Turn scripting capabilities on and off

The ability to customize is one of the most compelling features of SharePoint Online because it enables admins and users to adjust the look, feel, and behavior of sites and pages to meet organizational objectives or individual needs. Some customization, such as changing a heading style or page layout, is as easy as clicking a button on the ribbon. Other customizations are more complex and require the use of custom script or markup language inserted into web parts or run with Windows PowerShell.

The ability to add custom script to sites and pages is controlled by the Add and Customize Pages permission. While you, the global admin, can specify which users and groups are granted this permission, you should know that anyone who creates personal sites and team sites is, by default, a site owner. A site owner can add any script they want to the pages on that site.

Many admins want their users to have the freedom to create sites as needed. Not only does it encourage collaboration among users but also frees up the admin to focus on urgent tasks. You’ll probably want to limit the amount of scripting allowed in order to maintain the security and integrity of the sites in your tenancy. You can do this from the Settings page in the SharePoint admin center, but be advised that when you disable scripting you are disabling it for all personal sites and self-service-creation sites in the tenancy. (See Additional information about the self-service site creation feature.)

To disable scripting from the SharePoint admin center
  1. In the SharePoint admin center, click settings.
  2. In Custom Script:
  • If you want to disable scripting on personal sites, click Prevent users from running custom script on personal sites.
  • If you want to disable scripting on other user-created sites, such as team sites or project sites, click Prevent users from running custom script on user created sites.

Custom script section of settings page in SharePoint admin center

  1. Click OK. It takes about 24 hours for the change to take effect.

Top of Page Top of Page

Features affected when scripting is disabled

When you disable scripting on personal sites or self-service-creation sites, the theme gallery, certain web parts, and other features that support scripting are no longer available to site collection owners or site owners. Any sites that used these features before scripting was disabled are still able to use them.

The following site settings are no longer be available after scripting has been disabled:

Site feature Behavior Notes
Save Site as Template No longer available in Site Settings. You can still build sites from templates created before scripting was disabled.
Save document library as template No longer available in Library Settings. You can still build document libraries from templates created before scripting was disabled.
Solution Gallery No longer available in Site Settings. You can still use solutions created before scripting was disabled.
Theme Gallery No longer available in Site Settings. You can still use themes created before scripting was disabled.
Help Settings No longer available in Site Settings. You can still access help file collections available before scripting was disabled.
Sandbox solutions Solution Gallery will not appear in the Site Settings so you can’t add, manage, or upgrade sandbox solutions. You can still run sandbox solutions that were deployed before scripting was disabled.
SharePoint Designer

Site Pages: No longer able to update web pages that are not HTML.

Handling List: Create Form and Custom Action will no longer work.

Subsites: New Subsite and Delete Site redirect to the Site Settings page in the browser.

Data Sources: Properties button is no longer available.

You can still open data sources.

The following web parts are unavailable to site collection owners and site owners after scripting has been disabled.

Web part category Web part
Blog

Blog Archives

Blog Notifications

Blog Tools

Business Data

Business Data Actions

Business Data Item

Business Data Item Builder

Business Data List

Business Data Related List

Excel Web Access

Indicator Details

Status List

Visio Web Access

Community

About This Community

Join

My Membership

Tools

What’s Happening

Content Rollup

Categories

Project Summary

Relevant Documents

RSS Viewer

Site Aggregator

Sites in Category

Term Property

Timeline

WSRP Viewer

XML Viewer

Document Sets

Document Set Contents

Document Set Properties

Forms HTML Form Web Part
Media and Content

Content Editor

Script Editor

Silverlight Web Part

Search

Refinement

Search Box

Search Navigation

Search Results

Search-Driven Content Catalog-Item Reuse
Social Collaboration

Contact Details

Note Board

Organization Browser

Site Feed

Tag Cloud

User Tasks

Top of Page Top of Page

Best practice for communicating the change to users

When you decide to disable scripting on tenants where it was previously allowed, communicate the change well in advance so users can understand the impact of the decision. The worst case scenario is that users who are accustomed to changing themes or adding web parts on their team sites suddenly find that capability gone. Instead they will receive the following error message.

Error message displayed when scripting is disabled on a site or site collection

Proactively communicating the change can pre-empt many of these support calls and avoid an unnecessary surprise for your users.

Top of Page Top of Page

 
 
Applies to:
SharePoint admin center, SharePoint Online Enterprise (E3 & E4)