Need to Secure files within a Directory - Windows

I have a request to secure Excel spreadsheets contained with a directory on a Windows system with a managed password.  Scenario:  user checks out password from TPAM, opens Excel doc, password changes in TPAM and is sync'd with the Excel document(s).  Is this doable?  is there another way to potentially secure access to the directory with the password?

  • My thoughts on this one wold be to use a customer platform using a jump host.

    I would install Powershell server or similar installed on a Windows system somewhere and use this a the jump server for the custom platform.

    You can then launch a PS script via SSH from TPAM and pass all the TPAM password variables across to include in your script. You call the PS script from TPAM as you would call a bash script on a Unix host and then return pass/fail to TPAM the same way

    That is the easy bit...

    You then need a script to be able to actually change the excel password. Quick google seems to suggest that there are ways to remove a password and set one from a script but this something I have never tried. So if you can crack this bit then the a custom platform will allow you to manage the password for the spread sheet.

    I cannot guarantee the following as a long time since I did this but this was a script developed by a customer and I that should give you an idea of how to pass variables from TPAM to the PS script.

    You should recognise the variables from the TPAM custom platform documentation.

    Good luck

    Tim

    Param(
      [string]$a
    )

    switch ($a)
        {
            "CheckSystem" {
           
                $netaddr = Read-Host -Prompt '%netaddr%'
                $funcacct = Read-Host -Prompt '%funcacct%'
                $funcacctpwd = Read-Host -Prompt '%funcacctpwd%'
                $port = Read-Host -Prompt '%port%'
                $timeout = Read-Host -Prompt '%timeout%'
                $funcacctdesc = Read-Host -Prompt '%funcacctdesc%'
                $platspecificvalue = Read-Host -Prompt '%platspecificvalue%'
                $domainname = Read-Host -Prompt '%domainname%'
                $netbiosname = Read-Host -Prompt '%netbiosname%'
                $enablepwd = Read-Host -Prompt '%enablepwd%'


                $fileoutput = "Network Address: " + $netaddr + "`r`n"
                $fileoutput += "Functional Account: " + $funcacct + "`r`n"
                $fileoutput += "Functional Account Password: " + $funcacctpwd + "`r`n"
                $fileoutput += "Port: " + $port + "`r`n"
                $fileoutput += "Timeout: " + $timeout + "`r`n"
                $fileoutput += "Functional Account Description: " + $funcacctdesc + "`r`n"
                $fileoutput += "Platform Specifc Value: " + $platspecificvalue + "`r`n"
                $fileoutput += "Domain Name: " + $domainname + "`r`n"
                $fileoutput += "Netbios Name: " + $netbiosname + "`r`n"
                $fileoutput += "Enable Password: " + $enablepwd + "`r`n"


                $fileoutput | Out-File -FilePath .\outputs\CheckSystem_Output.txt

                write-host '%check success%'  

                # %host unreachable%
                # %account does not exist%
                # %check failure%
                # %check success%
            }
           
            "CheckPassword" {
       
                $netaddr = Read-Host -Prompt '%netaddr%'
                $funcacct = Read-Host -Prompt '%funcacct%'
                $funcacctpwd = Read-Host -Prompt '%funcacctpwd%'
                $port = Read-Host -Prompt '%port%'
                $timeout = Read-Host -Prompt '%timeout%'
                $funcacctdesc = Read-Host -Prompt '%funcacctdesc%'
                $platspecificvalue = Read-Host -Prompt '%platspecificvalue%'
                $acctname = Read-Host -Prompt '%acctname%'
                $acctdesc = Read-Host -Prompt '%acctdesc%'
                $acctpwd = Read-Host -Prompt '%acctpwd%'
                $domainname = Read-Host -Prompt '%domainname%'
                $netbiosname = Read-Host -Prompt '%netbiosname%'
                $enablepwd = Read-Host -Prompt '%enablepwd%'

                $fileoutput = "Network Address: " + $netaddr + "`r`n"
                $fileoutput += "Functional Account: " + $funcacct + "`r`n"
                $fileoutput += "Functional Account Password: " + $funcacctpwd + "`r`n"
                $fileoutput += "Port: " + $port + "`r`n"
                $fileoutput += "Timeout: " + $timeout + "`r`n"
                $fileoutput += "Functional Account Description: " + $funcacctdesc + "`r`n"
                $fileoutput += "Platform Specifc Value: " + $platspecificvalue + "`r`n"
                $fileoutput += "Account Name: " + $acctname + "`r`n"
                $fileoutput += "Account Name Description: " + $acctdesc + "`r`n"
                $fileoutput += "Account Password: " + $acctpwd + "`r`n"
                $fileoutput += "Domain Name: " + $domainname + "`r`n"
                $fileoutput += "Netbios Name: " + $netbiosname + "`r`n"
                $fileoutput += "Enable Password: " + $enablepwd + "`r`n"


                $fileoutput | Out-File -FilePath .\outputs\CheckPasssword_Output.txt

                write-host '%check success%'

                # %host unreachable%
                # %account does not exist%
                # %check failure%
                # %check success%
       
            }
       
            "ChangePassword" {
           
                $netaddr = Read-Host -Prompt '%netaddr%'
                $funcacct = Read-Host -Prompt '%funcacct%'
                $funcacctpwd = Read-Host -Prompt '%funcacctpwd%'
                $port = Read-Host -Prompt '%port%'
                $timeout = Read-Host -Prompt '%timeout%'
                $platspecificvalue = Read-Host -Prompt '%platspecificvalue%'
                $funcacctdesc = Read-Host -Prompt '%funcacctdesc%'
                $acctdesc = Read-Host -Prompt '%acctdesc%'
                $domainname = Read-Host -Prompt '%domainname%'
                $netbiosname = Read-Host -Prompt '%netbiosname%'
                $enablepwd = Read-Host -Prompt '%enablepwd%'
                $acctname = Read-Host -Prompt '%acctname%'
                $oldacctpwd = Read-Host -Prompt '%oldacctpwd%'
                $newacctpwd = Read-Host -Prompt '%newacctpwd%'
               
                $fileoutput = "Network Address: " + $netaddr + "`r`n"
                $fileoutput += "Functional Account: " + $funcacct + "`r`n"
                $fileoutput += "Functional Account Password: " + $funcacctpwd + "`r`n"
                $fileoutput += "Port: " + $port + "`r`n"
                $fileoutput += "Timeout: " + $timeout + "`r`n"
                $fileoutput += "Functional Account Description: " + $funcacctdesc + "`r`n"
                $fileoutput += "Platform Specifc Value: " + $platspecificvalue + "`r`n"
                $fileoutput += "Account Name: " + $acctname + "`r`n"
                $fileoutput += "Account Name Description: " + $acctdesc + "`r`n"
                $fileoutput += "Domain Name: " + $domainname + "`r`n"
                $fileoutput += "Netbios Name: " + $netbiosname + "`r`n"
                $fileoutput += "Enable Password: " + $enablepwd + "`r`n"
                $fileoutput += "Old Account Password: " + $oldacctpwd + "`r`n"
                $fileoutput += "New Account Password: " + $newacctpwd + "`r`n"

               
                $fileoutput | Out-File -FilePath .\outputs\ChangePasssword_Output.txt

                write-host '%change success%'

                # %host unreachable%
                # %account does not exist%
                # %change failure%
                # %change success%

            }
             
            default {
       
                write-host '%check failure%'
                write-host '%change failure%'
       
            }

    }