Background
We were approached by our internal Microsoft Product Manger to customize the Home tab in the Microsoft Office 2016 versions of Word, Excel and PowerPoint so end-users could more easily find the Restrict Permissions feature, which is buried under the Review tab by default.
After searching in vain for documentation online, we turned to Composer and learned the following files hold the settings:
Files to Modify
~/Library/Containers/com.microsoft.Word/Data/Library/Preferences/Word.officeUI
~/Library/Containers/com.microsoft.Excel/Data/Library/Preferences/Excel.officeUI
~/Library/Containers/com.microsoft.Powerpoint/Data/Library/Preferences/Powerpoint.officeUIOriginally, we just wanted to duplicate the Restrict Permissions option in both the Home tab and the Review tab, but that seemed to prevent the end-user for further editing the Ribbon & Toolbar in Word, but Excel and PowerPoint were unaffected.
Script
In our testing, the Files to Modify listed above did NOT exsist if the end-user hasn't made any changes via: Word | Excel | PowerPoint > Preferences > Ribbon & Toolbar.
In the current version of this script, if the files exsist, we don't modify them and just echo back an error to the JSS.
Please up-vote the following Feature Request: Policy Return Code(s) - On top: handle "included" return codes.
microsoftOffice2016-OfficeUI-Home_tab-RestrictPermissions.sh
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Configure Microsoft Office 2016 UI: Restrict Permissions
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 30-Jan-2017, Dan K. Snelson
#
####################################################################################################
# Import logging functions
source /path/to/client-side/functions.sh
####################################################################################################
ScriptLog "##################################################################"
ScriptLog "#### Configure Microsoft Office 2016 UI: Restrict Permissions ####"
ScriptLog "##################################################################"
ScriptLog " "
# Variables
loggedInUser=$( /usr/bin/stat -f%Su /dev/console ) # Currently logged-in user
# Define Functions
function restrictPermissionsUserTemplate() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")
# Create directory path
ScriptLog "* Create directory path for ${1} ..."
/bin/mkdir -pv "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences
# Create app-specific Office UI file
ScriptLog "* Create ${1}.officeUI for ${USER_TEMPLATE} ..."
if [ "${1}" == "Word" ] ; then
/bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
<mso:ribbon>
<mso:qat/>
<mso:tabs>
<mso:tab idQ="mso:TabHome">
<mso:group idQ="mso:GroupRightsManagement"/>
</mso:tab>
<mso:tab idQ="mso:TabReviewWord">
<mso:group idQ="mso:GroupRightsManagement" visible="false"/>
</mso:tab>
</mso:tabs>
</mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI
else
/bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
<mso:ribbon>
<mso:qat/>
<mso:tabs>
<mso:tab idQ="mso:TabHome">
<mso:group idQ="mso:GroupRightsManagement"/>
</mso:tab>
<mso:tab idQ="mso:TabReview">
<mso:group idQ="mso:GroupRightsManagement" visible="false"/>
</mso:tab>
</mso:tabs>
</mso:ribbon>
</mso:customUI>" > "${USER_TEMPLATE}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI
fi
ScriptLog "* Created ${1}.officeUI for ${USER_TEMPLATE}."
ScriptLog " "
}
function restrictPermissionsCurrentUsers() { # Pass the name of the app (i.e., "Word" | "Excel" | "Powerpoint")
testFile="/Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences/"${1}".officeUI"
if [ ! -f "${testFile}" ] ; then # Office UI not found; create it
# Create directory path
ScriptLog "* Create directory path for ${1} ..."
/bin/mkdir -pv /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/Data/Library/Preferences
# Create app-specific Office UI file
ScriptLog "* Create ${1}.officeUI for ${USER_SHORTNAME} ..."
if [ "${1}" == "Word" ] ; then
/bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
<mso:ribbon>
<mso:qat/>
<mso:tabs>
<mso:tab idQ="mso:TabHome">
<mso:group idQ="mso:GroupRightsManagement"/>
</mso:tab>
<mso:tab idQ="mso:TabReviewWord">
<mso:group idQ="mso:GroupRightsManagement" visible="false"/>
</mso:tab>
</mso:tabs>
</mso:ribbon>
</mso:customUI>" > ${testFile}
else
/bin/echo "<mso:customUI xmlns:mso="http://schemas.microsoft.com/office/2009/07/customui">
<mso:ribbon>
<mso:qat/>
<mso:tabs>
<mso:tab idQ="mso:TabHome">
<mso:group idQ="mso:GroupRightsManagement"/>
</mso:tab>
<mso:tab idQ="mso:TabReview">
<mso:group idQ="mso:GroupRightsManagement" visible="false"/>
</mso:tab>
</mso:tabs>
</mso:ribbon>
</mso:customUI>" > ${testFile}
fi
ScriptLog "* Created ${1}.officeUI for ${USER_SHORTNAME}."
ScriptLog "* Correct file permissions ..."
/usr/sbin/chown -R "${USER_SHORTNAME}" /Users/"${USER_SHORTNAME}"/Library/Containers/com.microsoft."${1}"/
ScriptLog " "
else
jssLog "* ERROR: ${1}.officeUI exists for ${USER_SHORTNAME}"
fi
}
# Call Functions
ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure future users ..."
ScriptLog "---"
ScriptLog " "
for USER_TEMPLATE in "/System/Library/User Template"/*
do
# Configure Microsoft Word
ScriptLog "Configure Microsoft Word ..."
restrictPermissionsUserTemplate "Word"
# Configure Microsoft Excel
ScriptLog "Configure Microsoft Excel ..."
restrictPermissionsUserTemplate "Excel"
# Configure Microsoft PowerPoint
ScriptLog "Configure Microsoft PowerPoint ..."
restrictPermissionsUserTemplate "Powerpoint"
done
# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions defaults configured for future users."
ScriptLog " "
ScriptLog "---"
ScriptLog "- Configure current users ..."
ScriptLog "---"
ScriptLog " "
for USER_HOME in /Users/*
do
USER_SHORTNAME=`basename "${USER_HOME}"`
if [ ! "${USER_SHORTNAME}" = "Shared" ]; then
# Configure Microsoft Word
ScriptLog "* Configuring Microsoft Word for ${USER_SHORTNAME} ..."
restrictPermissionsCurrentUsers "Word"
# Configure Microsoft Excel
ScriptLog "* Configuring Microsoft Excel for ${USER_SHORTNAME} ..."
restrictPermissionsCurrentUsers "Excel"
# Configure Microsoft PowerPoint
ScriptLog "* Configuring Microsoft PowerPoint for ${USER_SHORTNAME} ..."
restrictPermissionsCurrentUsers "Powerpoint"
# Reload preferences
ScriptLog "* Reload preferences for ${USER_SHORTNAME} ..."
/usr/bin/pkill -l -U "${USER_SHORTNAME}" cfprefsd
fi
done
# Re-direct logging to the JSS
jssLog "Microsoft Office 2016 UI: Restrict Permissions Defaults Configured"
exit 0Additional Resources
Microsoft Technical Support supplied the following resources:
