SharePoint Sharpener

Obsessively Sharpening SharePoint

ViewFormPagesLockDown Does not Kick In

with 3 comments


Hardening your internet-facing MOSS installation is essential to avoid attacks. Check out Microsoft’s excellent guide which takes you through most of the steps required to shield your portal against intruders.

However, if your portal wasn’t born as a publishing portal, all anonymous users will have access to AllItems.aspx, DispForm.aspx and other pages that you probably don’t want outside users to see. For instance, you may have created a newsletter signup web part which posts data to a list (using elevation). In time, the list fills up with more or less sensitive information about your newsletter subscribers and you probably don’t want this information to end up in the wrong hands.

Unfortunately, it is quite easy for someone with just a litte SharePoint experience to guess the path to e.g. the AllItems.aspx page of a SharePoint list:

 image 

And if your portal is not locked down, all list items will be there for the taking.

 

ViewFormPagesLockDown

Stsadm comes to the rescue yet again. To activate the lockdown, simply run this stsadm command:

stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml

If you get the “Operation completed successfully”-message, you’re in business.

Well, almost…

 

The final step

You’ll probably find that the new feature still hasn’t kicked in. Fear not, you simply need to deactivate and reactivate anonymous access on the portal.

Advertisements

Written by Thomas Sondergaard

August 28, 2008 at 9:59 am

3 Responses

Subscribe to comments with RSS.

  1. […] hardening your internet-facing MOSS installation is essential to shield your portal against […]

  2. Some times it is also necesary to reset the rights for each list that has anonymous access enabled.

    Daniel

    January 16, 2009 at 9:06 am

  3. […] mode:stsadm –o activatefeature –url <url> -filename ViewFormPagesLockdownfeature.xmlRead more about […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: