Hey Everyone,
somewhere between Version 1.30 and 1.33 of the windows client the installer changed to use a per-user installation as a default when performing a silent install. For the love of god i couldn´t find any flag/option to create a machine-wide installation again.
Also i noticed, that the installer always downloads content from the internet. Is there any way to obtain an offline installer?
I’ve just spent three hours looking for this information myself. It’s not easy to figure out. I’m hoping someone at Bitwarden could make an actual help article for admins that lists the installer parameters and the additional info on offline/standalone installation. Here are the steps that I’ve found:
Disclaimer: These steps worked for me in my test environment but your mileage may vary
Parameters:
/S (case sensitive) Runs the installer silently with no graphical interface
/allusers (unsure of case sensitivity) Runs the installer for all users - requires UAC / admin creds
Reference: Windows silent install no longer system-wide · Issue #1454 · bitwarden/desktop · GitHub
Standalone/Offline:
Extract the .nsis file from the .nsis.7z file and then place a copy of the .nsis file in the same location as the installer executable before running the installer. Note that versions must match.
Both the installer executable and the .nsis.7z can be downloaded from here: Releases · bitwarden/clients · GitHub
Reference: Windows installer won’t work in restricted environment · Issue #508 · bitwarden/desktop · GitHub
Hey. That is exactly what i was looking for. Funny enough, that their support doesn´t seem to know about this themselfs.
It should really be turned into an help article.
Thanks for the feedback, the team is looking to include this in the documentation 
Any chance someone is going to do something more than “Look at updating documentation”…seems like something that is said in the forum and then nobody bothers to actually update the documentation
Any information about silent installation, the switches that can be used or indeed how this can be achieved with and “OFFLINE” installer, doesn’t feature in the installation documentation.
This really should be easier and more obvious.
Since this seems to be the only documentation on the subject, here are a few updates for an Intune install I’m setting up to do a silent per-user install of the desktop client (not a system-wide install) on Windows 11 clients.
As mentioned above, the releases are available at github: Releases · bitwarden/clients · GitHub
For a given release, grab the Bitwarden-Installer-YYYY.x.y.exe, and also grab the Bitwarden-YYYY.x.y-x64.nsis.7z (or ia32 or arm64 if you’re not deploying to x64 architecture).
The instructions above mention extracting an nsis file from the 7z archive, but as of 2025-01-31 I’m finding that there is no nsis bundled file anymore. If you extract the 7z file, you get all the contents exploded.
In my testing, it’s enough now to have the .nsis.7z archive in the same directory as the installer exe. Without the .nsis.7z, the installer downloads a copy on the fly, but it will use the pre-downloaded .nsis.7z instead if it’s present.
As for the installer .exe command line switches, there is some scant documentation at the NSIS project: Command Line Usage
/S appears to be a generic NSIS option for a silent install. /D is also available to override the install path. /allusers appears to be an undocumented option specific to the Bitwarden installer exe for doing a system-wide install. The default is to install to the local Windows user’s profile at %LOCALAPPDATA%\Programs\Bitwarden. Program state appears to be stored at %APPDATA%\Bitwarden.
Another discussion I found mentioned that Bitwarden has to be installed system-wide to make use of Windows Hello, although I haven’t verified this yet.
Hope this helps someone else in the future.