Rob Garrett - Blogs
Welcome to Rob Garrett - Blogs Sign in | Join | Help
in Search
Google
Home Blogs Gadgets Advertisements

Software/Technology Discussion

Software and Technology Tid-bits

SharePoint 2007 - Lock down your site

Scenario:  You have a public facing web site in SharePoint 2007, and you have added form-based authentication for access to the secure areas of your site.

The problem with SharePoint 2007 is that out of the box behavior assumes access to the application pages (_layouts) for authenticated users.  Security trimming will prevent access to pages that users have no access, but not all of the application pages.  It would be jolly nice if you could lock down your site and prevent access to all application pages unless you are an super admin.  Fortunately there is a nice STSADM command that will perform this action for you:

Turn on lockdown mode for a site collection

stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

Turn off lockdown mode for a site collection

stsadm -o deactivatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

Lockdown mode reduces permissions as follows:

Share this post: Email it! | bookmark it! | digg it! | reddit!
Published Monday, October 01, 2007 11:15 AM by Rob Garrett

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Pranav said:

As far as I understand the lockdown, I believe that on a fresh install the lockdown is ACTIVATED by default. Keep in mind that the lockdown plays a key role if you want anonymous read/add/edit/delete access to a list or a document library since all those pages are considered 'form' pages.
October 2, 2007 6:44 AM
 

Carlos Fernandez (Portal Solutions) said:

(Pranav) - actually the lockdown feature is only enabled by default if when you created the site collection you selected Publishing Site. Then it is on by default. Secondly, if you have anonymous access already enabled before you install the feature. Make sure that after you install it you disable and re-enable anonymous access. Without doing this you will still have access to the forms and lists. Just a small quirk about that particular feature.
October 2, 2007 9:52 AM

Leave a Comment

(required) 
(optional)
(required) 
Submit

Blurb


Head Shot
Rob Garrett is a British Expat living in Maryland USA. Rob is a trained software engineer and experienced in Windows .NET development.

Rob enjoys listening to Rock music, posting to blogs, driving in the country with the sunroof open, beer (not in conjunction with country driving) and spending time with his family.

This Blog

Recent Posts

Syndication

Archives
Rob Garrett © 2007
Powered by Community Server, by Telligent Systems