Users cannot access Web.config files in Microsoft SharePoint Server unless they're local administrators, farm administrators, or managed by SharePoint.


Web.config files may contain sensitive data. To better protect this data and strengthen the security of SharePoint, SharePoint now restricts access to its Web.config files to the users described in the Symptoms section of this article. This change does not impact standard SharePoint functionality.

If you have deployed customizations to your SharePoint farms that depend on the previously more permissive Web.config file permissions, you can follow the steps in the Workaround section of this article to grant additional users permission to the Web.config files. This workaround should only be used when you have deployed customizations that are impacted by this change.


Farm administrators can take the following steps to grant trusted users additional permissions to Web.config files:

  1. Right-click the Web.config file, and then select Properties.

  2. Select Security > Edit > Add.

  3. Enter the username, select Check Names to resolve the user, and then select OK.

  4. Select the required permissions for that user, and then select Apply> OK.

To avoid this behavior for new Web.config files by default, farm administrators can run the following PowerShell commands to skip restricting the permissions for Web.config files:

Add-PSSnapin Microsoft.SharePoint.PowerShell
$farm = Get-SPFarm
$farm.SkipUpdateWebConfigPermission = $true

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!