This post describes how to use the new DocRecrypt tool and your company public and private key to unlock password-protected Office 2010 or Office 2013 Word, Excel, or PowerPoint files.
Password protected files with lost or forgotten passwords have plagued IT admins since the password feature was first introduced in Office. Now you can use the DocRecrypt tool to remove or reset the password on password protected documents.
Why password protect a document?
There are many good reasons to password protect a document. For example, when tax day looms and I gather my tax deduction and other data, I password protect my Excel spreadsheet before sending it off to my accountant. I have a lawyer friend who has to make sure documents are for the correct eyes only—or his job could be on the line. So he password protects his Word documents before sending them to his clients. The system works beautifully, until, for example, that document is suddenly crucial to a legal case and my friend and his password have retired to a condo in Arizona.
DocRecrypt to the rescue
One time setup is simple: configure the client computers, install the new DocRecrypt tool on the admin computer, make sure you have admin access to the private/public key pair, and the password protected file in question—and you’re set!
In slightly more detail, you’ll need to create one or multiple EscrowCert registry keys in the client computer registry either manually or through Group Policy. This EscrowCert key provides the link between the public key information that will be added to the file metadata when any new OOXML Word, Excel, or PowerPoint file is created, and the private key information in your org’s certificate store. If a user never password protects
that file, no biggie, the metadata does nothing. If they do password protect the file, that metadata can be used later, by you, with the help of the new DocRecrypt tool, to remove or reset the password.
The user happily goes about their business—documenting patent details, creating a spreadsheet with Q2 budget numbers, writing that important press release—and password protects these files so that the words or data don’t make an appearance too soon.
Then they forget the password. They move to a different department. They leave the company to “pursue other opportunities.” (Yes, it’s not just at your company.) And you must unlock the important work they left
behind. To unlock the document, open the command line DocRecrypt tool, and faster than you can say:
DocRecrypt -p <newpassword> -i <lockedfilename> -o <newfilename>
The file is unlocked or protected with a new (known) password, and it’s business as usual, once again.
But wait, there’s more!
This doesn’t just apply to Word 2013, Excel 2013, and PowerPoint 2013 files. Once the client computers in your organization have been configured (either individually or through Group Policy), any future Word 2013, Excel 2013, or PowerPoint 2013 files (docx, xlsx and pptx ) AND any existing password protected Word 2007, Word 2010, Excel 2007, Excel 2010, PowerPoint 2007 or PowerPoint 2010 files they edit in Office 2013 can be unlocked or the password reset with the new DocRecrypt tool. Once an escrow key is added to a password protected file, it can be unlocked or reset even if it's been edited in Office 2010 or Office 2007.