Archive
Posts Tagged ‘security’
How to automate removing MS-Office VBA project protection for multiple files
2015/12/01
Leave a comment
- Problem:
- Need VBE extensibility to implement some tools and practices of the modern SDLC.
- Software consists of not only 1000s of Word templates which are anything but DRY, but also highly protected even during what should be the SDLC
- Not solvable by VBA automaton for security reasons:
- VBE password protection (OK, there is Sendkeys, but that is considered harmful).
- digitally signed.
- Developer tab read-only protection: this one is not covered here, since it can be dealt with through regular VBA automation.
- Not solvable by VBA automaton for security reasons:
- Workaround: PowerShell for starters:
- Get Unlock-OfficeMacro.ps1 – including the addition in the comments.
- Wrap the downloaded script like so:
Get-ChildItem -Include *.do?m* -Exclude *_unlocked* -Path "G:\imf\word templates\Quarterly Releases_unprotected_ps" -Recurse |` foreach{ $_.IsReadOnly = $false $output_filename = $_.Directory.ToString() + "\" + $_.BaseName + '_unlocked' + $_.Extension .\Unlock-OfficeMacro.ps1 $_.FullName $output_filename } Exit - NextProblem: The script removes the warning dialogues on opening the altered MS-Word files remain. This still hampers automation.
- Next workaround: this script automates the GUI:
- “OK”’ing the warning dialogue: “The project file ‘C:\Users\tplagwitz\AppData\Roaming\Microsoft\Templates\documaker.dotm’ contains invalid key ‘DPx’.–Continue Loading Project?”
- making minor changes and saving the file (this also bypasses the "discard certificate" warning, if the file was also signed (as is my case).
-
Prerequisites: none, other than putting your word files in a folder the script (which the script will prompt you for, and for an (optional) substring, to filter file names) .
- Limitations:
- I used to have also have, per module in the VBA project, warnings: “Microsoft Visual Basic for Applications Unexpected error (40230) ” and try to bypass these also, but since I cannot replicate the warnings, this remains untested.
- A superior approach (enabling round tripping) would be to attempt to automate entering the password, but the traditional SendKeys approach is unreliable, and newer approaches (using SendMessage from the the Win32 API or bypassing the intended negative effects of password protection, via an in-memory substitution).
- I used to have also have, per module in the VBA project, warnings: “Microsoft Visual Basic for Applications Unexpected error (40230) ” and try to bypass these also, but since I cannot replicate the warnings, this remains untested.
- And here is the AutoIt script:
- “OK”’ing the warning dialogue: “The project file ‘C:\Users\tplagwitz\AppData\Roaming\Microsoft\Templates\documaker.dotm’ contains invalid key ‘DPx’.–Continue Loading Project?”
include <Array.au3>
#include <debug.au3>
#include <File.au3>
#include <log4a.au3>
Opt("WinTitleMatchMode", 2)
Opt("MustDeclareVars", 1)
Dim $file, $runpath, $iPID, $i, $folderpath, $pattern, $files, $filepath, $files, $ret, $oAppl, $oDoc, $sFilter
_log4a_SetEnable()
_log4a_SetOutput($LOG4A_OUTPUT_BOTH)
$pattern = InputBox("File Pattern?", "Enter file pattern, beyond (before) *.do?m (= Files with macros), that files have to match.", "_unlocked")
$folderpath = InputBox("Where?", "Enter folder to find files in...")
$sFilter = "*" & $pattern & "*.do?m|~*,Backup*"
If Not (FileExists($folderpath) And StringInStr(FileGetAttrib($folderpath), "D")) Then
MsgBox(1, "Error", " The path you entered does Not seem To exist Or is Not a folder. Exiting....")
