S
Stephen Rasey
How do I prevent a user from copying a Excel2007 Workbook.xlsm the user has
rights to open and run?
"CrownJewels.xlsm" is an Excel Workbook with VBA for Oracle read-write code
and lots of VBA user functions. Users in the company need to read data from
the database, process estimates of assets and opportunities, have those
inputs and outputs saved to the Database. CrownJewels is fully protected:
Passwords on the VBA Project, Worksheets, Workbook, some worksheets Hidden,
some VeryHidden. I even have a Workbook_BeforeSave event to capture and
cancel any attempt to Save or SaveAs the workbook to another filename.
(Anything I missed?)
But how do you prevent a user from copying the windows file
“CrownJewels.xlsm†to a USB, taking it home and attempting to crack the
contents and passwords of the workbook?
We cannot put CJ on SharePoint --- Excel Web won’t execute VBA or queries.
Will a Windows NTFS security setting “Read & Execute†on a .xlsm file
prevent a windows Copy operation? I have my doubts.
The most secure thing I can think of is to store “CrownJewels.xlsm†into
some deep dark recess of the server along path:
\\ss1\a\b\c\d\e\CrownJewels.xlsm, apply read & Execute to the to the file and
a large piece of the path. Then NOT publish its location. Instead, I
have a simple workbook KeyMaster.xlsm, fully protected, but in an advertised
server directory. KeyMaster does nothing but open CrownJewels.xlsm via a
fullpathspec defined in a protected VBA sub. That’s acceptable, but it
lacks finesse.
Any other ideas?
BTW, do I have to worry about the Excel Autosave as a security hole? Should
I disable that when CrownJewels opens? I suspect so.
rights to open and run?
"CrownJewels.xlsm" is an Excel Workbook with VBA for Oracle read-write code
and lots of VBA user functions. Users in the company need to read data from
the database, process estimates of assets and opportunities, have those
inputs and outputs saved to the Database. CrownJewels is fully protected:
Passwords on the VBA Project, Worksheets, Workbook, some worksheets Hidden,
some VeryHidden. I even have a Workbook_BeforeSave event to capture and
cancel any attempt to Save or SaveAs the workbook to another filename.
(Anything I missed?)
But how do you prevent a user from copying the windows file
“CrownJewels.xlsm†to a USB, taking it home and attempting to crack the
contents and passwords of the workbook?
We cannot put CJ on SharePoint --- Excel Web won’t execute VBA or queries.
Will a Windows NTFS security setting “Read & Execute†on a .xlsm file
prevent a windows Copy operation? I have my doubts.
The most secure thing I can think of is to store “CrownJewels.xlsm†into
some deep dark recess of the server along path:
\\ss1\a\b\c\d\e\CrownJewels.xlsm, apply read & Execute to the to the file and
a large piece of the path. Then NOT publish its location. Instead, I
have a simple workbook KeyMaster.xlsm, fully protected, but in an advertised
server directory. KeyMaster does nothing but open CrownJewels.xlsm via a
fullpathspec defined in a protected VBA sub. That’s acceptable, but it
lacks finesse.
Any other ideas?
BTW, do I have to worry about the Excel Autosave as a security hole? Should
I disable that when CrownJewels opens? I suspect so.