Blocked File Types in SharePoint

Blocked File Types in SharePoint should be evaluated and considered when planning out Governance or Security of your SharePoint deployment. However, if you already have an existing environment, it’s never too late to revisit this part of SharePoint administration.  Bottom line, don't overlook Blocked File Types! 

What is it?
This security feature in SharePoint allows administrators of Central Administration to specify certain file types from being saved to or accessed from a SharePoint environment.   This list contains file extensions and each file extension corresponds to a specific type of file.   By default, SharePoint already specifies some file types to block (see default list at end of this post).  Most importantly, each web application in SharePoint has it’s own blocked file types list allowing you to administer blocked file types per application.

How does it work?
SharePoint will check a file name and any characters immediately after a period (.).  If a set of characters after a period is matched against a set of characters in the blocked file list, it will block that file.   You can’t trick it either with fancy naming conventions.  If you renamed your file to have a period at the end, it would also check any preceding characters. Hypothetically let’s say you wanted to block any file that ended in .docx (i know, hypothetical though okay?) .  If you added .docx to the blocked file types list, any of the following files would be blocked in SharePoint:

blockmeplease.docx     blockmeplease.docx.     blockmeplease.docx.old_save_for_later

How Do I Block / Unblock files?
To administer the file types you must login to Central Administration. To administer the file type list in Central Administration, navigate to the following location:  Central Administration > Operations > (Security Configuration) Blocked File Types.  On this page you may add or remove file types.

note: be sure to change what web application you are wanting to administer! 

To add a file type to be blocked (i.e.: don't allow it), add it's extension to the list.  If you want to unblock a file type (i.e.: allow it) then just remove the extension for that file type from the list.  If you decide to go a imagelittle overboard and try to block every known file type known to man, keep in mind that SharePoint will limit you to 1024 different types of files. (a little deductive logic here implies that each file extension is equivalent to 1kb, and the total file extension list can’t exceed 1Mb… interesting!)

This can be a big list, but don’t waste effort trying to add an extension in the correct alphabetical order.  You can put the new extension at the top, bottom, or middle – it doesn’t matter.  SharePoint will automatically sort the extensions for you alphabetically the next time you load the list for viewing/editing.

For an extension reference, here’s a list of file formats (I think all that exist!) and their extensions on Wikipedia:

Result of Changes

Once you make changes to the list of blocked file types, the change affects new files being added and files already on the web site. Using our previous example of .docx: if a document library contains a .docx file and you then block it, users won’t be able to open the .docx file any longer. They can delete it, but any other action isn’t permitted.

Trying to save a file that is blocked:


Trying to upload a file that is blocked:
Trying to access a file that is blocked:


Recommend Files to Block/Unblock
In my deployments, I started a practice of blocking and unblocking the following files below as a part of my routine steps in any installation.  I picked this idea up from Joel Oleson (I don't remember specific post).

  1. Recommended files to unblock that are blocked by default:
    1. .chm (help file)
    2. .lnk (url link)
    3. .url (url link)
  2. Recommended Files to block that are not blocked by default:
    1. .mp3 (audio file)
    2. .vhd (virtual hard drive file)

I also recommend that SharePoint administrators make available to their users the file types that aren't allowed in their SharePoint.  This will prevent a user from becoming frustrated that they can't upload a file and ranting within the organization placing erroneous blame on SharePoint. Can't you see the conversation on the elevator now? 

Disgruntled John: "Sorry Jane that I couldn't share that screensaver (.src) with you... our SharePoint [insert negative comment here]".  

It's company policy that's preventing the sharing of the file, not SharePoint!

Default Blocked File Types
When a web application is created, it gets the default blocked file list from a config file which is stored in the 12 hive.  So although SharePoint has a default blocked file list, you do have control over it.  If there are particular files that you are always going to want to block in your farm, you can edit this config file.  Just remember that this will only affect Web Applications created ‘after’ editing the config file.  It's located here:

\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG\docextflt.xml



Default Blocked File Type Extensions and Corresponding File Types
note: you should also know that files with curly braces { or } are also blocked by default

File extension

File type


Microsoft Access project extension


Microsoft Access project


Application file


ASP declarations file


ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET.


ASP.NET Web Services source file


Active Server Pages


Microsoft Visual Basic class module


Batch file


Compound index


Certificate file


Compiled HTML Help file


Java class file


Microsoft Windows NT command script


Microsoft MS-DOS program


Configuration file


Control Panel extension


Security certificate


Script file


Windows dynamic link library




Microsoft Visual FoxPro compiled program


Help file


HTML program


Script file


HTML document


Internet Information Services file


Internet database connector file


Internet data query file


Internet Naming Service


Internet Communication settings


Internet Document Set file


JScript Encoded script file


Korn Shell script file
















Microsoft Access stored procedure










Microsoft Access add-in program


Microsoft Access program


Microsoft Access MDE database


Microsoft Access data file


Microsoft Access workgroup


Microsoft Access wizard program


Microsoft Common Console document


Microsoft Agent script helper


Microsoft Agent script helper


Microsoft Agent script helper


Microsoft Agent script helper


Microsoft Agent script helper


Microsoft Agent script helper


Microsoft Windows Installer package


Windows Installer patch package file


Visual Test source files


Microsoft Office profile settings file


Photo CD image or Microsoft Visual Test compiled script


Shortcut to MS-DOS program


System file


Program source file


Printer file


Microsoft Outlook personal folder file


Registration entries


ACT! database maintenance file


Windows Explorer command file


Screen saver


Script file


Windows shortcut


Shell Scrap object


HTML file that contains server side directives


HTML file that contains server side directives


Simple Object Access Protocol file


HTML file that contains server side directives


Uniform Resource Locator (Internet shortcut)


Microsoft Visual Basic Scripting Edition file


VBScript Encoded Script file


VBScript file


Windows Script file


Windows Script Component


Windows Script file


Windows Script Host settings file


Windows SharePoint Services 3.0 Help and How-to; Joel Oleson SharePoint Land; Personal Experience

Comments (4)

  1. Anonymous says:

    Last evening I drove to Asheville, NC to present at a SharePoint User Group meeting.  It’s about

  2. Anonymous says:

    Pingback from SharePoint: Questions, Misconceptions and Tips & Tricks

  3. Anonymous says:

    Pingback from SharePoint: Questions, Misconceptions and Tips & Tricks

  4. Anonymous says:

    Blocked File Types in SharePoint – SharePoint Comic – Site Home – TechNet Blogs

Skip to main content