Exit
Else
$files = _FileListToArrayRec($folderpath, $sFilter, $FLTAR_FILES, $FLTAR_RECUR, $FLTAR_SORT, $FLTAR_RELPATH)
For $i = 1 To UBound($files) - 1
$file = $files[$i]
If (StringRight($folderpath, 1) <> "\") Then $folderpath = $folderpath & "\"
$filepath = $folderpath & $file
Local $iPID = Run('"C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE" /q /a /m "' & $filepath & '"', "", @SW_SHOWMAXIMIZED)
$ret = WinActivate("- Word", "")
$ret = WinWaitActive("- Word", "", 5)
If ($ret = 0) Then
_log4a_debug("cannot load: " & $filepath & @TAB & @ScriptLineNumber & @CRLF)
$ret = ProcessClose($iPID)
ContinueLoop
Else
_log4a_debug("processing: " & $filepath & @TAB & @ScriptLineNumber & @CRLF)
EndIf
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
Send("{SHIFTDOWN}{SHIFTUP}")
Sleep(100)
Send("!{f11}")
$ret = WinActivate("Microsoft Visual Basic for Applications", "invalid key")
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
$ret = WinWaitActive("Microsoft Visual Basic for Applications", "invalid key", 5)
If ($ret = 0) Then
_log4a_debug("nothing to do with invalid key, will close word and continue next file: " & @ScriptLineNumber & @CRLF)
$ret = ProcessClose($iPID)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
ContinueLoop
EndIf
If $ret <> 0 Then
$ret = ControlClick($ret, "", "Button1")
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
Else
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
EndIf
Sleep(1000)
$ret = 0
Sleep(5000)
While (0 <> WinActivate("Microsoft Visual Basic for Applications", "Unexpected error (40230)"))
$ret = ControlClick("[CLASS:#32770
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
WEnd
Sleep(3000)
$ret = WinActivate("Microsoft Visual Basic for Applications", "")
$ret = WinWaitActive("Microsoft Visual Basic for Applications", "", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
If ($ret = 0) Then WinActivate("Microsoft Visual Basic for Applications", "")
$ret = WinWaitActive("Microsoft Visual Basic for Applications", "", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
$ret = ControlSend("Microsoft Visual Basic for Applications", "", "VbaWindow1", "'dummy" & @CRLF)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
Sleep(1000)
Send("!q")
Sleep(1000)
Send("!{f4}")
Sleep(1000)
$ret = WinWaitActive("Microsoft Word", "", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
If ($ret = 0) Then $ret = WinActivate("Microsoft Word", "")
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
$ret = WinWaitActive("Microsoft Word", "", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
If ($ret <> 0) Then
Send("!s")
Sleep(1000)
$ret = WinWaitActive("Microsoft Word", "discarded", 5)
If ($ret = 0) Then
_log4a_debug("the certificate dialogue is not up yet", True)
$ret = WinWaitActive("Microsoft Word", "", 5)
If ($ret <> 0) Then
_log4a_debug("failure with !s: " & @ScriptLineNumber & @CRLF)
Send("{Enter}")
EndIf
EndIf
Sleep(1000)
Else
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
EndIf
$ret = WinWaitActive("Microsoft Word", "discarded", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
$ret = WinActivate("Microsoft Word", "discarded")
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
$ret = WinWaitActive("Microsoft Word", "discarded", 5)
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
If ($ret <> 0) Then
$ret = ControlClick("Microsoft Word", "", "Button1")
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
If $ret = 0 Then Send("!d")
Else
If ($ret = 0) Then _log4a_debug("failure on: " & @ScriptLineNumber & @CRLF)
EndIf
Sleep(1000)
Send("{BACKSPACE}")
Sleep(1000)
Send("^s")
Sleep(3000)
ProcessClose($iPID)
Sleep(1000)
Next
Sleep(1000)
EndIf
Categories: audience-is-IT-staff, e-infrastructure, service-is-programming, sourcecode
ms-office, ms-powershell, openxml, protection, security, VBA, vbe
Stop ":Zone.Identifier:$DATA" files from being created…
2014/11/19
1 comment
-
… by running gpedit.msc as admin and setting "user configuration / administrative templates / windows components/ attachment manager / "Do not preserve zone information in file attachments" to "Enabled No. "
-
I observed these files in the drive my virtualbox win 8.shares with the linux host.
