Audit Office Documents with Macros with Powershell

Every organisation sooner or later has to deal with Office documents with macros enabled. Risk assessment and auditing are the first steps when planning to disable them via group policy or just to mitigate risk implied.

The priority should target real usage and avoid any untrusted macro. In this article I will try to help to create a simple report where we can simply leverage powershell to find documents with macros enabled.

This example function creates a list of all files in a drive or specific folder with an extension that is associated to Microsoft Office with macros enabled.

To get a report of all drives (where used space is greater than 0) in one-liner :

Feel free to re-use this script! Remember to check my github repository for the latest version.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.