SharePoint - PowerShell to configure SuperUser and SuperReader accounts on all Web Apps

I have seen many examples but not enough that spells it out so below you can copy out the script and replace the user name with your users.

Here is the link to the official article explaining SharePoint Object Cache. https://technet.microsoft.com/en-us/library/ff758656(v=office.15).aspx

If your On premise deployment is configured according to the SharePoint Product Line Architecture (PLA) then you would only have 1 web application and this would be a simple task but for many On Premise environments they have many Web applications.
https://blogs.technet.com/b/pla/archive/2013/07/22/benefits-of-using-the-product-line-architecture.aspx
What you will see is that there is a check for Claims Authentication.

The reason for this is that you will notice that when User rights are granted in Central Admin via User Policy for each Web App you will see that the Claims identifier ( "i:0#.w|") is shown (Yes, even in SharePoint 2013).

If you do not provide the claims identifier and you implement Object cache all users will receive "Access Denied" prompts and will be denied regardless of how many times they try to login.

STEPS:

  1. PLEASE GET YOUR AD ADMINS TO CREATE 2 NORMAL AD USER ACCOUNTS (The names and naming convention is completely up to you)
  2. OPEN POWERSHELL ISE OR WINDOWS POWERSHELL WINDOW AS AN ADMIN i.e. FARM ADMIN
  3. COPY OUT THE CODE BETWEEN THE "#-----" BELOW, REPLACE THE DOMAIN AND ACCOUNT NAMES WITH YOUR DETAILS AND EXECUTE

#PowerShell Starts Here
##---------------------------------------------------------------------------------

Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue

####SET ACCOUNT NAMES (Replace Domain and UserName)

#SUPER USER ACCOUNT - Use your own Account (NB: NOT A SHAREPOINT ADMIN)
$sOrigUser= "blue\SP_SuperUser"
$sUserName = "SP_SuperUser"

#SUPER READER ACCOUNT - Use your own Account (NB: NOT A SHAREPOINT ADMIN)
$sOrigRead = "blue\SP_SuperRead"
$sReadName = "SP_SuperRead"

$apps = get-spwebapplication
foreach ($app in $apps) {
   #DISPLAY THE URL IT IS BUSY WITH
   $app.Url
   if ($app.UseClaimsAuthentication -eq $true)
   {
    # IF CLAIMS THEN SET THE IDENTIFIER
    $sUser = "i:0#.w|" + $sOrigUser
    $sRead = "i:0#.w|" + $sOrigRead
   }
   else
   {
   # CLASSIC AUTH USED
     $sUser = $sOrigUser
     $sRead = $sOrigRead
   }
  
   # ADD THE SUPER USER ACC - FULL CONTROL (Required for writing the Cache)
   $policy = $app.Policies.Add($sUser, $sUserName)
   $policyRole = $app.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)
   $policy.PolicyRoleBindings.Add($policyRole)

   $app.Properties["portalsuperuseraccount"] = $sUser
   $app.Update()

   # ADD THE SUPER READER ACC - READ ONLY
   $policy = $app.Policies.Add($sRead, $sReadName)
   $policyRole = $app.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead)
   $policy.PolicyRoleBindings.Add($policyRole)

   $app.Properties["portalsuperreaderaccount"] = $sRead
   $app.Update()

 }

 ##----PowerShell Ends Here----------------------------------------------