I just don't think it benefits many people if we hastily change installation paths between releases unless it's necessary. It was once not too long ago, and it had real repercussions for some users, even though in the long run the database improvements have made the new app much faster.

    @mia: %AppData% is a standard Windows application user data location. That is, after all, why there's a handy abbreviation for it! There are different ways of doing things, and each are valid and have their uses. Your preference is to have everything self-contained in a portable location. Some apps are just a single executable. 1Password is not and probably will never be since the vault and other support files need to be discrete. User-account-specific data locations are useful for multi-user environments and, more specifically, deployment for use in domains. Just as "portability" is important to you a very different kind of "portability" (that of user data in a networked environment) is important to others. We'll see what we can do to strike a better balance for both. Thanks for your input on this!

  • mia
    mia
    Community Member

    I am open of course to adding a command line argument to specifying where all settings should go.

    Some other apps use -configdir D:\Applications\1Password\Settings

    so that all settings get stored there. Would be absolutely lovely if all of these renegade files AND registry settings were able to be compartmentalized this way. I surely cannot be the only one who wants this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for sharing the specifics of how you'd like it to work! You're certainly not alone. There are some other folks here who've expressed interested in a portable version as well. I'd use it myself were it an option, though I don't claim to be as passionate about this as you are! Ultimately though there are a lot of things that would be cool to do, but since resources are limited we have to choose to do some and not do others. Right now this isn't something we have the bandwidth for, but perhaps that dynamic will change in the future. Cheers! :)

  • Emulty
    Emulty
    Community Member

    Some apps are just a single executable. 1Password is not and probably will never be since the vault and other support files need to be discrete.

    Возьмите тот же uTorrent, все файлы хранятся в профиле пользователя и настройки, и проекты, и даже исполняемый файл. Кто мешает и вам поступить также?
    В %APPDATA%\1Password храним настройки и исполняемый файл.
    В %LOCALAPPDATA%\1Password храним локальную копию базы и кеш, которые при использовании redirection user profiles загружаются заново с серверов в случае смены PC в домене.
    Не вижу никаких проблем, только головой чуть-чуть подумать.

    %AppData% is a standard Windows application user data location. That is, after all, why there's a handy abbreviation for it! There are different ways of doing things, and each are valid and have their uses. Your preference is to have everything self-contained in a portable location.

    Повторюсь цитатой:

    но в msi можно добавить возможность регистрации приложения как для CurrentUser, так и для EveryOne

    В первом случае вы регистрируете всё под профилем пользователя и нигде более, в другом случае никто не мешает раскидывать файлы уже боле более привычным расположениям, такими как %ProgramFiles%, %ProgramData%, регистрировать расширения для браузера в ветке HKLM. Было бы только желание, выход всегда найдётся. Через GPO msi точно также можно разворачивать как в ветке пользователя так и самого компьютера. Если использовать регистрацию через GPO под пользователем, то даже более красиво получается, приложение будет развёрнуто только у тех пользователей, к которым применяется данная политика.

  • OLLI_S
    OLLI_S
    Community Member

    Sorry, @Emulty but I can read Russian text.
    I thought the official Forums language is English?

    Maybe I should answer in Latin or in Ancient Greek? ;)

  • LOL, @OLLI_S,
    Google Translate is your friend :)
    I bet people would feel the same, falls wir jetzt anfangen würden auf Deutsch zu schreiben.

    @Emulty
    Actually, for a few versions now, 1Password 6 stores both the app and the data in %localappdata% in the user's profile. We've also taken to storing the settings in HKCU (current user) instead of HKLM (local machine) removing another instance in which admin privileges might be necessary. The deployment options you mentioned are interesting and something our developers will certainly think about at some point.

  • OLLI_S
    OLLI_S
    Community Member

    @AlexHoffmann
    Nicht auszudenken, was passieren würde, wenn wir jetzt auch noch Bayerisch reden würden.
    Des ward zünftig und kona kunt uns versteha!
    :p

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed. I was tempted to jump in with some Japanese, but I figure anyone else joining this discussion will likely already be sufficiently confused. Cheers! ;)

  • Emulty
    Emulty
    Community Member
    edited October 2016

    Maybe I should answer in Latin or in Ancient Greek?

