You can lock down the /_layouts/people.aspx page for all uses (except “Full Control” users) by doing the following steps:
1. Login on the top site (not the central admin site) of your site collection as a site collection admin or a full control user.
2. Click: Actions->Site Settings->People and Groups
3. Click: All People
4. Click: Settings->List Settings
5. Click: Advanced Settings
6. Check (see the following picture)
* “Only their own” on Read access
* “Only their own” on Edit access
You are done.
![clip_image002[6]](http://blogs.msdn.com/blogfiles/hanz/WindowsLiveWriter/How.aspxpageforSharePoint2007andMicrosof_70D2/clip_image002%5B6%5D_thumb.jpg "clip_image002[6]")
The above security hardening will lock down the access to _layouts/people.aspx for users with permissions such as “Design”, “Manage Hierarchy”, “Approve” “Contribute” “Read” and “Restricted Read”. However, you cannot lock down the user with “Full Control”. (see the following picture)
![clip_image002[9]](http://blogs.msdn.com/blogfiles/hanz/WindowsLiveWriter/How.aspxpageforSharePoint2007andMicrosof_70D2/clip_image002%5B9%5D_thumb.jpg "clip_image002[9]")
