Blocked File Types in SharePoint
Blocked File Types in SharePoint should be evaluated and considered when planning out Governance or Security of your SharePoint deployment. However, if you already have an existing environment, it’s never too late to revisit this part of SharePoint administration. Bottom line, don't overlook Blocked File Types!
What is it?
This security feature in SharePoint allows administrators of Central Administration to specify certain file types from being saved to or accessed from a SharePoint environment. This list contains file extensions and each file extension corresponds to a specific type of file. By default, SharePoint already specifies some file types to block (see default list at end of this post). Most importantly, each web application in SharePoint has it’s own blocked file types list allowing you to administer blocked file types per application.
How does it work?
SharePoint will check a file name and any characters immediately after a period (.). If a set of characters after a period is matched against a set of characters in the blocked file list, it will block that file. You can’t trick it either with fancy naming conventions. If you renamed your file to have a period at the end, it would also check any preceding characters. Hypothetically let’s say you wanted to block any file that ended in .docx (i know, hypothetical though okay?) . If you added .docx to the blocked file types list, any of the following files would be blocked in SharePoint:
blockmeplease.docx blockmeplease.docx. blockmeplease.docx.old_save_for_later
How Do I Block / Unblock files?
To administer the file types you must login to Central Administration. To administer the file type list in Central Administration, navigate to the following location: Central Administration > Operations > (Security Configuration) Blocked File Types. On this page you may add or remove file types.
note: be sure to change what web application you are wanting to administer!
To add a file type to be blocked (i.e.: don't allow it), add it's extension to the list. If you want to unblock a file type (i.e.: allow it) then just remove the extension for that file type from the list. If you decide to go a 
little overboard and try to block every known file type known to man, keep in mind that SharePoint will limit you to 1024 different types of files. (a little deductive logic here implies that each file extension is equivalent to 1kb, and the total file extension list can’t exceed 1Mb… interesting!)
This can be a big list, but don’t waste effort trying to add an extension in the correct alphabetical order. You can put the new extension at the top, bottom, or middle – it doesn’t matter. SharePoint will automatically sort the extensions for you alphabetically the next time you load the list for viewing/editing.
For an extension reference, here’s a list of file formats (I think all that exist!) and their extensions on Wikipedia: https://en.wikipedia.org/wiki/Alphabetical_list_of_file_extensions
Result of Changes
Once you make changes to the list of blocked file types, the change affects new files being added and files already on the web site. Using our previous example of .docx: if a document library contains a .docx file and you then block it, users won’t be able to open the .docx file any longer. They can delete it, but any other action isn’t permitted.
Trying to save a file that is blocked:
Trying to upload a file that is blocked:
or
Trying to access a file that is blocked:
Recommend Files to Block/Unblock
In my deployments, I started a practice of blocking and unblocking the following files below as a part of my routine steps in any installation. I picked this idea up from Joel Oleson (I don't remember specific post).
- Recommended files to unblock that are blocked by default:
- .chm (help file)
- .lnk (url link)
- .url (url link)
- Recommended Files to block that are not blocked by default:
- .mp3 (audio file)
- .vhd (virtual hard drive file)
Notification
I also recommend that SharePoint administrators make available to their users the file types that aren't allowed in their SharePoint. This will prevent a user from becoming frustrated that they can't upload a file and ranting within the organization placing erroneous blame on SharePoint. Can't you see the conversation on the elevator now?
Disgruntled John: "Sorry Jane that I couldn't share that screensaver (.src) with you... our SharePoint [insert negative comment here]".
It's company policy that's preventing the sharing of the file, not SharePoint!
