Lock Down SharePoint 2007 Application Pages

(c) Sean Bordner

(c) Sean Bordner

SharePoint 2007 application pages (_layouts) can be locked down to prevent users from accessing them.  This is helpful not only in preventing users from accessing application pages they don’t need to be accessing on a public facing web site, but also in preventing search engines from crawling application pages. 

To lock down your SharePoint 2007 application pages, issue the stsadm command as follows:

stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

This can be reversed (unlocked) by issuing the following command:

stsadm -o deactivatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

Note:  By default, this SharePoint 2007 feature is deactivated, unless the site was created using the “Publishing Site” template.  Additionally, if you have anonymous access enabled prior to activating this feature, you need to disable anonymous access and then re-enable anonymous access again. 

Another similar capability is available for removing people picker AD lookups. 
stsadm -o setproperty peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode

About Sean Bordner

CEO, Solution Architect, Co-Author of SharePoint for Nonprofits, Contributing Author NothingButSharePoint.com MCT, MCTS, MCSD, MCP, MCAD
This entry was posted in Security, SharePoint. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s