Default SharePoint 2013 / 2010 System Pages: Where you should take care when you go online

There are lists of SharePoint System Pages which inherit view permissions by default. If you are going to make a public SharePoint site, you might not want to access these pages by anonymous users or by Form Based Authentication User.

There are may ways to restrict a user's access to these pages that will be explained in a different post.

Below are pages that are available in each site under layout mapping.

Site Collection and Site Level Recycle Bin URLs

/_layouts/15/AdminRecycleBin.aspx

https://lh6.googleusercontent.com/aNM6ABqtNFQyaHx5byGC0dLbHJycvpOlRuZvL6SlQT4yo_FsdDPTi8kisdsb3uQ6WNpnk3FwCXveSY7-DxAowPMoq0nkp555prqFA0uDhbcy6cGcTSTbuU64xnminDPmW9hBcWRJjeIaQZFkVQ

/_layouts/15/RecycleBin.aspx
https://lh6.googleusercontent.com/KCIbwwC3Qw7WRoLxSHK9EIl9G7LmM6RreTh3CWo8XXdmQQ4nPxJBNpl5tjXza6z-YoGTJ9q5p6F7XtzqKXgylplMyVAorWLmVsInctFyE7DBjgM7wWBKj_U2gmvS8ybQsIXNy1_AqwzvKAxDew

User, User Info, Site Permission related URLs

_layouts/15/permsetup.aspx

This is used to create default groups in SharePoint such as visitors, members and owners.

https://lh3.googleusercontent.com/3N_33m4HeoI46P3c-Rkf480tVGDYZLQYTvq6KdAYpJU9TasmXZv2krULqFk2nTU8tOHRKrCTOPr0JdFevZb4UuHQ69arX3Asif5uojyGUzTM4bVZkaCTSm7YmVwaztcLxZ5WUdW4yReMy53PPw

/_layouts/15/people.aspx?MembershipGroupId=0

All People URL

This can be even used to delete users from the site collection.

https://lh5.googleusercontent.com/fOeZqKY9tS7naCaeEqp2Iv5_ZV-ng7i8yNdmAOL4MZZpvIOthMNCLV1NySczg7FyMTbabCzjQaQ5lgMGSCaq95KdPG-YoIMIkYM4TFQaWPD-IhkAUuq_yN3V5NMU_h1tW4Z-NT7mwjyvpwefog

User Information Hidden List URLs

/_catalogs/users/detail.aspx

/_catalogs/users/simple.aspx

https://lh3.googleusercontent.com/1evD_sKjIMVKu-zbKdSB6bqZO9pkSlJ_pWRRiHS2JB95we8S2lJx_fz5QhDotnubun3c1fkfeNgSTKvvY1D7Kd7UyBpAxbQd8uuBM_sWmQz9lqcLsBoqMo-3FpFOgKWhpOxIKsP689IeUK4glw

These lists are actually available from previous version of SharePoint. These are hidden lists available in the SharePoint containing user information.

/_layouts/15/userdisp.aspx?id={UserID}&Force=True

This is used to view user information in the same page without redirecting to my site.

https://lh5.googleusercontent.com/_wt8Pfe8P7kLKYDkJh7xqj3eIi20EHSDGLS1Su8_f9dM4FvIGJyCS0MmomQ73mEpiTaREDSNDTLs78pdAxe6G_oyq4QEx8Qd4Falo40TgDbZkc8jYGw9c69xbT7zhfGiCd91k59eEfH5zYZgiw

/_layouts/quiklnch.aspx

This is used to manage quick launch items in SharePoint.

https://lh3.googleusercontent.com/Xc4Fdi9GjxS0cLvxWNygN0-L_coq5LD7BubQ1xYXO3hSCsdA7zeRaepbHOTlSyC8pWwjslyO2uliITmEN5hxtQtNPXUBCYxWJveoKGOseHnIT_Cg8bUqrwAu3V7H8QI0F0zftSrSM1Mw7UZ-4A

/_layouts/15/AreaNavigationSettings.aspx

This is used to modify navigation setting in the site collection.

https://lh4.googleusercontent.com/i8mw6cWLWyQY977jZ2b7D3f2-1_VPwKjhNSQ9Z1AOsq4Je7wedvsyLLhdDFFlSUzZlARsNhvWk6mEz_ZuGehAtlFMmi28vcx2JaKknayWMrg41hjM7m-aGtiyuz7EXPEfFW4S-mCKvNS-y1qiA

Workflow history hidden list

/Lists/Workflow%20History/AllItems.aspx

This is hidden list for manage and view workflow history items.

https://lh5.googleusercontent.com/yrdR-HbH8Bj_n19SAv1ilo0A_jxn4m5Af8ZEnwWqtA1gaUjLoIp6G-AFW_RVWQhbRoYErXY_G7qkIID9HUuOsbGDshlQ3MYhBLx5NY6jgKQcSDEQKEkAJUu6tIVH5d8znf-UTR9H82VwofeDRg

Site usage page

/_layouts/15/usage.aspx

This is used to view the usage information but nothing harmful.

