Restricting Excel sheet to open only within organization network

Question

I want to restrict Excel sheet to open only within my organization's network. If my system is connected with company's internet, only then it should get open. If the system is not connected to internet or connected with outside network, it should not get open.

I am using Macro for this. I have used the below code so far, found this on another answer on Stack Overflow. This code is giving same value for a system in different connected network. This will work only if the system is different. but not for different networks.

Option Explicit

Enum COMPUTER_NAME_FORMAT
    ComputerNameNetBIOS
    ComputerNameDnsHostname
    ComputerNameDnsDomain
     ComputerNameDnsFullyQualified
    ComputerNamePhysicalNetBIOS
    ComputerNamePhysicalDnsHostname
    ComputerNamePhysicalDnsDomain
    ComputerNamePhysicalDnsFullyQualified
End Enum

Declare Function GetComputerNameEx Lib "kernel32" Alias "GetComputerNameExA" 
( _
    ByVal NameType As COMPUTER_NAME_FORMAT, _
    ByVal lpBuffer As String, _
    ByRef lpnSize As Long) As Long

Sub test()
    Dim buffer As String
    Dim size As Long
    size = 255
    buffer = Space(size)
    GetComputerNameEx ComputerNameDnsFullyQualified, buffer, size
    Debug.Print Left$(buffer, size)
End Sub

Just for clarification: Are you talking about one sheet of many sheets in a workbook or are you talking about a whole workbook? And what is the reason to do that? If it is for security reason then it is almost impossible to get that secure. — Pᴇʜ, Mar 16 '18 at 12:41
How will the code you added "force the user to enable the macros before opening the excel sheet" (like you said in [your comment](https://stackoverflow.com/questions/49320951/restricting-excel-sheet-to-open-only-within-organization-network/49322031?noredirect=1#comment85722678_49322031)?) This just returns the computer name, and even if it did force a change, any automatically executing code can be bypassed. I added [one example](https://image.ibb.co/njWWqH/so_bypass_Open_Event.gif) to my [answer](https://stackoverflow.com/a/49322031/8112776) below. — ashleedawg, Mar 19 '18 at 11:32
**I think this question should be re-opened** specifically *because* the OP's request is not realistic possibility. Too often, inexperienced developers think that Office documents are more secure than they are, or that password protection will protect them "no matter what" or that they can defeat built-in security with their own code. **This is an important lesson for new developers.** Office documents are not vaults. There's no way to guarantee security of an Office document (outside of not sharing it with anyone). — ashleedawg, Mar 19 '18 at 12:23

ashleedawg · Accepted Answer · 2018-03-19T12:20:38.280

3

_{I'll respond even though there was no actual question in your post, and it will probably get closed unless you edit it to add information about a specific programming-related issue, along with examples, detail of what you've tried, and an actual question. (See this and this and this.)}

The short answer is:

IT'S NOT POSSIBLE.

Anyone who really wants to access your workbook (or any other Office document) can do a quick Google Search to bypass any security "features" you add.

AUTO_OPEN macros and On Open events can be easily bypassed by holding Shift while opening, or distrusting macros in their Trust Centre. (Here is the first result of a Google search on the topic.)

Passwords can be cracked within minutes using freeware utilities or manually with only a few steps. (See my answer here.)

If the people you are concerned about are not computer-savvy, I suppose you could have the workbook silently notify you of where it's being opened (for example, the IP address or computer name)) but, once again, these could be faked or bypassed altogether.

Assuming the issue is concerns over employees using the workbook (or the data it contains) for "unapproved purposes", the ideal solution would be to either start trusting your staff, or if that's not possible, you need to fire them and find people you do trust.

Edit: Bypassing Workbook_Open

Here's an example of a workbook with a Workbook_Open event, first opened normally, then bypassed by opening the workbook a slightly different way:

example screenshot: protected view

Edit: Prevent Any Code From Running

As a developer, I often keep my macro security settings reduced or off. However, a default installation has security turned on, and even if it was disabled, it's not hard to re-enable security in:

File ➡Options ➡Trust Centre

You can't force code to run or bypass security programmatically.

Anything you think you can do or find or do to force code to execute without the user's consent will not work, and at the very least will have a workaround.

Why?

Compare it to Virus Scanner software.

Imagine what would happen if code was able to disable your Virus Scanner? That would make all Virus Scanners absolutely useless, forever. If it were possible, virus creators would be doing it routinely.

The same goes for VBA Macro security options: If it could be bypassed programmatically, the "options" wouldn't have any point and wouldn't even be included. It's not a matter of convenience; it's a matter of security.

edited Mar 19 '18 at 12:20

answered Mar 16 '18 at 13:32

ashleedawg

17,207
5
53
80

I totally agree with all of your points. But I got this as a task, so I have to complete it. – Psl05 Mar 17 '18 at 16:39
I'm saying you can try all you want, and tell your (boss/teacher) that you it's secure, but the fact is, ***nothing* is going to guarantee that nobody can open the file from outside the network**. You can make it a little bit trickier for them, I guess (depending on the person's skill level.) – ashleedawg Mar 17 '18 at 16:43
That's where I am stuck, So far I have tried Environment Variables, Wscript.network. But I am unable to find the currently connected network name. – Psl05 Mar 17 '18 at 16:48
...if this is *actually* about securing **sensitive** information for your employer, then I'd suggest you be honest now about the limitations, or else you risk being held accountable later if/when the security *is* breached. The only real way to prevent critical information in an Excel sheet from leaving the building, is not to put it in the hands of people who will take it off-site. – ashleedawg Mar 17 '18 at 16:49
Um, maybe you should try **Googling *`How to get network name with VBA`*** and look at **the very first search result**. Another thing that will change when off-site is the IP Address. You can learn how to get that by Googling `VBA IP Address`". – ashleedawg Mar 17 '18 at 16:52
Yes, I told them about the limitations. And Network name as in Wifi or Lan, whatever the system is connected to. Or anything else by which I can distinguish office network and outside network. – Psl05 Mar 17 '18 at 16:55
How are you going to make sure the code runs automatically? – ashleedawg Mar 17 '18 at 17:04
I tried the code given in the first search result. But that's not working for office system in the different network. But if I will use the different system then it's working. I will put the code in workbook_open so that the validation will run while it's opening the excel. – Psl05 Mar 18 '18 at 06:03
1

**The whole approach using VBA to secure a workbook can never work no matter how hard you try.** Anyone can easily open any workbook with macros disabled and you can not prevent this. Then your securing VBA code does not run and anyone can use it outside your network. – Pᴇʜ Mar 19 '18 at 07:46
I tried some code that will force the user to enable the macros before opening the excel sheet, if he disables the macros, he will not be able to open the excel. – Psl05 Mar 19 '18 at 11:00
@Psl05 that's not possible. I can always open a workbook with macros disabled. You cannot prevent that. – Pᴇʜ Mar 19 '18 at 11:11
@Psl05 Did you click the links I posted? – ashleedawg Mar 19 '18 at 11:26
@PEH http://www.xl-central.com/force-users-to-enable-macros-in-a-workbook.html I used this code. – Psl05 Mar 19 '18 at 11:30
1

...and no, hiding sheets is no security. Like I said in my last edit to my answer, there is **no** such thing as 100% security with shared Office documents, and I agree with your statement **"The whole approach using VBA to secure a workbook can never work no matter how hard you try. "** – ashleedawg Mar 19 '18 at 12:53
@Psl05 Check what happens if you close your workbook, and then **Hold the [SHIFT] down while opening the workbook**. Also, try opening it in Protected Mode like in my example. I put the code from that site in my workbook and at first I was surprised that it didn't react to my attempt to bypass it... Then I remember that, as a developer, **I have Macro Security disabled**. So I re-enabled it (as is default for 99.9% of users) and tried it again, and **your code did not run.** – ashleedawg Mar 19 '18 at 12:56
@Psl05 - Don't forget to **`✓ Accept`** an answer that helped solve your problem… You'll get **`+2`** reputation, and the answer's author gets **`+15`** rep. When you've reached 15 reputation, you can *also* **`▲ Upvote`** any answers that are helpful, which also rewards the authors **plus** your feedback in the form of votes *benefits the [so] community as a whole!* – ashleedawg Jun 14 '18 at 07:37