Microsoft Office Tutorials and References
In Depth Information
Keep in mind that the user will be the owner of the site collection, where there are a lot of
configuration settings available. Some training might be in order.
Blocked File Types
By default, SharePoint blocks the upload of several file types based on the file extension. The list
of blocked file types is set at the web application level. You can block all *.exe files for all site
collections in the web application. Then create a different, private “IT tech team” web
application, where having a library of common executable tools would be handy, so you permit .exe
files. You can also restrict a web application so that it doesn’t permit media files (such as .mpg,
.mov, or.wmv files) to be uploaded. The sky is the limit as far as restricting file types. This is
another reason web applications are security boundaries.
Blocked file types are set in Central Administration on the Manage Web Applications page
under Application Management. Clicking the Blocked File Types button on the ribbon will take
you to the page shown in Figure 10.52.
The Blocked File
On the Blocked File Types page, you can edit the list of file extensions to block. First make
sure you’re editing the correct web application. If you need to make changes to all the web
applications, you’ll need to edit the list for each one. You can permit previously blocked file
extensions by simply removing them from the list, and you can block new file extensions by adding
them to the list (note that you add only the characters for the extension, not the period).
SharePoint doesn’t check a file beyond the extension; therefore, if a user changes a blocked
extension to a permitted extension, they’ll be able to upload the file. For example, someone could
take evilhack.exe , rename it evilhack.doc, and successfully upload it to a document library.
As you know, permissions in SharePoint are applied to a site or site collection using permission
levels—typically Read, Contribute, Design, and Full Control. Then individual users or groups
are assigned these permission levels.
A permission level is actually a collection of separate permissions, discussed in detail in
Chapter 12. There are times when you don’t want a particular permission to be available to any
permission level for the web application. (For example, you may want to remove the permission