    Пеши хоть на Албанском, мне по барабану. Лень пользоваться переводчиком - твои личные половые трудности, уважаемый.
    Отвечал в данном теме только для донесения некоторых мыслей до разработчиков. Учтут будут молодцы. Нет, никто от этого не умрёт, будет более сложный и тернистый путь проб и ошибок для достижения аналогичных результатов - страдают в итоге все.
    Изъясняться на английском мне тяжело, о чём писал выше, проще вообще тогда ничего не писать. Если вставлять сразу результат машинного перевода, то часто теряется смысл и получается сумбур. А переведя оригинал в разных переводчиках или попросив комментариев у носителей языка всегда можно получить более точные детали.

    For moderators: It's a clear offtopic, you can delete this message if you consider necessary.

  • AGAlumB
    AGAlumB
    1Password Alumni

    <3 :lol:

    I agree that language can be a bit of a barrier, even with modern machine translation tools. But I think the important thing is that we're all willing to patiently meet in the middle. Cheers! :chuffed:

  • @OLLI_S @Emulty @mia

    1Password 6 should be portable if you want this.

    MSI installs code to %localappdata%\1password\app\6 folder and by default data is stored in %localappdata%\1password\data. All registry changes are happening to HKCU as well (we just register app for run when user logs in to Windows and to start 1Password when extension fails to find running 1Password).

    You can copy app to flash drive and make a simple edit in AgileBits.OnePassword.Desktop.json file to specify where you want your data located (same flash drive for example).

    Hope that helps ;)

  • Emulty
    Emulty
    Community Member

    MSI installs code to %localappdata%\1password\app\6 folder and by default data is stored in %localappdata%\1password\data. All registry changes are happening to HKCU as well (we just register app for run when user logs in to Windows and to start 1Password when extension fails to find running 1Password).

    You can copy app to flash drive and make a simple edit in AgileBits.OnePassword.Desktop.json file to specify where you want your data located (same flash drive for example).

    Hope that helps

    It`s very good, it will be helpfull. If you add in future button for install Mac&Win version on portable device (USB flash/hdd/ssd drive) it will be wonderfull!

  • AGAlumB
    AGAlumB
    1Password Alumni

    On behalf of Sergey, you are most welcome! I'm glad his tip was helpful. Perhaps once things settle down a bit with the new app we can look making custom installation friendlier. Cheers! :)

  • mia
    mia
    Community Member

    [quote]1Password 6 should be portable if you want this.

    MSI installs code to %localappdata%\1password\app\6 folder and by default data is stored in %localappdata%\1password\data. All registry changes are happening to HKCU as well (we just register app for run when user logs in to Windows and to start 1Password when extension fails to find running 1Password).

    You can copy app to flash drive and make a simple edit in AgileBits.OnePassword.Desktop.json file to specify where you want your data located (same flash drive for example).[/quote]

    Listen I really appreciate this, but it doesn't help the people who bought 4.x for 2 reasons:
    1. 4.x is full featured. 6.x is still in major development
    2. Need to pay for AgileBits subscription server for 1Pw 6.x since we know 100% (don't bother saying otherwise; writing is written in large capitalized letter on the wall).

    I can't even run 1Password under sandboxie because it keeps asking me for some stupid 4 digit code. Other options include creating a portable PAF or Thinstall virtualization which is really not ideal.

    I've given up trying to ask for portable 4.x. Even after all of these explanations I still don't see why we can't get a -portable config command parameter like a million other software do. It just sounds like it's a niche (but incredibly demanded apparently) feature for a version that's mainly abandoned other than critical fixes.

    Sound about right?

  • AGAlumB
    AGAlumB
    1Password Alumni

    I can't even run 1Password under sandboxie because it keeps asking me for some stupid 4 digit code.

    @mia: We don't have plans to make a portable version of 1Password 4, but you should be able to use it with Sandboxie with a few configuration tweaks. Cheers! :)

  • mia
    mia
    Community Member
    edited April 2017

    Hi Brent,
    Thank you for the quick response.
    It is not as easy as you mention. I consider myself a veteran user of sandboxie and an advanced user and it took me 30 minutes to figure tis out.

    Anyone else who wants to do this, follow instructions below. I am running Windows 10 Creator's Update 64-bit.

    IMPORTANT NOTE: You CANNOT enable "unlock on secure desktop" or 1Password will crash and you'll have to start over (or delete REGHIVE)

    IMPORTANT NOTE: 1Passord's tray icon does not show in taskbar or system tray while sandboxed. I used a utility to launch via CTRL+ALT+1 the sandboxed shortcut of exe..

