Help

Office 2016: Customize Ribbon & Toolbar — Add Restrict Permissions to Home tab

dan-snelson
Valued Contributor II

Posted on ‎01-31-2017 12:55 PM

Background

We were approached by our internal Microsoft Product Manger to customize the Home tab in the Microsoft Office 2016 versions of Word, Excel and PowerPoint so end-users could more easily find the Restrict Permissions feature, which is buried under the Review tab by default.

35bc0b738ba64971b5fc7866b0d3aa12

After searching in vain for documentation online, we turned to Composer and learned the following files hold the settings:

Files to Modify

~/Library/Containers/com.microsoft.Word/Data/Library/Preferences/Word.officeUI
~/Library/Containers/com.microsoft.Excel/Data/Library/Preferences/Excel.officeUI
~/Library/Containers/com.microsoft.Powerpoint/Data/Library/Preferences/Powerpoint.officeUI

Originally, we just wanted to duplicate the Restrict Permissions option in both the Home tab and the Review tab, but that seemed to prevent the end-user for further editing the Ribbon & Toolbar in Word, but Excel and PowerPoint were unaffected.

Script

In our testing, the Files to Modify listed above did NOT exsist if the end-user hasn't made any changes via: Word | Excel | PowerPoint > Preferences > Ribbon & Toolbar.

In the current version of this script, if the files exsist, we don't modify them and just echo back an error to the JSS.

Please up-vote the following Feature Request: Policy Return Code(s) - On top: handle "included" return codes.

microsoftOffice2016-OfficeUI-Home_tab-RestrictPermissions.sh

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   Configure Microsoft Office 2016 UI: Restrict Permissions
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 30-Jan-2017, Dan K. Snelson
#
####################################################################################################
# Import logging functions
source /path/to/client-side/functions.sh
####################################################################################################



ScriptLog "##################################################################"
ScriptLog "#### Configure Microsoft Office 2016 UI: Restrict Permissions ####"
ScriptLog "##################################################################"
ScriptLog " "



# Variables
loggedInUser=$( /usr/bin/stat -f%Su /dev/console )  # Currently logged-in user



# Define Functions

function restrictPermissionsUserTemplate() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")

    # Create directory path
    ScriptLog "* Create directory path for ${1} ..."
    /bin/mkdir -pv "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences

    # Create app-specific Office UI file
    ScriptLog "* Create ${1}.officeUI for ${USER_TEMPLATE} ..."

    if [ "${1}" == "Word" ] ; then 

    /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReviewWord">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI

    else

    /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReview">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI

    fi

    ScriptLog "* Created ${1}.officeUI for ${USER_TEMPLATE}."
    ScriptLog " "

}



function restrictPermissionsCurrentUsers() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")

    testFile="/Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI"

    if [ ! -f "${testFile}" ] ; then # Office UI not found; create it 

        # Create directory path
        ScriptLog "* Create directory path for ${1} ..."
        /bin/mkdir -pv /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences

        # Create app-specific Office UI file
        ScriptLog "* Create ${1}.officeUI for ${USER_SHORTNAME} ..."

        if [ "${1}" == "Word" ] ; then 

        /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReviewWord">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > ${testFile}

        else

        /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReview">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > ${testFile}

        fi

        ScriptLog "* Created ${1}.officeUI for ${USER_SHORTNAME}."
        ScriptLog "* Correct file permissions ..."
        /usr/sbin/chown -R "${USER_SHORTNAME}" /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/

        ScriptLog " "

    else

        jssLog "* ERROR: ${1}.officeUI exists for ${USER_SHORTNAME}"

    fi

}



# Call Functions

ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure future users ..."
ScriptLog "---"
ScriptLog " "

for USER_TEMPLATE in "/System/Library/User Template"/*

    do

        # Configure Microsoft Word
        ScriptLog "Configure Microsoft Word ..."
        restrictPermissionsUserTemplate "Word"

        # Configure Microsoft Excel
        ScriptLog "Configure Microsoft Excel ..."
        restrictPermissionsUserTemplate "Excel"

        # Configure Microsoft PowerPoint
        ScriptLog "Configure Microsoft PowerPoint ..."
        restrictPermissionsUserTemplate "Powerpoint"

    done

# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions defaults configured for future users."



ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure current users ..."
ScriptLog "---"
ScriptLog " "

for USER_HOME in /Users/*
    do
        USER_SHORTNAME=`basename "${USER_HOME}"`

        if [ ! "${USER_SHORTNAME}" = "Shared" ]; then

            # Configure Microsoft Word
            ScriptLog "* Configuring Microsoft Word for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Word"

            # Configure Microsoft Excel
            ScriptLog "* Configuring Microsoft Excel for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Excel"

            # Configure Microsoft PowerPoint
            ScriptLog "* Configuring Microsoft PowerPoint for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Powerpoint"

            # Reload preferences
            ScriptLog "* Reload preferences for ${USER_SHORTNAME} ..."
            /usr/bin/pkill -l -U "${USER_SHORTNAME}" cfprefsd

        fi

    done


# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions Defaults Configured"


exit 0

Additional Resources

Microsoft Technical Support supplied the following resources:

0 Kudos
1 REPLY 1

dan-snelson
Valued Contributor II

Posted on ‎02-01-2017 10:45 AM

Updated Script

This version uses sed to update {app}.officeUI as long as mso:TabHome does NOT already exist.

