Documentation fine print #1 – ViewFormPagesLockdown

(this is the first of a series of posts to document and discuss problems that come up from not noticing a detail in the documentation)

One of my customers was trying to use the ViewFormPagesLock

Technorati Tags: sharepoint documentation configuration planning architecture

down feature in SharePoint 2007 to restrict access from anonymous users to the form pages which can be used to list items or view them individually.

This is often a good practice for external anonymous access and is a technique described in the “Plan security for an external anonymous access environment” chapter from the Planning and Architecture for Office SharePoint 2007 technical library on TechNet.

The customer had activated the feature as described in the procedure published on the ECM team blog, but things were not working as expected as the anonymous users still had access to pages like /Forms/AllItems.aspx.

Re-reading the post, I noticed a small detail right after the command. It read:

This will enable the lockdown feature on your site collection. If you already had anonymous access enabled, you'll need to go disable it, then enable it again.

Because this was placed after the command, I figured that the customer may have missed so I suggested they’d give a try and voilá!

Lesson learned: the anonymous access to a site collection needs to be reset (disabled and enabled) after the ViewFormPagesLockdown feature is enabled.