This video provides a complete guide on how to block specific files and extensions on TrueNAS SMB shares using the Veto Files option. If you want to restrict .exe, .mp4, .zip, cache files, or hidden system files, this tutorial will help you configure everything step-by-step. The Veto Files feature is a powerful tool for controlling what users can create or upload to your shared folders. By applying these rules, you can improve security, reduce storage clutter, and protect your NAS from unwanted or dangerous file types.
Whether you are using TrueNAS CORE or TrueNAS SCALE, this method works reliably on both platforms. The video also shows how to verify your settings and test the results directly from a Windows SMB client. This guide is perfect for system administrators, IT technicians, and anyone managing shared storage in a small business or home lab. Watch until the end to ensure your TrueNAS SMB environment stays clean, secure, and optimized.

TrueNas uses veto files
• Not a whitelist “allow”. There is only a blacklist mechanism: prohibit something but not allow something.

• Veto list must be updated every time there is a new file format you want to block.

Step 1: SSH into TrueNas to determine the id of the folder (dataset) you want to block the file

midclt call sharing.smb.query

Step 2: Setting veto file

Get the id number, suppose Homefolder is 2
midclt call sharing.smb.update 2 ‘{“auxsmbconf”: “veto files = /*.exe/*.bat/*.mp3/*.mp4/*.avi/*.zip/*.rar/*.7z/*.iso/*.dll/*.com/*.scr/*.ps1/\ndelete veto files = yes”}’

• If you have multiple sub-configuration lines, use \n to break the line in the JSON string.
• In veto files, each pattern is separated by a / (similar to Linux path matching).

• Forbidden files, fill in the file format.

If delete veto files is enabled = yes, the vetoed file will also be automatically deleted if successfully uploaded using the trick.

Step 3: Restart service smb

systemctl restart smbd
Enter password user root

Login user to test the .ps1 file