-
The answer is out there , of course, just not with all the search terms. A more thorough security discussion is also available.
-
Just seems not applicable to a share what virtualbox makes appear as a network folder to Windows while it really is not, which causes also other misleading security warnings also :
Categories: Glitches&Errors, os
linux, security, virtualbox, windows
Solved: Cannot remote desktop into 2nd Microsoft account on Windows 8
2014/08/22
Leave a comment
- MSTSC’ing from the remote computer simply fails with a non-descriptive error message.
- However, if you get as far as the remote computer login screen, you get a valuable hint: Your 2nd Microsoft account has not been added to the Remote Desktop Users Group (presumably this happens by default when you create your first Microsoft account).
- To fix this, log in as admin on your Windows 8 machine (either locally or remotely with an account which is in the Remote Desktop Users Group), windows key+f, “users”, click on “settings”, and use the direct shortcut to “remote desktop users group” to add the user in question (with the Microsoft account email) to the permitted users group.
- Adding what I believed was the local account equivalent of the 2nd Microsoft account via desktop / windows-ley x/ “computer management” / “users and groups” to the “remote desktop users group” did not work.
Categories: e-infrastructure, os
mstsc, security
Here is how the LRC could use an engraver to deter theft of equipment
2014/02/20
Leave a comment
Categories: audience-is-administration, e-infrastructure, service-is-library
security
Deepfreeze rebooting the lab computers again during use
2014/01/14
Leave a comment
- I have been told that Deepfreeze will reboot lab computers (hourly?) only when they are idle (on login screen).
- However, I have observed the unsolicited reboot also when trying to work with these computers.
- Today, I had both lab computers that I was working on with the Sanako , reboot in the middle of my testing, with the 1 minute warning dialogue.
- Will pressing “cancel” prevent this, especially during high-stakes writing and speaking assessments with the Sanako? What if the users misses it (we sometimes deliberately have the screens blocked/blacked out during parts of classes).
Protected: Security alert about revocation information on LRC machines
2013/09/16
Enter your password to view comments.
Questions? Read the About. Or just ask me a quick
FAQs for LRC student staff or for students or for teachers. To search our FAQs, in the browser addressbar, add after "https://plagwitz.wordpress.com/feed/?tag=faqs+/" "+TAG1" (from tag cloud below) OR "https://plagwitz.wordpress.com/feed/tag=faqs
&category_name=" "CAT1" (from category hierarchy below). OR search both categories and tags, and multiple TAGs/CATs (connect with "," for OR-search, with "+" for AND-search), like so: https://plagwitz.wordpress.com/feed/?tag=TAG1+TAG2+...TAGn&category_name=CAT1
+CAT2+...CATn"
Other ways to find help
If you cannot find it here, look there: 5,500 Language-Learning Links and Programs for learning or teaching 150 languages
Shortcuts:Our Lists, Our Maps, LRC Staff Moodle Site,LRC Project Moodle Site, 49erexpress, UNCC Moodle, Student Recordings: s:claslcslrcsanakostudent
Learning usage samples: Sanako oral exam, Kaltura webcam presentation, Dictation with speech recognition, Sanako written exam, Chinese and Japanese interactive stroke-order practice
Test the Sanako Installer, Webbrowser Popup Konfigurator for XP, or Windows7, faster LRC TeacherPC Log-in Let MS facilitate diacritics writing by installing for you US-International keyboard layout
This is my personal blog (Google+). The views expressed on these pages are mine alone and not those of my employer. The information in this weblog is provided “AS IS” with no warranties, and confers no rights.
Thomas' Work Space 