Windows - Software Lifecycle - Install 1Password

What the 1Password Installer does

This Automox Worklet™ deploys 1Password across Windows endpoints by downloading the latest 64-bit machine-wide MSI installer and executing it silently without requiring a system restart. The Worklet queries the Windows registry to determine if 1Password is already installed on each endpoint, skipping installation on compliant systems.

The Worklet creates a dedicated cache directory under C:\ProgramData\amagent\WorkletCache for storing installation media and logs. The MSI installation runs with verbose logging enabled, allowing you to review detailed installation logs if needed. Upon successful installation, the Worklet automatically cleans up the temporary installer file to conserve disk space.

Why standardize password management with 1Password

Password managers like 1Password reduce the security risk of weak or reused credentials across your IT environment. When team members use a centralized password vault with end-to-end encryption, you minimize the attack surface from credential theft and account compromise. This is particularly critical for remote work scenarios where endpoint security depends on strong authentication practices.

Standardizing 1Password across endpoints also simplifies administrative overhead. Instead of managing individual password management decisions on each endpoint, you provide a unified solution that integrates with browsers and applications. Team members benefit from convenient credential autofill, reducing friction while maintaining strong password hygiene across the organization.

Automating the deployment means endpoints receive 1Password consistently without requiring user intervention or manual installation steps. This reduces help desk tickets and maintains your security posture at a uniform level as new endpoints join your network.

How 1Password installation works

1. Evaluation phase: The Worklet queries the Windows registry under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to check for an existing 1Password installation. If 1Password is found in either the 64-bit or 32-bit registry view, the endpoint is marked compliant and no remediation occurs.

2. Remediation phase: The Worklet downloads the latest 1Password MSI from https://downloads.1password.com/win/1PasswordSetup-latest.msi to the WorkletCache directory. It then runs msiexec.exe with quiet installation parameters (/qn /norestart) and verbose logging enabled to install 1Password machine-wide. The installer file is automatically deleted after successful installation.

1Password deployment requirements

• Windows 10, Windows 11, Windows Server 2016, or later versions

• 64-bit Windows operating system (Worklet installs 64-bit version)

• Local administrator privileges to execute MSI installation

• Internet connectivity to download the latest installer from 1Password's CDN

• Minimum 500 MB free disk space for installation and temporary files

Expected state after 1Password installation

After successful remediation, 1Password will be installed and available to all users on the Windows endpoint. You can verify installation by checking for the 1Password entry in Control Panel's Programs and Features list, or by searching the Windows registry for the 1Password DisplayName value. The Worklet creates installation logs at C:\ProgramData\amagent\WorkletCache\WSE-665\1Password_install.log that you can review for diagnostic information if needed.

End users will see the 1Password browser extension available in their installed browsers and can access the standalone 1Password application from their Start Menu. The machine-wide installation means all user accounts on the endpoint share the same 1Password instance, simplifying updates and maintenance while providing consistent password management across your organization.

How to validate install 1password changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for install 1password.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Machine-Wide, Write-Output.

4. Validate remediation effects from script operations such as Machine-Wide, New-WorkletCache, Write-Verbose, then rerun evaluation for compliance.