https://lh5.googleusercontent.com/atyTTGoWIud1FSeAP2FhSl-QajN2894RB4u4Zor84_PiqyhLaLwGrdstTJe_8dU6RxIatl2uOIASrOOdjeqGENlCUbT5O_udpFS0HBVVRhVM_tZ3ir5xrsOabJK3z97d4QPCz4R9HAiCBjz34w

Site content and structure pages

/_layouts/15/sitemanager.aspx

This will bring you site management page which is available from SharePoint 2007.

https://lh4.googleusercontent.com/bq9-3Nx7Xfw2Pa4z-r03kYx0c1eujx9SI9Xf1VrV19tWHbPqwf2pB5aMdma-JPepX-DAzZ74NMY-xTtbcLj9jSu16KkolkTZCwXgYr3vBf1QaxILrH6KaYjN4XkFDe7NmGuz7wVv8sTfRLJH8w

/_layouts/vsubwebs.aspx

List of hierarchy pages

https://lh6.googleusercontent.com/imW4DkcZtyQIZG5LZw4gROgVr8ttniP9z346zMMbbCc_Zbl3B3dyWvwYRcwLfKcxLSYdHc2ODZkCV9nf4Y76q6-4OSR5R_rbLpNXfaQkfieZW3XXv29TgzCyFKuwnop9rZWAceIdTPLryxM7tA

/_layouts/15/settings.aspx

This is the site setting page that contains all administrative links.

https://lh4.googleusercontent.com/crHhor6nUM2eroJ_QTbWg0gqPeHbSjuLJdPKfTz7Jbx2_e-5Tga0spBmWvwwJ4oMpxYs97CelYjO4wLlI0mu2RzGOpcLmjOibSnztcVXLhX371SUCHXArRmmBMeFIT8lef-MeJPG3OVs83J_fQ
/_layouts/15/viewlsts.aspx

This is used to view all site contents. List’s visibility if this page can be hidden using SharePoint designer.
https://lh5.googleusercontent.com/f7yRbKMhV3wQTA4FBpjqyD8ZOHsifDKR13DAwGZM3gqwyo0zbSnxLmWh1G1LxxcYQHk05foX0E9n5OKOP4IbtWp5sJ5F0n0euRbzloYCC9sERTalmQazO3RqO8Gs5mg8zgL0KpVujJ0QD-LAoA

Site and Site Collection feature management links

/_layouts/15/ManageFeatures.aspx
/_layouts/15/ManageFeatures.aspx?Scope=Site

These links are used activate and deactivate features in site and site collection.

https://lh5.googleusercontent.com/LDQ2SmyOhAh7htOeqU3FeW_qzd0jMuNWf5koCEhLS43ZlP1E9qVtdK8ulnzzFwAskD-m2eaU8ptHxC9Uo30Ma4yDHrqzFjIrCOZZSzOGoWA-WISvsFZizk6IsnEGHKtW2yaMqaxdC19JcVYrcQ

SharePoint Designer Settings

/_layouts/15/SharePointDesignerSettings.aspx

This is used to enable and disable SharePoint designer settings.

https://lh5.googleusercontent.com/SseoJaljeDIeQ67h-4hTCTg7KI474EHkFAQdNdLMajmsedaiWoLmpOVELZwt91erJxmBTFfk07JB6mY80kZs626P3dq5VXhqj5qseZDmEuc2ix5M_HkB97ByIi6N9hIqELGrKmBuvWu2ntFWCw

Look and Feel URLs

/_layouts/ChangeSiteMasterPage.aspx
**
**This is used to change site collection master pages.

https://lh3.googleusercontent.com/-md6sMvvMecR9DJCBnypYi9nQ_S_Rn8gOuk39t5uj6sKOMfcZ9XdHWRoNJlyCrrxiYqy_URJh5IgYacZsvxLXGXI9FGgQvMJuVnM8yJGUa0q22rEr3LEruu45Ru5ASlHo04k2K67sQY4p3RDzQ
/_Layouts/AreaTemplateSettings.aspx

This is where a user can change Page Layouts, Site Templates and other related settings.

https://lh5.googleusercontent.com/RIHcfZ9zqTY5Hw5AkEAIlLIzinrjaLN6lWPtuOFpR2-qwxEYbJRsc3fPsAH5VmeDLRYtXnKHZDR07YjXpUojrkB0yhadeelHT1mfCuBKeWtaRKOpWxODn0vZ3KSmSOeYTGYrkgWPpr_ZrQU_fg
/_catalogs/masterpage/Forms/AllItems.aspx

This is the main document library for update and maintain related files and master pages.

https://lh5.googleusercontent.com/7EKlWfrdqtRhkixIbpk_Y7ahpSS1wG4MCu1isvCRACaLajvUXQmHEwPjqGB0YYen5W2eSWpBswB4BxbgHKGpIB72owauwHg4By03IwdMUrXa-Vk7yBwrSipesJaC7VS4T2B34Pe56qQjy9kPFg