How to lock down /_layouts/people.aspx page for SharePoint 2007 and Microsoft Office SharePoint Server 2007
You can lock down the /_layouts/people.aspx page for all uses (except “Full Control” users) by doing the following steps:
1. Login on the top site (not the central admin site) of your site collection as a site collection admin or a full control user.
2. Click: Actions->Site Settings->People and Groups
3. Click: All People
4. Click: Settings->List Settings
5. Click: Advanced Settings
6. Check (see the following picture)
* “Only their own” on Read access
* “Only their own” on Edit access
You are done.
![clip_image002[6]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/BlogFileStorage/blogs_msdn/hanz/WindowsLiveWriter/How.aspxpageforSharePoint2007andMicrosof_70D2/clip_image002%5B6%5D.jpg "clip_image002[6]")
The above security hardening will lock down the access to _layouts/people.aspx for users with permissions such as “Design”, “Manage Hierarchy”, “Approve” “Contribute” “Read” and “Restricted Read”. However, you cannot lock down the user with “Full Control”. (see the following picture)
![clip_image002[9]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/BlogFileStorage/blogs_msdn/hanz/WindowsLiveWriter/How.aspxpageforSharePoint2007andMicrosof_70D2/clip_image002%5B9%5D.jpg "clip_image002[9]")