By default, the Portal Super User account is the site’s System Account, and the Portal Super Reader account is NT Authority\Local Service.
(replace the domain\superuser and domain\superreader to the accounts set in CA for your Farm)
The domain\superuser account needs to have a User Policy set for that gives it Full Control to the entire web application. In order to do this you perform the following steps:
- Go to Central Administration
- Go to Application Management
- Go to Manage Web Application
- Select the web application we’re talking about
- Click User Policy
- Add Users
- Click Next
- Fill in domain\superuser
- Select Full Control
- Click OK
The domain\superreader account needs to have a User Policy set for that gives it Full Read to the entire web application. In order to do this you perform the following steps:
- Go to Central Administration
- Go to Application Management
- Go to Manage Web Application
- Select the web application we’re talking about
- Click User Policy
- Add Users
- Click Next
- Fill in domain\superreader
- Select Full Read
- Click OK
If your web application is using claims based authentication the users should be displayed like i:0#.w|domain\superuser and i:0#w|domain\superreader.
Run the following to check the current configuration
$wa = Get-SPWebApplication "[YourWebAppHereBaby]"
$wa.Properties["portalsuperuseraccount"]
$wa.Properties["portalsuperreaderaccount"]
If you are using classic mode authentication run the following cmdlets on one of your SharePoint servers:
If you don't know what type of authentication is being used for your Farm, you don't have the skills to proceed further.
$wa = Get-SPWebApplication "[YourWebAppHereBaby]"
$wa.Properties["portalsuperuseraccount"] = "domain\superuser"
$wa.Properties["portalsuperreaderaccount"] = "domain\superreader"
$wa.Update()
If you are using claims based authentication run the following from SharePoint PowerShell:
If you don't know what type of authentication is being used for your Farm, you don't have the skills to proceed further.
(replacing the domain\superuser and domain\superreader to the accounts set in CA for your Farm)
$wa = Get-SPWebApplication "[YourWebAppHereBaby]"
$wa.Properties["portalsuperuseraccount"] = "i:0#.w|domain\superuser"
$wa.Properties["portalsuperreaderaccount"] = "i:0#.w|domain\superreader"
$wa.Update()