Microsoft KB Archive/923593

= Error message when users try to access a site collection in SharePoint Server 2007 after you remove the &quot;NT Authority\Local Service&quot; account from the policy for a Web application: &quot;Access denied&quot; =

Article ID: 923593

Article Last Modified on 5/14/2007

-

APPLIES TO


 * Microsoft Windows SharePoint Services 3.0
 * Microsoft Office SharePoint Designer 2007

-



SYMPTOMS
Consider the following scenario. You use SharePoint 3.0 Central Administration to remove the NT Authority\Local Service account from the policy for a Web application. However, after you do this, users can no longer access the site collection for the Web application in Microsoft Office SharePoint Server 2007. Instead, users receive an error message that resembles the following:

Access denied

All users who access the site collection experience this symptom. Even users who have administrative credentials to the site collection experience this symptom.



CAUSE
This issue occurs because the NT Authority\Local Server account is used to build the cache. By default, the NT Authority\Local Service account has Full Read permissions to the policy for the Web application.

We do not recommend that you remove the NT Authority\Local Service account from the policy for a Web application. However, if you do remove the NT Authority\Local Service account, you must specify another account in the policy for the Web application.



WORKAROUND
To work around this issue, use the Stsadm.exe command-line tool to configure the account that you want in the policy for the Web application. Use the following syntax to set the value of the portalsuperreaderaccount property to the account that you want:

stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue  -url

To do this, follow these steps:  Click Start, click Run, type cmd in the Open box, and then click OK. Type the following lines at the command prompt. Press ENTER after each line.

cd /d %commonprogramfiles%\Microsoft Shared\Web Server Extensions\12\Bin

stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue  -url

 Type exit to exit the command prompt.

Additional query words: sts sps moss moss2007

Keywords: kberrmsg kbtshoot kbexpertiseinter kbprb KB923593

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.