In this step-by-step guide, I will show you how to deploy Bitwarden using SCCM. The Bitwarden password manager desktop application can be installed on Windows 10/11 devices via Configuration Manager.
The Bitwarden password manager makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device.
When it comes to security, the Bitwarden makes use of the advanced AES-256 encryption cipher, which is known for its unbreakable security. It also uses a zero-knowledge architecture, which means that only you will have access to your passwords.
If you are still on LastPass and want to move all your data to Bitwarden, I have published a detailed guide on migrating from LastPass to Bitwarden. Bitwarden also offers enterprise licensing plans for businesses to provide advanced capabilities for larger organizations.
The Bitwarden password manager desktop app can be deployed in your enterprise using Group Policy, Microsoft Intune, ConfigMgr, and other tools. This guide, however, focuses on using ConfigMgr to distribute the Bitwarden desktop application on Windows devices.
Also Read: How to Deploy Citrix Workspace App using SCCM | ConfigMgr
Bitwarden Silent Install and Uninstall Commands
For Windows devices, Bitwarden provides an executable installer (.exe) for installation. When it comes to enterprise deployment, you want the Bitwarden application to install silently on devices with no prompts. That’s possible with the silent installation switches that you can run with the installer.
I will outline the Bitwarden install and uninstall commands, which will be useful when creating the application in SCCM. Here, the terms “silent installation” and “silent uninstallation” refer to the Bitwarden application being set up or removed without a prompt or user input. The below commands apply to Windows devices only.
Bitwarden Silent Install (EXE)
To silently install Bitwarden, use the following install command:
Bitwarden-Installer-a.b.c.exe /allusers /S
Bitwarden Silent Uninstall (EXE)
To silently uninstall Bitwarden, use the following uninstall command:
"%ProgramFiles%\Bitwarden\Uninstall Bitwarden.exe" /S
Bitwarden Switches (EXE)
- /S Runs the installer silently with no graphical interface
- /allusers Runs the installer for all users
Step 1: Download Bitwarden Password Manager
To download the latest version of the Bitwarden application, go to the Bitwarden Password Manager download page. Bitwarden is available for Windows, macOS, and Linux desktops. One of Bitwarden’s advantages is that their installers are hosted on GitHub. On the download page, select Windows, and the browser now downloads the executable installer to your computer.
Note: Bitwarden does not provide an MSI installer for enterprise deployment. Although several users have requested the .msi installer in their forums, I hope it will be considered soon.
Quick Read: WinSCP deployment using SCCM | Configuration Manager
Step 2: Prepare for deployment
To prepare for the deployment, I normally save the Bitwarden installer and the application icon to a folder within the ‘Sources‘ folder on my ConfigMgr server. I have renamed the Bitwarden installer from Bitwarden-Installer-2024.3.0.exe to Bitwarden.exe to make the deployment easier.
Specifying an icon for an application in SCCM is optional, but I strongly recommend it because it appears along with the app in the Software Center. For more details, refer to the guide on customizing software center in SCCM.
Step 3: Create Bitwarden Application in SCCM
Perform the following steps to create a new application for Bitwarden password manager in SCCM:
- Launch the Configuration Manager console.
- Go to Software Library > Overview > Application Management.
- Right-click Applications and select Create Application.
On the General window, select Manually specify the application information and click Next.
On the General Information page, specify the basic information such as Name, Publisher, Software version, etc. for the Bitwarden application. Click Next.
On the Software Center tab, specify an icon for the Bitwarden application that will be visible to users in the Software Center. Click Browse, select an icon and click Next.
On the Deployment Types page, click the Add button to add a new deployment type for the Bitwarden password manager application. At this point, you can read this useful guide on Supported Deployment Types for Applications in SCCM. Click on Next to continue.
On the General window of the Create deployment type wizard, select Manually specify the deployment type information. Click Next.
On the Content window, we specify information about the content to be delivered to target devices, including the installation and uninstall commands for Bitwarden.
- Content Location: Specify the content location, which is the actual folder path where you have placed the Bitwarden installer.
- Installation Program: To silently install the Bitwarden application, click Browse and specify the command: Bitwarden.exe /allusers /S
- Uninstall Program: To uninstall the Bitwarden application using SCCM, use the following command: “%ProgramFiles%\Bitwarden\Uninstall Bitwarden.exe” /allusers /S
Click Next.
Step 4: Detection Method for Bitwarden Application
This is a crucial section where we define a detection method for the Bitwarden password manager. This detection rule checks whether Bitwarden is already installed on the Windows device.
If the detection rule finds the application is already present, the Configuration Manager won’t re-deploy the same application.
When you manually install the Bitwarden application on a Windows device, the information is stored in the registry, which includes the DisplayName, DisplayVersion, Publisher details, and much more.
To locate this information in the registry, navigate to the following registry path on a device that has Bitwarden password manager installed.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\173a9bac-6f0d-50c4-8202-4744c69d091a
Out of all the registry entries, I will use the DisplayVersion registry key for the Bitwarden detection method, which is the most accurate and works well.
To add a new detection method for the Bitwarden application in SCCM, click Add Clause. On the Detection Rule window, create a rule with the following options:
- Setting Type: Registry
- Hive: HKEY_LOCAL_MACHINE
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\173a9bac-6f0d-50c4-8202-4744c69d091a
- Value: DisplayVersion
- Data Type: Version
- Operator: Greater than or equal to
- Value: 2024.3.0
After you specify the above details, click OK and continue with the application creation wizard.
Set the user experience settings for the Bitwarden password manager during installation. I have specified the following settings in the below example:
- Installation behavior: Install for system.
- Logon requirement: Whether or not a user is logged on.
- Installation program visibility: Hidden.
Click Next.
Additionally, you can specify the requirements and dependencies for the application. Click Next and on the Completion window, click Close.
The Deployment Types tab shows the deployment type that we added in SCCM. Click Next.
Review the settings on the Summary tab. On the Completion tab, click Close.
This completes the steps to create the Bitwarden application in SCCM. In the next section, we will distribute the application to DP and deploy Bitwarden using SCCM (ConfigMgr).
Step 5: Deploy Bitwarden using SCCM
In this section, I will cover the steps to deploy Bitwarden using SCCM to a device collection. You can also create a device collection and include a set of devices for testing the application deployment.
To deploy the Bitwarden application in the SCCM console, go to Software Library > Application Management > Application. Right-click the Bitwarden Password Manager app and select Deploy.
On the General page of Deploy Software Wizard, click Browse and select a Windows device collection to which you want to deploy the Bitwarden application. Click Next.
On the Content page, click the Add button and specify the distribution points to which you would like to distribute the Bitwarden application content. You may also select distribution point groups. Click Next to continue.
On the Deployment Settings window, specify the settings to control the deployment. Select the Action as Install and Purpose as Available. Learn the difference between Available and Required deployment in SCCM. Click Next.
With the scheduling option, you can schedule Bitwarden application deployment in SCCM. You can set a date and time to trigger the application deployment. To deploy the application soon after you complete this wizard, click Next.
Configure the user experience settings for the Bitwarden application deployment. Click Next.
Complete the remaining steps of the deployment software wizard and close it. The application content is now distributed to the DP, and the client machines should now have the application listed in the Software Center. This completes the Bitwarden deployment using SCCM.
Step 6: Verify Bitwarden deployment on Windows Computers
In this section, we will verify if the Bitwarden application installs correctly on the Windows computers. Log in to a remote client and launch the Software center. Click on the Applications tab and select the Bitwarden application.
On the Bitwarden application details page, click Install. The application is now downloaded from the local distribution point server for installation. In the screenshot below, we see that Bitwarden Password Manager has been installed successfully on the computer.
You can review the application installation progress by opening the AppEnforce.log located in the C:\Windows\CCM\Logs folder. At this time, I would like you all to go through a list of all the SCCM Log files for troubleshooting issues.
Matched exit code 0 to a Success entry in the exit codes table confirms that the Bitwarden application has been installed successfully. The uninstallation command that we specified during application packaging should work fine.
Note: During my testing, I noticed that uninstalling the Bitwarden application via the Software Center failed. It showed the error removal failed: 0x87D00325(-2016410843). However, when verified, the application is uninstalled, but the Software Center does not update the status. To resolve this issue, click the Retry button, and Software Center will show that the application has been uninstalled.
That completes the Bitwarden deployment using SCCM. If you have any questions, please let me know in the comments section.