    Here's what I did:
    1) I removed all traces of 1Password except for the folder you mentioned from my computer. (i'll use CloneApp portable to keep this between windows installs).
    2) Installed latest windows 1PW inside "1password" sandbox (mimicked defaultbox setup).
    3) Have Chrome or Chromium outside of the sandbox (mine is D:\Apps\Chrome..) run forcibly in the 1password sandbox.
    NOTE: You MUST run Chrome in the 1password sandbox or it will not work
    NOTE: You MUST NOT install Chrome inside of the sandbox or chrome won't work. Chrome's exe files need to located outside of the sandbox (D:\Apps for example) and allow sandboxie to contain the files within.

    4) Run 1password - tune. DO NOT TURN ON SECURE DESKTOP OR YOU HAVE TO DELETE SANDBOX OR TURN OFF SECURE DESKTOP VIA IMPORTED REG KEY

    5) Re-tune Chrome. Install 1password extension. It will look for 1PW. If it fails, try again. Eventually it will find it and associate. It will ask to verify 6 digit code on screen (dig. signature) is the same. If it is (it will be) click accept or yes or whatever.

    1Password is now (mostly) Sandboxed.

  • mia
    mia
    Community Member
    edited April 2017

    EDIT: It worked. I modified the post above to clarify.

  • Hi @mia,

    Thanks for sharing that with the community here, I'm sure a few others will find it useful.

    It makes sense that Secure Desktop blocks this, that's the purpose behind it, to prevent any other processes from interfering with 1Password. It's also why we cannot make a portable version of 1Password 4, we have to integrate deeply with the system and web browsers to provide better integration, which is far more requested than a portable version.

    We are not going to add any configuration options to make it more "portable", it's beyond the scope of our 1Password design and focus. We have made changes to 1Password 6 that allows for portable "use" from the get-go but we cannot promise that as we keep adding more and more complex features that it would stay portable either. Portable is not on our list of goals and if you value this more than anything else, unfortunately, my suggestion is to use a different tool that fits your needs better.

  • mia
    mia
    Community Member

    Ok, well this is insanely difficult and complicated. It searches for

    Running Chrome in sandbox is not an option apparently because it royally breaks "Default Browser" behavior. I had to revert to Google Chrome Portable (Portable-Apps). Now I'm forced to run 1Password in Sandbox, but it doesn't work.
    I get this window on Windows 10. @MikeT or @brenty could you help me fix this.. pretty please.

    Here's the window I get: http://i.imgur.com/WkBybdv.png
    I am assuming it's because the outside system doesn't have the file association set for .onepassord4-extension files? I tried associating both to the 1password.exe in the sandbox, but it still can't find it :(

    I am stuck. It's most ideal to keep 1password in the sandbox and let chrome sit outside the sandbox.

  • Hi @mia,

    Correct, you need 1Password to register the file extensions with Windows and that means it must have permissions to modify your register. Try going to the Help Menu in 1Password to select Restart 1Password Helper, this should perform the said registry changes.

    Please understand, this is not a supported configuration and we cannot provide assistance with something that can break 1Password and as such, we cannot provide further assistance with this.

    In addition, having 1Password sandboxed and not Chrome wouldn't help because you're still exposing data that 1Password is filling into Chrome.

  • mia
    mia
    Community Member

    @MikeT the problem is that the whole point of this endeavor is to keep 1PW setting sandboxed. For some reason, somehow, someway it is working.

    I tried 1PW 6. Despite claims to contrary, it is also not able to sandbox the settings (despite posts from devs suggesting we could).

    Anyways, I know you're sick of us asking for this functionality. 1PW 6 - design is very nice - I am anxiously awaiting for local vaults capability. Exporting CSV file from 1PW and importing makes a royal mess of the import - FYI. I know that's not the proper way to do it, but it should work nonetheless.

  • I'm glad to hear you've gotten it to work.

    The settings cannot be sandboxed completely because certain features require the use of registry and no, we cannot avoid the use of the registry as both Windows and other browsers use the registry for certain features we use. For an example, Native Messaging requires an entry in the registry for the 1Password extension to work with the 1Password process. As we continue to add more advanced features and more integrations, the portability aspect becomes less possible and thus, this is no longer on our list even though we wanted to do it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @mia: Nobody said anything about any version of 1Password being supported sandboxed. It was also difficult for me to get 1Password 4 running in Sandboxie. Personally, I found the UI and documentation rather confusing. But that's not a 1Password problem. Just wanted to share my own experience with this in case it helped. Cheers! :)

This discussion has been closed.