Gino Abraham's Blog

November 2011 Entries

Block Application pages and Form Pages in Sharepoint 2010

By default Sharepoint doesn’t blocks user with limited access from visiting application pages (for ex _layouts/viewlsts.aspx).

Someone who knows the URL, can go to this page.

 We can avoid this by change the limited access to lockdown mode. Use the command below.

  

Action

Command

Turn on lockdown mode for a site collection

stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

Turn off lockdown mode for a site collection

stsadm -o deactivatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

For more info on this visit http://technet.microsoft.com/en-us/library/cc263468(office.12).aspx#section6 

 

 Once locked down mode is enabled, groups/users with View Application pages will only be able to visit these pages. You can either select Restricted Read permission or remove View Application Pages permission for the users or groups which you want to block application pages.