Default Blocked File Types
When a web application is created, it gets the default blocked file list from a config file which is stored in the 12 hive. So although SharePoint has a default blocked file list, you do have control over it. If there are particular files that you are always going to want to block in your farm, you can edit this config file. Just remember that this will only affect Web Applications created ‘after’ editing the config file. It's located here:
\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG\docextflt.xml
Default Blocked File Type Extensions and Corresponding File Types
note: you should also know that files with curly braces { or } are also blocked by default
File extension |
File type |
.ade |
Microsoft Access project extension |
.adp |
Microsoft Access project |
.app |
Application file |
.asa |
ASP declarations file |
.ashx |
ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET. |
.asmx |
ASP.NET Web Services source file |
.asp |
Active Server Pages |
.bas |
Microsoft Visual Basic class module |
.bat |
Batch file |
.cdx |
Compound index |
.cer |
Certificate file |
.chm |
Compiled HTML Help file |
.class |
Java class file |
.cmd |
Microsoft Windows NT command script |
.com |
Microsoft MS-DOS program |
.config |
Configuration file |
.cpl |
Control Panel extension |
.crt |
Security certificate |
.csh |
Script file |
.dll |
Windows dynamic link library |
.exe |
Program |
.fxp |
Microsoft Visual FoxPro compiled program |
.hlp |
Help file |
.hta |
HTML program |
.htr |
Script file |
.htw |
HTML document |
.ida |
Internet Information Services file |
.idc |
Internet database connector file |
.idq |
Internet data query file |
.ins |
Internet Naming Service |
.isp |
Internet Communication settings |
.its |
Internet Document Set file |
.jse |
JScript Encoded script file |
.ksh |
Korn Shell script file |
.lnk |
Shortcut |
.mad |
Shortcut |
.maf |
Shortcut |
.mag |
Shortcut |
.mam |
Shortcut |
.maq |
Shortcut |
.mar |
Shortcut |
.mas |
Microsoft Access stored procedure |
.mat |
Shortcut |
.mau |
Shortcut |
.mav |
Shortcut |
.maw |
Shortcut |
.mda |
Microsoft Access add-in program |
.mdb |
Microsoft Access program |
.mde |
Microsoft Access MDE database |
.mdt |
Microsoft Access data file |
.mdw |
Microsoft Access workgroup |
.mdz |
Microsoft Access wizard program |
.msc |
Microsoft Common Console document |
.msh |
Microsoft Agent script helper |
.msh1 |
Microsoft Agent script helper |
.msh1xml |
Microsoft Agent script helper |
.msh2 |
Microsoft Agent script helper |
.msh2xml |
Microsoft Agent script helper |
.mshxml |
Microsoft Agent script helper |
.msi |
Microsoft Windows Installer package |
.msp |
Windows Installer patch package file |
.mst |
Visual Test source files |
.ops |
Microsoft Office profile settings file |
.pcd |
Photo CD image or Microsoft Visual Test compiled script |
.pif |
Shortcut to MS-DOS program |
.prf |
System file |
.prg |
Program source file |
.printer |
Printer file |
.pst |
Microsoft Outlook personal folder file |
.reg |
Registration entries |
.rem |
ACT! database maintenance file |
.scf |
Windows Explorer command file |
.scr |
Screen saver |
.sct |
Script file |
.shb |
Windows shortcut |
.shs |
Shell Scrap object |
.shtm |
HTML file that contains server side directives |
.shtml |
HTML file that contains server side directives |
.soap |
Simple Object Access Protocol file |
.stm |
HTML file that contains server side directives |
.url |
Uniform Resource Locator (Internet shortcut) |
.vb |
Microsoft Visual Basic Scripting Edition file |
.vbe |
VBScript Encoded Script file |
.vbs |
VBScript file |
.ws |
Windows Script file |
.wsc |
Windows Script Component |
.wsf |
Windows Script file |
.wsh |
Windows Script Host settings file |
References:
Windows SharePoint Services 3.0 Help and How-to; Joel Oleson SharePoint Land; Personal Experience
Comments
Anonymous
January 01, 2003
Last evening I drove to Asheville, NC to present at a SharePoint User Group meeting. It’s aboutAnonymous
May 19, 2014
The comment has been removedAnonymous
May 21, 2014
The comment has been removedAnonymous
October 29, 2014
Blocked File Types in SharePoint - SharePoint Comic - Site Home - TechNet Blogs