STEP 1: Create the user accounts in Active Directory
Super Reader Account: domainSuperReader
Super User Account: domainSuperUser
STEP 2: Set Permissions in Central Administration
- Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration website.
- On the Central Administration website, in the Application Managementsection, click Manage web applications.
- Click the name of the web application that you want to configure.
- On the Web Applicationstab, in the Policy group, click User Policy.
- In the Policy for Web Application window, click Add Users.
- From the Zoneslist, select All zones, and then click Next.
- In the Usersbox, type the user name for the Portal Super User account.
- Click the Check Namesicon to ensure that the account name can be resolved by the authentication providers on the application server.
- In the Choose Permissionssection, check the Full Control – Has full control
- Click Finish.
- Repeat Steps 5 through 8 for the Portal Super Reader account.
- In the Choose Permissionssection, check the Full Read – Has full read-only access
- Click Finish.
- Make note of how the names for the Object Cache Super Reader and Object Cache Super User accounts are displayed in the User Name The displayed strings will be different depending on whether you are using claims authentication for the web application.
STEP 3: Set the SuperReader and SuperUser account in the Web Application (Powershell)
Copy and paste the following text into a Powershell window
- $wa = Get-SPWebApplication -Identity “<WebApplication>“
- $wa.Properties[“portalsuperuseraccount”] = “<SuperUser>“
- $wa.Properties[“portalsuperreaderaccount”] = “<SuperReader>“
<WebApplication> is the URL of the Web Application
<SuperUser> is the Super User account in the format domainuser
<SuperReader> is the Super User account in the format domainuser
Be careful if your web application is in Claims Mode Authentication, because you must use the format i:0#.w|domainuser
Hope it helps!