Locking down _layouts/_vti_bin & built in SharePoint pages on Anonymous Internet facing sites

On internet facing anonymous sites you may have noticed that your SharePoint Forms pages are also accessible to anonymous users. For example, if you’re using the publishing features, anonymous users might be able to get to


Which is a security concern and we really do not want. MOSS 2007 provides a feature called as “ViewFormPagesLockdown” which helps to lock down access to these pages for anonymous users

stsadm.exe –o activatefeature –url -filename ViewFormPagesLockdownfeature.xml

Running the above command will enable the lockdown for Form pages.

Please Note:

  1. If you already had anonymous access enabled, you’ll need to disable it, then enable it again. 
  2. Go to the _layouts/setanon.aspx page, switch anonymous access off, click OK, then go back and set it to on, click OK. 
  3. You should now get an authentication prompt when you try to navigate to a forms page. 

However, even when lockdown mode is enabled, anonymous users can still access certain Office SharePoint Server application URLs, such as pages in the _layouts directory and Web services that are exposed in the _vti_bin directory. To lock down these pages as well you will need to make some changes to the web.config file of your SharePoint site as shown below

The following XML fragment first denies anonymous users access to all pages in the _layouts and _vti_bin directories, and then allows anonymous users access to three specific pages in the _layouts directory (these are required for SharePoint to function correctly). The question mark (?) represents anonymous users. These restrictions do not apply to authenticated users


To allow anonymous users to authenticate themselves with the server, you should ensure that they have access to the following pages:

  1. _layouts/login.aspx
  2. _layouts/accessdenied.aspx
  3. _layouts/error.aspx

If you deny anonymous users access to any of these pages, Office SharePoint Server will not function properly.

Show username instead of “System Account” in SharePoint

Many times when you login to a SharePoint site you will see at the right hand side top corner “Welcome System Account” instead of your username. Sometimes we need to really get rid of this system account and display proper username.
Here are the two ways which could help you accomplish this task:
Solution one :
· Go to Central Administration / Application Management.
· Click Policy for Web Application.
· Select your web app and click your account in the list.
· In the Edit Users page, clear the Account operates as System checkbox.
· That should fix this particular problem.
Solution two:
· Go to Central Administration / Operations.
· Select Service Accounts
. Select your web application
· Change the application pool identity for your Web application

Prevent users from changing a Windows SharePoint Services 3.0 site or a SharePoint Server 2007 site using SharePoint Designer

Prevent users from changing a Windows SharePoint Services 3.0 site or a SharePoint Server 2007 site using SharePoint Designer

The following article shows you how you can prevent users from changing a Windows SharePoint Services 3.0 site or a SharePoint Server 2007 site using SharePoint Designer.


Reading values from SPFieldMultiChoice field

Reading values from a Multi Choice field sometimes gives lot of pains…it inserts “;#” between multiple values.

I will show you the following way to read values from the multi choice field which does not has this limitation

SPList list = web.Lists["{YourList}"]; 
SPListItem result = list.GetItemById(1);
SPFieldMultiChoice  choceField = result.Fields.GetField("MyMultiChoice") as SPFieldMultiChoice;
string multiChoiceValues= choceField.GetFieldValueAsText(result["MyMultiChoice"]);