Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 923593 - Last Review: May 14, 2007 - Revision: 2.3
Error message when users try to access a site collection in SharePoint Server 2007 after you remove the "NT Authority\Local Service" account from the policy for a Web application: "Access denied"
Consider the following scenario. You use SharePoint 3.0 Central Administration to remove the NT Authority\Local Service account from the policy for a Web application. However, after you do this, users can no longer access the site collection for the Web application in Microsoft Office SharePoint Server 2007. Instead, users receive an error message that resembles the following:
All users who access the site collection experience this symptom. Even users who have administrative credentials to the site collection experience this symptom.
This issue occurs because the NT Authority\Local Server account is used to build the cache. By default, the NT Authority\Local Service account has Full Read permissions to the policy for the Web application.
We do not recommend that you remove the NT Authority\Local Service account from the policy for a Web application. However, if you do remove the NT Authority\Local Service account, you must specify another account in the policy for the Web application.
To work around this issue, use the Stsadm.exe command-line tool to configure the account that you want in the policy for the Web application. Use the following syntax to set the value of the
portalsuperreaderaccount property to the account that you want:
stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue UserAccount -url URLOfWebApplication
To do this, follow these steps:
- Click Start, click Run, type cmd in the Open box, and then click OK.
- Type the following lines at the command prompt. Press ENTER after each line.
cd /d %commonprogramfiles%\Microsoft Shared\Web Server Extensions\12\Bin
stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue UserAccount -url URLOfWebApplication
- Type exit to exit the command prompt.
APPLIES TO
- Microsoft Windows SharePoint Services 3.0
- Microsoft Office SharePoint Designer 2007
| kberrmsg kbtshoot kbexpertiseinter kbprb KB923593 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate