The Portal Super User and the Portal Super Reader accounts are used for caching objects in SharePoint and heavily used by the publishing feature. By default out of the box the Portal Super User account is the site’s System Account, and the Portal Super Reader account is NT Authority\Local Service. Microsoft recommendation is not to use these out of the box accounts and replace them by creating your own Portal Super User and Portal Super Reader accounts.
The Portal Super User and Portal Super Reader accounts must be separate accounts, and they must not be accounts that will ever be used to log in to the site.
when completing the setup for these accounts you must reset Internet Information Services (IIS) to apply the changes to the web application.
These steps needs to be carefully executed or they can cause the site to stop working and users can get the “Something went wrong” error page. This setup is a tree step process that needs to be fallowed in this sequence.
- create an AD account SP_[yourfarmname]_SuperReader SP_[yourfarmname]_SuperUser. this should be an account that never expries and doesn’t need to reenter new password for the first time.
- Add the accounts to the Application User Policy using Central Admin
- Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration website.
- In Central Administration, in the Application Management section, click Manage web applications, and then click the name of the web application that you want to configure.
- On the Web Applications tab, in the Policy group, click User Policy.
- In the Policy for Web Application window, click Add Users.
- From the Zones list, select All zones, and then click Next.
- In the Users box, type the user name for the Portal Super User account and then click Check Names to ensure that the account name can be resolved by the authentication providers on the application server.
- In the Choose Permissions section, check the Full Control – Has full control box and then click Finish.
- Repeat Steps 5 through 7 for the Portal Super Reader account.
- In the Choose Permissions section, check the Full Read – Has full read-only access box.
- Click Finish.
- Make note of how the names for the Object Cache Super Reader and Object Cache Super User accounts are displayed in the User Name column. The displayed strings will be different depending on whether you are using claims authentication for the web application.
- Assign the super reader and supper reader accounts to sharepoint’s application attributes using PowerShell
- ll PowerShell commands needs to be preformed with elevated admin rights either with SharePoint Management Shell or .
- Paste the following code into a text editor, such as Notepad:
$wa = Get-SPWebApplication -Identity "<WebApplication>" $wa.Properties["portalsuperuseraccount"] = "<SuperUser>" $wa.Properties["portalsuperreaderaccount"] = "<SuperReader>" $wa.Update()
- Replace the following placeholders with values:
- <WebApplication> is the name of the web application to which the accounts will be added.
- <SuperUser> is the account to use for the Portal Super User account as you saw it displayed in the User Name column mentioned in Step 11 of the previous procedure.
- <SuperReader> is account to use for the Portal Super Reader account as you saw it displayed in the User Name column mentioned in Step 11 of the previous procedure.
- !! Reset Internet Information Services (IIS).
!! Copy paste your super reader and super user accounts from your Application User Policy created in step 2 including the claims prefix to the PowerShell commands, sometime the account name will be truncated.
clear Add-PSSnapin Microsoft.Sharepoint.Powershell $wa = Get-SPWebApplication http://stage-yourdomain.com $wa.properties $wa.Properties["portalsuperreaderaccount"] = "i:0#.w|na\sp_superreader***" $wa.Update() $wa.Properties["portalsuperuseraccount"] = "i:0#.w|na\sp_superuser****" $wa.Update() # reset #$wa.Properties["portalsuperuseraccount"] = "" #$wa.Properties["portalsuperreaderaccount"] = "" $wa.update() $wa.properties iisreset