Error message when users try to access a site collection in SharePoint Server 2007 after you remove the "NT Authority\Local Service" account from the policy for a Web application: "Access denied"

Consider the following scenario. You use SharePoint 3.0 Central Administration to remove the NT Authority\Local Service account from the policy for a Web application. However, after you do this, users can no longer access the site collection for the Web application in Microsoft Office SharePoint Server 2007. Instead, users receive an error message that resembles the following:All users who access the site collection experience this symptom. Even users who have administrative credentials to the site collection experience this symptom.

This issue occurs because the NT Authority\Local Server account is used to build the cache. By default, the NT Authority\Local Service account has Full Read permissions to the policy for the Web application.

We do not recommend that you remove the NT Authority\Local Service account from the policy for a Web application. However, if you do remove the NT Authority\Local Service account, you must specify another account in the policy for the Web application.

To work around this issue, use the Stsadm.exe command-line tool to configure the account that you want in the policy for the Web application. Use the following syntax to set the value of the portalsuperreaderaccount property to the account that you want:To do this, follow these steps:

1. Click Start, click Run, type cmd in the Open box, and then click OK.
2. Type the following lines at the command prompt. Press ENTER after each line.
   cd /d %commonprogramfiles%\Microsoft Shared\Web Server Extensions\12\Bin
   stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue UserAccount -url URLOfWebApplication
3. Type exit to exit the command prompt.