Blocked File Types in SharePoint


Blocked File Types in SharePoint should be evaluated and considered when planning out Governance or Security of your SharePoint deployment. However, if you already have an existing environment, it’s never too late to revisit this part of SharePoint administration.  Bottom line, don't overlook Blocked File Types! 

What is it?
This security feature in SharePoint allows administrators of Central Administration to specify certain file types from being saved to or accessed from a SharePoint environment.   This list contains file extensions and each file extension corresponds to a specific type of file.   By default, SharePoint already specifies some file types to block (see default list at end of this post).  Most importantly, each web application in SharePoint has it’s own blocked file types list allowing you to administer blocked file types per application.

How does it work?
SharePoint will check a file name and any characters immediately after a period (.).  If a set of characters after a period is matched against a set of characters in the blocked file list, it will block that file.   You can’t trick it either with fancy naming conventions.  If you renamed your file to have a period at the end, it would also check any preceding characters. Hypothetically let’s say you wanted to block any file that ended in .docx (i know, hypothetical though okay?) .  If you added .docx to the blocked file types list, any of the following files would be blocked in SharePoint:

blockmeplease.docx     blockmeplease.docx.     blockmeplease.docx.old_save_for_later


How Do I Block / Unblock files?
To administer the file types you must login to Central Administration. To administer the file type list in Central Administration, navigate to the following location:  Central Administration > Operations > (Security Configuration) Blocked File Types.  On this page you may add or remove file types.

note: be sure to change what web application you are wanting to administer! 
image

To add a file type to be blocked (i.e.: don't allow it), add it's extension to the list.  If you want to unblock a file type (i.e.: allow it) then just remove the extension for that file type from the list.  If you decide to go a imagelittle overboard and try to block every known file type known to man, keep in mind that SharePoint will limit you to 1024 different types of files. (a little deductive logic here implies that each file extension is equivalent to 1kb, and the total file extension list can’t exceed 1Mb… interesting!)

This can be a big list, but don’t waste effort trying to add an extension in the correct alphabetical order.  You can put the new extension at the top, bottom, or middle – it doesn’t matter.  SharePoint will automatically sort the extensions for you alphabetically the next time you load the list for viewing/editing.

For an extension reference, here’s a list of file formats (I think all that exist!) and their extensions on Wikipedia: http://en.wikipedia.org/wiki/Alphabetical_list_of_file_extensions


Result of Changes

Once you make changes to the list of blocked file types, the change affects new files being added and files already on the web site. Using our previous example of .docx: if a document library contains a .docx file and you then block it, users won’t be able to open the .docx file any longer. They can delete it, but any other action isn’t permitted.

Trying to save a file that is blocked:

image

Trying to upload a file that is blocked:
or
Trying to access a file that is blocked:

 image

Recommend Files to Block/Unblock
In my deployments, I started a practice of blocking and unblocking the following files below as a part of my routine steps in any installation.  I picked this idea up from Joel Oleson (I don't remember specific post).

  1. Recommended files to unblock that are blocked by default:
    1. .chm (help file)
    2. .lnk (url link)
    3. .url (url link)
  2. Recommended Files to block that are not blocked by default:
    1. .mp3 (audio file)
    2. .vhd (virtual hard drive file)

Notification
I also recommend that SharePoint administrators make available to their users the file types that aren't allowed in their SharePoint.  This will prevent a user from becoming frustrated that they can't upload a file and ranting within the organization placing erroneous blame on SharePoint. Can't you see the conversation on the elevator now? 

Disgruntled John: "Sorry Jane that I couldn't share that screensaver (.src) with you... our SharePoint [insert negative comment here]".  

It's company policy that's preventing the sharing of the file, not SharePoint!

