Step-by-Step Guide to Deploy Bitwarden using SCCM

Learn how to deploy the Bitwarden Password Manager desktop application on Windows devices via Configuration Manager in your enterprise.

Prajwal Desai
Posted by Prajwal Desai
Deploy Bitwarden using SCCM

In this step-by-step guide, I will show you how to deploy Bitwarden using SCCM. The Bitwarden password manager desktop application can be installed on Windows 10/11 devices via Configuration Manager.

The Bitwarden password manager makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device.

When it comes to security, the Bitwarden makes use of the advanced AES-256 encryption cipher, which is known for its unbreakable security. It also uses a zero-knowledge architecture, which means that only you will have access to your passwords.

If you are still on LastPass and want to move all your data to Bitwarden, I have published a detailed guide on migrating from LastPass to Bitwarden. Bitwarden also offers enterprise licensing plans for businesses to provide advanced capabilities for larger organizations.

Ad imageAd image

The Bitwarden password manager desktop app can be deployed in your enterprise using Group Policy, Microsoft Intune, ConfigMgr, and other tools. This guide, however, focuses on using ConfigMgr to distribute the Bitwarden desktop application on Windows devices.

Also Read: How to Deploy Citrix Workspace App using SCCM | ConfigMgr

Bitwarden Silent Install and Uninstall Commands

For Windows devices, Bitwarden provides an executable installer (.exe) for installation. When it comes to enterprise deployment, you want the Bitwarden application to install silently on devices with no prompts. That’s possible with the silent installation switches that you can run with the installer.

I will outline the Bitwarden install and uninstall commands, which will be useful when creating the application in SCCM. Here, the terms “silent installation” and “silent uninstallation” refer to the Bitwarden application being set up or removed without a prompt or user input. The below commands apply to Windows devices only.

Bitwarden Silent Install (EXE)

To silently install Bitwarden, use the following install command:

Bitwarden-Installer-a.b.c.exe /allusers /S

Bitwarden Silent Uninstall (EXE)

To silently uninstall Bitwarden, use the following uninstall command:

"%ProgramFiles%\Bitwarden\Uninstall Bitwarden.exe" /S

Bitwarden Switches (EXE)

  • /S Runs the installer silently with no graphical interface
  • /allusers Runs the installer for all users

Step 1: Download Bitwarden Password Manager

To download the latest version of the Bitwarden application, go to the Bitwarden Password Manager download page. Bitwarden is available for Windows, macOS, and Linux desktops. One of Bitwarden’s advantages is that their installers are hosted on GitHub. On the download page, select Windows, and the browser now downloads the executable installer to your computer.

Note: Bitwarden does not provide an MSI installer for enterprise deployment. Although several users have requested the .msi installer in their forums, I hope it will be considered soon.

Quick Read: WinSCP deployment using SCCM | Configuration Manager

Step 2: Prepare for deployment

To prepare for the deployment, I normally save the Bitwarden installer and the application icon to a folder within the ‘Sources‘ folder on my ConfigMgr server. I have renamed the Bitwarden installer from Bitwarden-Installer-2024.3.0.exe to Bitwarden.exe to make the deployment easier.

Specifying an icon for an application in SCCM is optional, but I strongly recommend it because it appears along with the app in the Software Center. For more details, refer to the guide on customizing software center in SCCM.

Download Bitwarden Password Manager
Download Bitwarden Password Manager

Step 3: Create Bitwarden Application in SCCM

Perform the following steps to create a new application for Bitwarden password manager in SCCM:

  • Launch the Configuration Manager console.
  • Go to Software Library > Overview > Application Management.
  • Right-click Applications and select Create Application.
Create Bitwarden Application in SCCM
Create Bitwarden Application in SCCM

On the General window, select Manually specify the application information and click Next.

Create Bitwarden Application in SCCM
Create Bitwarden Application in SCCM

On the General Information page, specify the basic information such as Name, Publisher, Software version, etc. for the Bitwarden application. Click Next.

Create Bitwarden Application in SCCM
Create Bitwarden Application in SCCM

On the Software Center tab, specify an icon for the Bitwarden application that will be visible to users in the Software Center. Click Browse, select an icon and click Next.

Specify Icon for Bitwarden Password Manager
Specify Icon for Bitwarden Password Manager

On the Deployment Types page, click the Add button to add a new deployment type for the Bitwarden password manager application. At this point, you can read this useful guide on Supported Deployment Types for Applications in SCCM. Click on Next to continue.

On the General window of the Create deployment type wizard, select Manually specify the deployment type information. Click Next.

Select Manually specify the deployment type information
Select Manually specify the deployment type information

On the Content window, we specify information about the content to be delivered to target devices, including the installation and uninstall commands for Bitwarden.

  1. Content Location: Specify the content location, which is the actual folder path where you have placed the Bitwarden installer.
  2. Installation Program: To silently install the Bitwarden application, click Browse and specify the command: Bitwarden.exe /allusers /S
  3. Uninstall Program: To uninstall the Bitwarden application using SCCM, use the following command: “%ProgramFiles%\Bitwarden\Uninstall Bitwarden.exe” /allusers /S

Click Next.

Specify Content Location, Install Command and Uninstall Command for Bitwarden deployment
Specify Content Location, Install Command and Uninstall Command for Bitwarden deployment

Step 4: Detection Method for Bitwarden Application

This is a crucial section where we define a detection method for the Bitwarden password manager. This detection rule checks whether Bitwarden is already installed on the Windows device.

If the detection rule finds the application is already present, the Configuration Manager won’t re-deploy the same application.

When you manually install the Bitwarden application on a Windows device, the information is stored in the registry, which includes the DisplayName, DisplayVersion, Publisher details, and much more.

To locate this information in the registry, navigate to the following registry path on a device that has Bitwarden password manager installed.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\173a9bac-6f0d-50c4-8202-4744c69d091a

Out of all the registry entries, I will use the DisplayVersion registry key for the Bitwarden detection method, which is the most accurate and works well.

Detection Method for Bitwarden Application
Detection Method for Bitwarden Application

To add a new detection method for the Bitwarden application in SCCM, click Add Clause. On the Detection Rule window, create a rule with the following options:

  • Setting Type: Registry
  • Hive: HKEY_LOCAL_MACHINE
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\173a9bac-6f0d-50c4-8202-4744c69d091a
  • Value: DisplayVersion
  • Data Type: Version
  • Operator: Greater than or equal to
  • Value: 2024.3.0

After you specify the above details, click OK and continue with the application creation wizard.

Detection Method for Bitwarden Application
Detection Method for Bitwarden Application

Set the user experience settings for the Bitwarden password manager during installation. I have specified the following settings in the below example:

  • Installation behavior: Install for system.
  • Logon requirement: Whether or not a user is logged on.
  • Installation program visibility: Hidden.

Click Next.

Configure User Experience Settings
Configure User Experience Settings

Additionally, you can specify the requirements and dependencies for the application. Click Next and on the Completion window, click Close.

Create Bitwarden Application in SCCM
Create Bitwarden Application in SCCM

The Deployment Types tab shows the deployment type that we added in SCCM. Click Next.

Create Bitwarden Password Manager Application in SCCM
Create Bitwarden Password Manager Application in SCCM

Review the settings on the Summary tab. On the Completion tab, click Close.

This completes the steps to create the Bitwarden application in SCCM. In the next section, we will distribute the application to DP and deploy Bitwarden using SCCM (ConfigMgr).

Create Bitwarden Password Manager Application in SCCM
Create Bitwarden Password Manager Application in SCCM

Step 5: Deploy Bitwarden using SCCM

In this section, I will cover the steps to deploy Bitwarden using SCCM to a device collection. You can also create a device collection and include a set of devices for testing the application deployment.

To deploy the Bitwarden application in the SCCM console, go to Software Library > Application Management > Application. Right-click the Bitwarden Password Manager app and select Deploy.

Deploy Bitwarden using SCCM
Deploy Bitwarden using SCCM

On the General page of Deploy Software Wizard, click Browse and select a Windows device collection to which you want to deploy the Bitwarden application. Click Next.

Deploy Bitwarden using SCCM
Deploy Bitwarden using SCCM

On the Content page, click the Add button and specify the distribution points to which you would like to distribute the Bitwarden application content. You may also select distribution point groups. Click Next to continue.

Deploy Bitwarden using SCCM
Deploy Bitwarden using SCCM

On the Deployment Settings window, specify the settings to control the deployment. Select the Action as Install and Purpose as Available. Learn the difference between Available and Required deployment in SCCM. Click Next.

Configure Deployment Settings
Configure Deployment Settings

With the scheduling option, you can schedule Bitwarden application deployment in SCCM. You can set a date and time to trigger the application deployment. To deploy the application soon after you complete this wizard, click Next.

Schedule Bitwarden Application Deployment in SCCM
Schedule Bitwarden Application Deployment in SCCM

Configure the user experience settings for the Bitwarden application deployment. Click Next.

Configure User Experience Settings
Configure User Experience Settings

Complete the remaining steps of the deployment software wizard and close it. The application content is now distributed to the DP, and the client machines should now have the application listed in the Software Center. This completes the Bitwarden deployment using SCCM.

Bitwarden Deployment using SCCM
Bitwarden Deployment using SCCM

Step 6: Verify Bitwarden deployment on Windows Computers

In this section, we will verify if the Bitwarden application installs correctly on the Windows computers. Log in to a remote client and launch the Software center. Click on the Applications tab and select the Bitwarden application.

On the Bitwarden application details page, click Install. The application is now downloaded from the local distribution point server for installation. In the screenshot below, we see that Bitwarden Password Manager has been installed successfully on the computer.

Verify Bitwarden deployment on Windows Computers
Verify Bitwarden deployment on Windows Computers

You can review the application installation progress by opening the AppEnforce.log located in the C:\Windows\CCM\Logs folder. At this time, I would like you all to go through a list of all the SCCM Log files for troubleshooting issues.

Matched exit code 0 to a Success entry in the exit codes table confirms that the Bitwarden application has been installed successfully. The uninstallation command that we specified during application packaging should work fine.

Note: During my testing, I noticed that uninstalling the Bitwarden application via the Software Center failed. It showed the error removal failed: 0x87D00325(-2016410843). However, when verified, the application is uninstalled, but the Software Center does not update the status. To resolve this issue, click the Retry button, and Software Center will show that the application has been uninstalled.

That completes the Bitwarden deployment using SCCM. If you have any questions, please let me know in the comments section.

Verify Bitwarden deployment on Windows Computers
Verify Bitwarden deployment on Windows Computers

Read Next

Share This Article
Prajwal Desai
Posted by Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
Leave a comment