SharePoint 2007 – Lock down your site

Scenario:  You have a public facing web site in SharePoint 2007, and you have added form-based authentication for access to the secure areas of your site.

The problem with SharePoint 2007 is that out of the box behavior assumes access to the application pages (_layouts) for authenticated users.  Security trimming will prevent access to pages that users have no access, but not all of the application pages.  It would be jolly nice if you could lock down your site and prevent access to all application pages unless you are an super admin.  Fortunately there is a nice STSADM command that will perform this action for you:

Turn on lockdown mode for a site collection

stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDownfeature.xml

Turn off lockdown mode for a site collection

stsadm -o deactivatefeature -url <site collection url> -filename ViewFormPagesLockDownfeature.xml

Lockdown mode reduces permissions as follows:

2 thoughts on “SharePoint 2007 – Lock down your site

  1. Pranav

    As far as I understand the lockdown, I believe that on a fresh install the lockdown is ACTIVATED by default. Keep in mind that the lockdown plays a key role if you want anonymous read/add/edit/delete access to a list or a document library since all those pages are considered ‘form’ pages.

  2. http://

    (Pranav) – actually the lockdown feature is only enabled by default if when you created the site collection you selected Publishing Site. Then it is on by default.

    Secondly, if you have anonymous access already enabled before you install the feature. Make sure that after you install it you disable and re-enable anonymous access. Without doing this you will still have access to the forms and lists.

    Just a small quirk about that particular feature.

Comments are closed.