Manage Blocked File Types in SharePoint

Recently another user came to me saying, He got the below error while he tried uploading a file to SharePoint:

“The following file(s) have been blocked by the administrator”

This is because: The user tried uploading .OCX files, which were in the blocked file type. Here is what I did to allow the OCX files. Blocked File types option in SharePoint is a great security/governance feature.  You don’t want your users to upload executable or Movie files to SharePoint libraries, Isn’t it?

Unblocking Blocked File Types: Manage blocked file types SharePoint

• Open central administration site.
• Go to Operations tab.
• Find a section named “Security Configuration”.
• Under this section, you can find a link for “Blocked file types”.

Select the Web Application that you would like to modify from the drop-down list

You will now have a large list showing all the blocked file extensions, allowing you to add and remove them from the list. In this case, you want to allow OCX files, so they could be shared through SharePoint, Just Remove the file type OCX and click “OK”.

Configuring Blocked File Types in SharePoint 2013

For SharePoint 2010, You can navigate to: Central Administration >> Security >> Define blocked file types.

Is SharePoint blocking Files Based on File Extension or actual file type?
Remember, SharePoint blocks file based on its extensions and not by the actual file type. Which means, You can rename the blocked file type (E.g. Rename “Program.exe” to “Program.txt”) and still upload them to SharePoint. To mitigate, you need to have Forefront Security for SharePoint, which can block files based on its type and not just extension.

SharePoint blocked file types global list

Blocked file types Central are configured in Central Administration, are applied per web application, not globally throughout your farm. Internally, SharePoint keeps a file in 14 hive (or 12 hive in MOSS 2007) Config folder docextflt.xml So, When you create a new web application, blocked files list getting populated from this XML file.

However changing this file will not affect any existing web applications created already. But this will impact the default blocked files list, when you create a new web application.

Manage SharePoint blocked file types with PowerShell.

Write-host "Enter the Web Application URL:"
$WebAppURL= Read-Host
$WebApplication = Get-SPWebApplication $webAppURL
$Extensions = $WebApplication.BlockedFileExtensions

#SharePoint list blocked file types
write-host "Blocked File Types:"
$Extensions | ForEach-Object {Write-Host $_}

#To Add a Blocked File type
$Extensions.Add("dlg")
$WebApplication.Update()
write-host "DLG File type has been Blocked"

#To Remove a Blocked File type
$Extensions.Remove("dlg")
$WebApplication.Update()
write-host "Blocked File type DLG has been Removed"

You can remove Blocked File Types in SharePoint Object Model(C#) programmatically:

Collection<string> be = webApplication.BlockedFileExtensions;
if (be.Contains("ocx")) be.Remove("ocx");
webApplication.Update();

For reference:  SharePoint 2010 default blocked file types:
ade
adp
app
asa
ashx
asmx
asp
bas
bat
cdx
cer
chm
class
cmd
cnt
com
config
cpl
crt
csh
der
dll
exe
fxp
gadget
grp
hlp
hpj
hta
htr
htw
ida
idc
idq
ins
isp
its
jse
ksh
lnk
mad
maf
mag
mam
maq
mar
mas
mat
mau
mav
maw
mcf
mda
mdb
mde
mdt
mdw
mdz
msc
msh
msh1
msh1xml
msh2
msh2xml
mshxml
msi
msp
mst
ops
pcd
pif
pl
prf
prg
printer
ps1
ps1xml
ps2
ps2xml
psc1
psc2
pst
reg
rem
scf
scr
sct
shb
shs
shtm
shtml
soap
stm
svc
url
vb
vbe
vbs
ws
wsc
wsf
wsh

Technet Article: https://technet.microsoft.com/en-us/library/cc262496.aspx