Installation Location for 1Password outside of the Appdata area

I know that this request has been made before, but is it possible for you to move the default installation location (or at least provide an option) to install 1Password 7 in the general Program Files location in Windows? Installing in Appdata plays havoc with our security / lockdown settings, specifically because we are trying to prevent users from installing their own software or tools on our corporate systems.


1Password Version: 7.2.580
Extension Version: Not Provided
OS Version: Windows 7 (and later)
Sync Type: Not Provided

Comments

  • Hi @claidheamh,

    Thanks for writing in.

    We recommend that you deploy 1Password with your own deployment methods rather than letting your users install it. For more information, please email us directly at support+windows@1Password.com. Let us know when you sent it here, so we can check on the email for you.

    We are changing our installer in the near future, so any suggestion we have right now will be outdated soon. However, we are not planning to change the default installation path at all but there will be a command line option to install to your own directory.

  • claidheamh
    claidheamh
    Community Member

    Mike,

    Having command line options for setting the directory would be ideal. Also, a switch to turn off auto-update so that we can manage the deployment of updates would be greatly appreciated -

    Thanks!

  • Hi @claidheamh,

    Yep, you will have to turn it off anyway, the automatic update feature won't work in any system protected folders, which is one of the big reasons we don't support Program Files by default.

    We do plan to add group policy templates to manage 1Password via Group Policy, so that'll help to simplify the deployment process.

  • mat_barrie
    mat_barrie
    Community Member

    Hi Mike,

    Is it possible to get a beta of this version that supports installing to secure locations? Installing into AppData does not work with our application whitelisting/lockdown either, as well as being horrendously insecure as it allows easy injection of malware into the password manager using DLL poisoning.

    Thanks!

  • Hi @mat_barrie,

    Thanks for writing in.

    Is it possible to get a beta of this version that supports installing to secure locations?

    Yes, all of our beta builds are open to everyone, you can enable it in your 1Password's update settings.

    The new installer is not done yet, so it is not available in the public betas yet. You can stay tuned to our Windows beta forum as we announce all new beta builds in there as soon as we ship them.

    You can also monitor changes to our changelog page: https://app-updates.agilebits.com/product_history/OPW6#beta

    being horrendously insecure as it allows easy injection of malware into the password manager using DLL poisoning.

    If there's already a malware installed, the game is over and there would be easier way to compromise the said programs; rewriting the registry entries, installing keyloggers, etc in various locations that can still compromise the app even in the admin-locked locations.

    However, we do respect your wishes and we will add the ability to install to admin-protected directories. It will require the automatic update to be disabled for it to work for the moment, which can also be a security issue.

  • mat_barrie
    mat_barrie
    Community Member

    Thanks @MikeT

    I take it even when auto-update is disabled, you still receive update notifications, just that you will need to manually install (or in the case of an enterprise, deploy) the update?

  • Hi @mat_barrie,

    I take it even when auto-update is disabled, you still receive update notifications, just that you will need to manually install (or in the case of an enterprise, deploy) the update?

    Yes, that is correct. With group policy, we may also add a setting to let admin disable the banner as they probably do not want to get all of their users writing in about the available update.

    There may be a workaround to let us prompt for elevation rights upon the update but it all depends on what we can do once we have the new installer built first.

  • kuoirad
    kuoirad
    Community Member

    Something tangential to think about for corporate installs would be making a .msi version available for easy integration into SCCM. I see that it's been asked after before.

  • Hi @kuoirad,

    We used to offer the MSI files before, it caused random problems with automatic updates, admin rights and so on. It was not a good fit for our regular customers but we might reconsider it for enterprises in the future.

  • kuoirad
    kuoirad
    Community Member

    Thanks, @MikeT. It's not a "must have", we can use the .exe currently available. It's just easier with an MSI.

  • Yep, depending on your deployment tools, you should be able to deploy .exe as well but it would be better if there are more command line arguments to use. The new installer will have --help built-in that you can use to customize the process, as it'll list out all of the available options.

  • mat_barrie
    mat_barrie
    Community Member

    Hi team,

    It's been four months since anything on this - has any progress been made on an Enterprise installer? I literally cannot run 1Password within our corporate environment due to AppData being a blacklisted location, and Chrome having an extension whitelist rules 1Password X out too.

  • We've introduced the ability to put some folders in a custom location, @mat_barrie, but app itself still has to live in %LOCALAPPDATA% for the moment. If it's blacklisted completely, I don't think we have anything that will work better for you just yet. The new installer is still quite new, so it has room to grow yet and I'll be sure to reiterate your needs with the team. :+1:

  • mat_barrie
    mat_barrie
    Community Member

    Checking in again - with offerings like 1Password for Teams it's obvious you're targeting business customers, so it's a massive oversight to basically rule yourselves out of business usage by requiring installation to user folders rather than allowing enterprise installations. Has there been any movement on this?

  • Greg
    Greg
    1Password Alumni

    Hi @mat_barrie,

    We are aware of this downside and have plans to support custom installation paths and enterprise installations in the future. However, I do not have any timeframes at this point. For example, we bumped into some unexpected obstacles with our next update, so we are busy with them right now.

    Please stay tuned for our future news and announcements. We are working really hard to make it happen. Thank you!

    ++
    Greg

This discussion has been closed.