Web Sensitive Files and SharePoint (SharePoint 2010, 2013 and 2016)

  • Article

*Update: April 14, 2017 - Although this article was originally written with the SharePoint 2010 release it is also applicable to the SharePoint 2013 and 2016 platforms.  The links go to screenshot images.
*
Within the SharePoint platform, any file type can be blocked at the Farm Administrator level. Moreover, by default there are several files, which are blocked out of the box. Any file, which could be executed by Internet Explorer, and files whose name includes braces e.g., {.xls} are also blocked. As such if you try to upload, any of these file types you will receive an error message that tells you that you are not able to upload the file.

Most people are familiar with the blocked file types of the platform. However, if you look at the list of default-blocked files you will not see swf along with a few others) file types listed. This is because these are not blocked files they are instead considered to be "web sensitive" files. These files are not blocked and can in fact be uploaded to a SharePoint document library with a few caveats though:

  1. Users with Contributor permissions are prevented from uploading the files.
  2. Only Users with Designer permissions can upload SWF files successfully in SharePoint. More precisely, the "Add and Customize Pages" permission is required.

If someone with Contributor permissions tries to upload a swf file they will receive an "Error: Access Denied" modal dialog.

View 

If you need to upload these types of files you will have to have the Farm Administrator(s) of your Web Application run, a few PowerShell commands on the farm in order to have the swf file removed from the web app's Web Sensitive list. This is different from the procedures used to either add or remove file types from the Blocked File Types listing. As the PowerShell commands are not readily available on TechNet, (you have dig deep within the articles to find them and once found you need to go through Microsoft's super-secret decryption ritual (affectionately called trial-and-error) to string the commands together). I will list the steps here: (keep in mind that the following procedure must be run on the server that is hosting the Web Application and you will need to have Farm Administrator credentials)

  1. Go to Start à All Programs à Microsoft SharePoint Products à right click on SharePoint - Management Shell – select "Run as Administrator"
  2. At the prompt run the following PowerShell commands:
    1. $sa = Get-SPWebApplication "SharePoint – site goes here"
      1. This will populate the $sa variable with the Web Application information to be used in subsequent commands.
        1. Example $sa = Get-SPWebApplication http://intranet.contoso.com/

View 

  1. $sa.WebFileExtensions
    1. This will provide you with a listing of file types considered Web Sensitive on the farm.
      1. In a default configuration you should see nine file types listed; those being:
        1. ascx
        2. asmx
        3. aspx
        4. jar
        5. master
        6. swf
        7. xap
        8. xsf
        9. xsn

View 

  1. $sa.WebFileExtensions.Remove("file type you would like to have removed from the listing")
    1. This is the actual command that removes the file type from the listing. If the command executes successfully you will receive a response from the farm that simply says "True"
      1. Example $sa.WebFileExtensions.Remove("swf")

View 

  1. $sa.Update
    1. This command forces an immediate update to the farm concerning the file types that are listed as "web sensitive"
  2. That is it! Restart of the farm is not required for this command to execute fully.

Once these commands are run users with Designer permissions can upload SWF files successfully into SharePoint. Remember, more precisely, the "Add and Customize Pages" permission is required.

View