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   Configure Microsoft Office 2016 UI: Restrict Permissions
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 30-Jan-2017, Dan K. Snelson
#       Original
#   Version 1.1, 31-Jan-2017, Dan K. Snelson
#       Use sed to update {app}.officeUI if mso:TabHome does NOT already exist
#
####################################################################################################
# Import logging functions
source /path/to/client-side/functions.sh
####################################################################################################



ScriptLog "##################################################################"
ScriptLog "#### Configure Microsoft Office 2016 UI: Restrict Permissions ####"
ScriptLog "##################################################################"
ScriptLog " "



# Variables
loggedInUser=$( /usr/bin/stat -f%Su /dev/console )  # Currently logged-in user



# Define Functions

function restrictPermissionsUserTemplate() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")

    # Create directory path
    ScriptLog "* Create directory path for ${1} ..."
    /bin/mkdir -pv "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences

    # Create app-specific Office UI file
    ScriptLog "* Create ${1}.officeUI for ${USER_TEMPLATE} ..."

    if [ "${1}" == "Word" ] ; then 

    /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReviewWord">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI

    else

    /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReview">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI

    fi

    ScriptLog "* Created ${1}.officeUI for ${USER_TEMPLATE}."
    ScriptLog " "

}



function restrictPermissionsCurrentUsers() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")

    testFile="/Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI"

    if [ ! -f "${testFile}" ] ; then # Office UI not found; create it 

        # Create directory path
        ScriptLog "* Create directory path for ${1} ..."
        /bin/mkdir -pv /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences

        # Create app-specific Office UI file
        ScriptLog "* Create ${1}.officeUI for ${USER_SHORTNAME} ..."

        if [ "${1}" == "Word" ] ; then 

        /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReviewWord">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > ${testFile}

        else

        /bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
    <mso:ribbon>
        <mso:qat/>
        <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReview">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>
</mso:customUI>" > ${testFile}

        fi

        ScriptLog "* Created ${1}.officeUI for ${USER_SHORTNAME}."
        ScriptLog "* Correct file permissions ..."
        /usr/sbin/chown -R "${USER_SHORTNAME}" /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/

        ScriptLog " "

    else

        # File app.officeUI exists, but let's see mso:TabHome can be modified ...

        /bin/cat "${testFile}" | /usr/bin/grep mso:TabHome

        if [ $? -ne 0 ]; then

            ScriptLog " "
            ScriptLog "* ${testFile} exists for ${USER_SHORTNAME}, but mso:TabHome is not present; let's add it to the end ..."
            ScriptLog " "

            if [ "${1}" == "Word" ] ; then

                /usr/bin/sed -i.bak 's/</mso:ribbon>/       <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReviewWord">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>/g' ${testFile}

            else

                /usr/bin/sed -i.bak 's/</mso:ribbon>/       <mso:tabs>
            <mso:tab idQ="mso:TabHome">
                <mso:group idQ="mso:GroupRightsManagement"/>
            </mso:tab>
            <mso:tab idQ="mso:TabReview">
                <mso:group idQ="mso:GroupRightsManagement" visible="false"/>
            </mso:tab>
        </mso:tabs>
    </mso:ribbon>/g' ${testFile}

            fi

            jssLog "* ${1}.officeUI updated with mso:TabHome"

        else

            jssLog "* ERROR: ${1}.officeUI exists AND mso:TabHome has data for ${USER_SHORTNAME}"

            ScriptLog " "

        fi

    fi

}



# Call Functions

ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure future users ..."
ScriptLog "---"
ScriptLog " "

for USER_TEMPLATE in "/System/Library/User Template"/*

    do

        # Configure Microsoft Word
        ScriptLog "Configure Microsoft Word ..."
        restrictPermissionsUserTemplate "Word"

        # Configure Microsoft Excel
        ScriptLog "Configure Microsoft Excel ..."
        restrictPermissionsUserTemplate "Excel"

        # Configure Microsoft PowerPoint
        ScriptLog "Configure Microsoft PowerPoint ..."
        restrictPermissionsUserTemplate "Powerpoint"

    done

# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions defaults configured for future users."



ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure current users ..."
ScriptLog "---"
ScriptLog " "

for USER_HOME in /Users/*
    do
        USER_SHORTNAME=`basename "${USER_HOME}"`

        if [ ! "${USER_SHORTNAME}" = "Shared" ]; then

            # Configure Microsoft Word
            ScriptLog "* Configuring Microsoft Word for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Word"

            # Configure Microsoft Excel
            ScriptLog "* Configuring Microsoft Excel for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Excel"

            # Configure Microsoft PowerPoint
            ScriptLog "* Configuring Microsoft PowerPoint for ${USER_SHORTNAME} ..."
            restrictPermissionsCurrentUsers "Powerpoint"

            # Reload preferences
            ScriptLog "* Reload preferences for ${USER_SHORTNAME} ..."
            /usr/bin/pkill -l -U "${USER_SHORTNAME}" cfprefsd

        fi

    done


# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions Defaults Configured"


exit 0
0 Kudos