How to lock down /_layouts/people.aspx page for SharePoint 2007 and Microsoft Office SharePoint Server 2007
You can lock down the /_layouts/people.aspx page for all uses (except “Full Control” users) by doing the following steps:
1. Login on the top site (not the central admin site) of your site collection as a site collection admin or a full control user.
2. Click: Actions->Site Settings->People and Groups
3. Click: All People
4. Click: Settings->List Settings
5. Click: Advanced Settings
6. Check (see the following picture)
* “Only their own” on Read access
* “Only their own” on Edit access
You are done.
The above security hardening will lock down the access to _layouts/people.aspx for users with permissions such as “Design”, “Manage Hierarchy”, “Approve” “Contribute” “Read” and “Restricted Read”. However, you cannot lock down the user with “Full Control”. (see the following picture)