Default Blocked File Types
When a web application is created, it gets the default blocked file list from a config file which is stored in the 12 hive.  So although SharePoint has a default blocked file list, you do have control over it.  If there are particular files that you are always going to want to block in your farm, you can edit this config file.  Just remember that this will only affect Web Applications created ‘after’ editing the config file.  It's located here:

\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG\docextflt.xml

image

 

Default Blocked File Type Extensions and Corresponding File Types
note: you should also know that files with curly braces { or } are also blocked by default

File extension

File type

.ade

Microsoft Access project extension

.adp

Microsoft Access project

.app

Application file

.asa

ASP declarations file

.ashx

ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET.

.asmx

ASP.NET Web Services source file

.asp

Active Server Pages

.bas

Microsoft Visual Basic class module

.bat

Batch file

.cdx

Compound index

.cer

Certificate file

.chm

Compiled HTML Help file

.class

Java class file

.cmd

Microsoft Windows NT command script

.com

Microsoft MS-DOS program

.config

Configuration file

.cpl

Control Panel extension

.crt

Security certificate

.csh

Script file

.dll

Windows dynamic link library

.exe

Program

.fxp

Microsoft Visual FoxPro compiled program

.hlp

Help file

.hta

HTML program

.htr

Script file

.htw

HTML document

.ida

Internet Information Services file

.idc

Internet database connector file

.idq

Internet data query file

.ins

Internet Naming Service

.isp

Internet Communication settings

.its

Internet Document Set file

.jse

JScript Encoded script file

.ksh

Korn Shell script file

.lnk

Shortcut

.mad

Shortcut

.maf

Shortcut

.mag

Shortcut

.mam

Shortcut

.maq

Shortcut

.mar

Shortcut

.mas

Microsoft Access stored procedure

.mat

Shortcut

.mau

Shortcut

.mav

Shortcut

.maw

Shortcut

.mda

Microsoft Access add-in program

.mdb

Microsoft Access program

.mde

Microsoft Access MDE database

.mdt

Microsoft Access data file

.mdw

Microsoft Access workgroup

.mdz

Microsoft Access wizard program

.msc

Microsoft Common Console document

.msh

Microsoft Agent script helper

.msh1

Microsoft Agent script helper

.msh1xml

Microsoft Agent script helper

.msh2

Microsoft Agent script helper

.msh2xml

Microsoft Agent script helper

.mshxml

Microsoft Agent script helper

.msi

Microsoft Windows Installer package

.msp

Windows Installer patch package file

.mst

Visual Test source files

.ops

Microsoft Office profile settings file

.pcd

Photo CD image or Microsoft Visual Test compiled script

.pif

Shortcut to MS-DOS program

.prf

System file

.prg

Program source file

.printer

Printer file

.pst

Microsoft Outlook personal folder file

.reg

Registration entries

.rem

ACT! database maintenance file

.scf

Windows Explorer command file

.scr

Screen saver

.sct

Script file

.shb

Windows shortcut

.shs

Shell Scrap object

.shtm

HTML file that contains server side directives

.shtml

HTML file that contains server side directives

.soap

Simple Object Access Protocol file

.stm

HTML file that contains server side directives

.url

Uniform Resource Locator (Internet shortcut)

.vb

Microsoft Visual Basic Scripting Edition file

.vbe

VBScript Encoded Script file

.vbs

VBScript file

.ws

Windows Script file

.wsc

Windows Script Component

.wsf

Windows Script file

.wsh

Windows Script Host settings file

 

References:
Windows SharePoint Services 3.0 Help and How-to; Joel Oleson SharePoint Land; Personal Experience

Comments (4)

  1. Anonymous says:

    Last evening I drove to Asheville, NC to present at a SharePoint User Group meeting.  It’s about

  2. Anonymous says:

    Pingback from SharePoint: Questions, Misconceptions and Tips & Tricks

  3. Anonymous says:

    Pingback from SharePoint: Questions, Misconceptions and Tips & Tricks

  4. Anonymous says:

    Blocked File Types in SharePoint – SharePoint Comic – Site Home – TechNet Blogs

Skip to main content