Bienvenue à Blogs CodeS-SourceS Identification | Inscription | Aide

Julien Chable

He blogs, you blog, I blog ...

Archives

[Open XML] Use Powershell to secure and exchange your Open XML documents

First, let’s create a profile in order to use PowerTools each time you open a PS console. This is a completely optional step, it’s just for your convenience.

Creating a PowerShell profile

  1. To check if your profile is already set or not, use: test-path $PROFILE
  2. If the previous command returns false, then use the command: new-item –path $PROFILE –itemtype file – force
  3. Once your profile file is created, edit it with notepad (or another text editor) : notepad $PROFILE
  4. Add the command you think you need each time you use PowerShell (specific key stroke, snapin, etc), for example in our case : Set-ExecutionPolicy unrestricted; Add-PSSnapin OpenXml.PowerTools;
  5. Save the file

Using PowerTools to lock your documents (read-only)

To lock a WordprocessingML document in read-only mode, use the Lock-OpenXmlDocument cmdlet. This feature is use to prevent people to modify your document (be careful, this command doesn’t add a password protection, just a section lock). Here is an excerpt from the man (Get-Help command with –Detailed argument) :

SUMMARY 
    Locks one or more Wordprocessing documents.
SYNTAX 
    Lock-OpenXmlDocument [[-SuppressBackups]] [[-PassThru]] [-Document <OpenXmlPackage[]>] [[-Path] <String[]>] [-WhatI
    f] [-Confirm] [<CommonParameters>]
DETAILED DESCRIPTION 
    The Lock-OpenXmlDocument cmdlet sets a lock inside one or more Wordprocessing documents to prevent them from being edited.

ARGUMENTS 
    -SuppressBackups
        Use this switch to avoid generating backup files for documents specified by the Path parameter. It has no affect on objects piped into this command. 
    -Document <OpenXmlPackage[]>
        Specifies the item(s) from the pipeline that will be modified by this command.
    -Path <String[]>
        Specifies the path to the item(s) to lock. Wildcards are permitted. If you specify multiple paths, use commas to separate the paths. 
    --------------  Example 1 --------------
    C:\PS>Lock-OpenXmlDocument -Path test1.docx,test2.docx
    Sets a lock on test1.docx and test2.docx that prevents them from being modified.

Like the example, run the following command (assuming MyDoc.docx is an existing document in the current directory) to lock the specified file:

lock-OpenXmlDocument -Path 'MyDoc.docx'

Here’ the result :

image

Sign your  documents
The need to sign a document seems obvious today, however Open XML is one of the first office document file format to be ready for this feature. Signing a document is a proof that the document is emitted by the person who said he’s the author and that the document has not been altered during the transport over the wire.

The cmdlet Add-OpenXmlDigitalSignature  sign a document by taking the paths of the document to sign and the certificate to use:

Add-OpenXmlDigitalSignature -Path MyDoc.docx' -Certificate 'MyCertificate.pfx'

You can’t use a password protected certificate (hope that this ’bug’ will be resolved soon).

If you want to generate a certificate, use the following commands:

makecert –sv MyKey.pvk –n “CN=<your name>” MyCertificate.cer (when ask for password, don’t enter anything and confirm the “no password protection”)

pvk2pfx –pvk MyKey.pvk –spc MyCertificate.cer –pfx MyCertificate.pfx

image

Pipelining the cmdlets

So far we have seen how to lock and digital sign a document independently. Now, what about pipelining both cmdlets to lock and sign the document at the same time :

lock-OpenXmlDocument –Path “MyDoc.docx” | Add-OpenXmlDigitalSignature –Certificate “MyCertificate.pfx”

With this kind of command line you can lock and sign every Open XML documents you want to exchange with third parties outside your company. Some feature are still missing in PowerTools like personal information removal but these missing cmdlets will come soon with the new PowerTools team (Eric this is for you !). Oh yes, I forgot to tell you, I recently join the PowerTools virtual dev team (and this is really a great team with talented people), so stay tune !

Ce post vous a plu ? Ajoutez le dans vos favoris pour ne pas perdre de temps à le retrouver le jour où vous en aurez besoin :
Posted: mardi 15 juillet 2008 16:52 par neodante
Classé sous : ,

Commentaires

Pas de commentaires

Les commentaires anonymes sont désactivés

Les 10 derniers blogs postés

- Merci par Blog de Jérémy Jeanson le 10-01-2019, 20:47

- Office 365: Script PowerShell pour auditer l’usage des Office Groups de votre tenant par Blog Technique de Romelard Fabrice le 04-26-2019, 11:02

- Office 365: Script PowerShell pour auditer l’usage de Microsoft Teams de votre tenant par Blog Technique de Romelard Fabrice le 04-26-2019, 10:39

- Office 365: Script PowerShell pour auditer l’usage de OneDrive for Business de votre tenant par Blog Technique de Romelard Fabrice le 04-25-2019, 15:13

- Office 365: Script PowerShell pour auditer l’usage de SharePoint Online de votre tenant par Blog Technique de Romelard Fabrice le 02-27-2019, 13:39

- Office 365: Script PowerShell pour auditer l’usage d’Exchange Online de votre tenant par Blog Technique de Romelard Fabrice le 02-25-2019, 15:07

- Office 365: Script PowerShell pour auditer le contenu de son Office 365 Stream Portal par Blog Technique de Romelard Fabrice le 02-21-2019, 17:56

- Office 365: Script PowerShell pour auditer le contenu de son Office 365 Video Portal par Blog Technique de Romelard Fabrice le 02-18-2019, 18:56

- Office 365: Script PowerShell pour extraire les Audit Log basés sur des filtres fournis par Blog Technique de Romelard Fabrice le 01-28-2019, 16:13

- SharePoint Online: Script PowerShell pour désactiver l’Option IRM des sites SPO non autorisés par Blog Technique de Romelard Fabrice le 12-14-2018, 13:01