How to lock down /_layouts/people.aspx page for SharePoint 2007 and Microsoft Office SharePoint Server 2007

You can lock down the /_layouts/people.aspx page for all uses (except “Full Control” users) by doing the following steps:

1. Login on the top site (not the central admin site) of your site collection as  a site collection admin or a full control user.

2. Click: Actions->Site Settings->People and Groups

3. Click: All People

4. Click: Settings->List Settings

5. Click: Advanced Settings

6. Check (see the following picture)

       * “Only their own” on Read access

       * “Only their own” on Edit access

You are done.


The above security hardening will lock down the access to _layouts/people.aspx for users with permissions such as “Design”, “Manage Hierarchy”, “Approve” “Contribute” “Read” and “Restricted Read”. However, you cannot lock down the user with “Full Control”. (see the following picture)