locked
GLOBALLY CHANGING OFFICE-DOCUMENT PASSWORDS RRS feed

  • Question

  • I posted this at least five years ago and apparently neither Microsoft nor anyone else took off on this:

    There is a significant demand for companies such as law or security-firms to be able to globally change all of their Microsoft Office Document password-encrypted files.  Typically a user will generate a mass of Office Documents over time.  Either due to password-leakage or periodic change, they will add a different password.  Then they may assign passwords to documents for groups, individuals, security levels and inter-organizational, etc.  All of these may change over time.  It would be far too cumbersome and time-consuming to open each file and change the password, plus the file Modified-Date would be unduly altered.

    Ideally, a Microsoft product or API is needed to prompt a user for a list of all possible known passwords, then automatically go through all of the documents and change only the password in the document without changing the Modification-Date file attribute.  A user could specify that if a password="<this>" change="<that>" or change ALL to "<that>" etc.  Finally, auto-detect files that have no passwords and provide the program a generated list of non-encrypted files that first-time passwords can be added to, or encrypted files can receive group or individual changes to.  Anytime a provided password doesn't match or an unreadable/corrupt file encountered, an exception list including author/owners-names is generated and it skips to the next file.

    Right now, we've got documents with no passwords that should have one, many that may have passwords we don't know, many we want to assign to group or security types, and others needing a routine change.

    I would much prefer that a solution to this be provided by Microsoft in either an API or future Office product updates and not outside developers.  Anyone know of an API that comes close to addressing this need, the info. would be much appreciated.  Thanks.

    Dave Erickson



    Saturday, March 10, 2012 8:33 PM

Answers

  • An interesting problem. I am quite sure there is no facility to do this at the moment, and I'm not sure a generic solution could easily be produced.
     
    Encryption, and decryption, services are called upon by applications and only those applications can really make enough sense of the unencrypted data to be able to do anything with them, including re-encryption. This means that any solution would have to involve applications that understood the data. If one is already using an appropriate application, the interfaces provided by that application are available. In other words, a VBA solution (for example) for Word could be written today without the need for any new API.
     
    Microsoft applications work, effectively, with single documents and do not provide any built-in features that work across multiple documents, and, as a personal view of the trend, they seem to be moving more and more in that direction, so it seems highly unlikely that any Microsoft solution will be forthcoming. If you want a generic solution I think it will have to come from a third party. There would be several factors to consider, not least the changing ways in which, Word, again for example, has used encryption in different versions and for different format documents (.doc v. .docx, for example).
     
    All that said, although your needs could undoubtedly be met, and doing so would be interesting, I am not sure that having multiple documents individually encrypted with the same password is the most effective way of securing those documents and it might be better, for example, to use the folder-level encryption services of EFS.
     
    Finally, documents with passwords that you don't know will continue to cause you a problem as long as you have them. If they are old files with 40-bit encryption, they can be cracked (it may not be entirely straightforward but it can certainly be done). If you have newer files, Word 2010 format encrypted documents, say, there isn't much you can do.
     

    Enjoy,
    Tony
    www.WordArticles.com
    • Marked as answer by Bruce Song Monday, April 2, 2012 6:03 AM
    Saturday, March 24, 2012 10:19 AM

All replies

  • Hi MultiplexUSA,

    Thank you for posting. 
    I will help you involve others to help you. There might be some delay about the response.

    Besides, I will help you submit the request of the API to our internal channel, our engineers will evaluate it carefully and then decide whether to add this feature. If there is any update about it, I will notify you.  Appreciate your patience.

    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us

    • Edited by Bruce Song Wednesday, March 14, 2012 1:50 AM
    Monday, March 12, 2012 6:42 AM
  • An interesting problem. I am quite sure there is no facility to do this at the moment, and I'm not sure a generic solution could easily be produced.
     
    Encryption, and decryption, services are called upon by applications and only those applications can really make enough sense of the unencrypted data to be able to do anything with them, including re-encryption. This means that any solution would have to involve applications that understood the data. If one is already using an appropriate application, the interfaces provided by that application are available. In other words, a VBA solution (for example) for Word could be written today without the need for any new API.
     
    Microsoft applications work, effectively, with single documents and do not provide any built-in features that work across multiple documents, and, as a personal view of the trend, they seem to be moving more and more in that direction, so it seems highly unlikely that any Microsoft solution will be forthcoming. If you want a generic solution I think it will have to come from a third party. There would be several factors to consider, not least the changing ways in which, Word, again for example, has used encryption in different versions and for different format documents (.doc v. .docx, for example).
     
    All that said, although your needs could undoubtedly be met, and doing so would be interesting, I am not sure that having multiple documents individually encrypted with the same password is the most effective way of securing those documents and it might be better, for example, to use the folder-level encryption services of EFS.
     
    Finally, documents with passwords that you don't know will continue to cause you a problem as long as you have them. If they are old files with 40-bit encryption, they can be cracked (it may not be entirely straightforward but it can certainly be done). If you have newer files, Word 2010 format encrypted documents, say, there isn't much you can do.
     

    Enjoy,
    Tony
    www.WordArticles.com
    • Marked as answer by Bruce Song Monday, April 2, 2012 6:03 AM
    Saturday, March 24, 2012 10:19 AM