Blog Post

Microsoft SharePoint Blog
2 MIN READ

SharePoint / Script to locate documents encrypted with passwords

mikeleemsft's avatar
mikeleemsft
Icon for Microsoft rankMicrosoft
Jul 09, 2020

Summary

A customer asked if there was a method to identity documents stored in SharePoint online that were encrypted with passwords. Since nothing like this existed, it was created using PowerShell. I’m sharing this because the logic in the script may be useful for others.

 

The Code

#Title: find-docpasswords
#Description: Iterates through each item in a specified list to find documents stored with passwords.
#Date: 7/8/2020
#Author: Mike Lee
#Disclaimer: This PowerShell script is provided "as-is" with no warranties expressed or implied. Use it at your own risk.
#Dependencies: SharePoint Online Client Components SDK: https://www.microsoft.com/en-us/download/details.aspx?id=42038
#Tested with SharePoint Online Client Components SDK version 16.0.6906.1200
#Parameters: $SiteURL, $ListName, $username


#Add references to SharePoint client assemblies
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
[System.Reflection.Assembly]::LoadWithPartialName("WindowsBase")


#Your SPO Tenant
$SiteURL = "https://tenant.sharepoint.com"

#The name of your document library
$Listname = "Documents"

#The admin account that has access to the library
$username = "admin@tenant.onmicrosoft.com"
$password = Read-Host "Enter Password" -AsSecureString

#Building Context
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $password)
$List = $ctx.Web.Lists.GetByTitle($ListName)


#CAML Query to recursively look at all items in the library with a 5000 item row limit.
$camlQuery = New-Object Microsoft.SharePoint.Client.CamlQuery
$camlQuery.ViewXml = @"
<View Scope="RecursiveAll">
<Query>
<OrderBy><FieldRef Name='ID' Ascending='TRUE'/></OrderBy>
</Query>
<RowLimit Paged="TRUE">5000</RowLimit>
</View>
"@

$items = $list.GetItems($camlQuery)
$ctx.Load($items)
$ctx.ExecuteQuery()

#function to read documents

function find-docpasswords($ctx, $FileUrl)
{
#Collect Documents Data
$FileURL = $Item.FieldValues['FileRef']

#Read the files from SharePoint online document library.
$fileInfo = [Microsoft.SharePoint.Client.File]::OpenBinaryDirect($ctx,$FileURL)
$stream = New-Object System.IO.MemoryStream
$fileInfo.Stream.CopyTo($stream)

#Read the first row of bytes as text
$Start = [System.Text.Encoding]::Default.GetString($stream.ToArray()[0000..2000])

# Record files that are password protected
if($Start -match "E.n.c.r.y.p.t.e.d.P.a.c.k.a.g.e")
{
Write-Host "$SiteURL$FileURL -- Is Password Protected" -ForegroundColor Yellow
}
else
{
Write-Host "$SiteURL$FileURL -- Not Password Protected" -ForegroundColor Green
}

$stream.Close()
$fileinfo.Dispose()
$ctx.Dispose()
}


#Run the function to loop through all items in the library and find documents stored with passwords

foreach($item in $items)
{
$fileUrl = $item.FieldValues["fileref"]
find-docpasswords $ctx $fileurl
}

 

Takeaways

This scripts loops though a specified document library and reads the first 200 binary bytes as text. If the encrypted string is found, the document URL is reported in the console output.

 

Here is an example of the output:

 

 

You will need a few things to make this works.

 

  1. Installed the SharePoint Online Client Components SDK
  1. Specify the “$SiteURL, $Listname, and $username in the script.

 

Updated Sep 01, 2020
Version 3.0
  • Paul de Jong's avatar
    Paul de Jong
    Iron Contributor

    Hi Mike,
    Clear.
    That explains. It is indeed a good starting point for most companies. Thanks for sharing.
    Paul

  • Paul de Jong's avatar
    Paul de Jong
    Iron Contributor

    Hi Mike,

    Thanks for sharing! Not many organisations recognize the need to identify encrypted documents in SharePoint eventhough there are several reasons (e.g. compliance, searchable content, password management, ...).

    There are 3rd party solutions with this capability. See e.g. https://www.slimapplications.com/wp-content/uploads/2020/07/Encrypted-Documents.jpg

    This tool will list encrypted files based on the extension ("hc,pgp,bexpk,sda,p7a,p7z,p7m,p7s,pfx") or whether the file contains an encryption marker (e.g. docx, xlsx, pptx, vsdx, zip, pdf, ..). The tool only retrieves part of the file to avoid downloading the full document.

    Paul

  • Paul de Jong's avatar
    Paul de Jong
    Iron Contributor

    Hi, 
    Just tested your PowerShell script against my set with test files. You may want to consider adding certain extensions like pgp, hc, etc .. as encrypted. I also noted that it does not detect encrypted PDF files or encrypted zip files. You should be able to extend the match statement to also detect the patterns used by encrypted PDF and encrypted zip files.

    cheers,
    Paul

  • Hello Paul,

     

    I should have mentioned that this will only work with Office documents that use the OpenXML format (Office 2007 and later). The file is being parsed as text, so you can open your files in NOTEPAD, to find a common encrypted string, then create several If statements to cover all the files you want to find.

     

    This is was meant to be a starting point. Please feel free to reuse this and expand it to meet your needs.

     

    Thanks,

    Mike