Anonymous users cannot view application-level pages

If you're developing an anonymously accessible SharePoint website, especially an internet-facing one, you may

have noticed that you're SharePoint Forms pages are also accessible to anonymous users. For example http://

SERVER/_layouts/viewlsts.aspx, _vti_bin web services etc. Typically we don't want this, so how do you prevent

anonymous users from accessing these pages? The following steps will help you to do it. This feature is known

as lock down feature which is by default enabled for publishing sites.

To enable this feature

First remove all anonymous access from the site.

Then open command prompt and go to the folder C:\Program Files\Common Files\Microsoft Shared\Web

Server Extensions\14\BIN

First check whether the feature is activated or not; you can use the command below to check it

get-spfeature -site http://url

If ViewFormPagesLockDown is listed, it's enabled.

If not listed you have to enable it with the command below

To activate the Activate Feature:

stsadm -o activatefeature -url -filename ViewFormPagesLockDown\feature.xml

Ref: http://mackenzie-sharepoint.blogspot.co.uk/2011/12/sharepoint-2010-viewformpageslockdown.html

Ref: http://sharepointlink.blogspot.co.uk/2010/05/anonymous-web-service-to-sharepoint.html