| I find myself using this all the time so allow me to share it. And thanks to Todd Klindt, SharePoint Legend, for making it available. If you are not subscribed to his blog, you should be.Service Account Suggestions for SharePoint 2010 |
During our daylong Admin session at SPTechCon, the question came up about what service accounts we thought people should be using with SharePoint 2010. I promised I’d blog the recommendations that we made. Here is the table I put up.
|
Account name |
Role |
Domain rights |
Local SharePoint Server rights needed |
SQL rights needed |
| sp_install | Used to install SharePoint binaries. | Domain User | Local administrator on all SharePoint boxes | dbcreator and securityadmin SQL roles |
| sp_farm | Farm account. Used for Windows Timer Service, Central Admin and User Profile serve | Domain User | Local Admin during UPS provisioning, log on locally right | None |
| sp_webapp | App pool id for content web apps | Domain User | None | None |
| sp_serviceapps | Service app pool id | Domain User | None | None, unless using Office Web Apps. Them must give access to content databases manually |
| sp_search | Search process id | Domain User | None | None |
| sp_content | Account used to crawl content | Domain User | None | None |
| sp_userprofile1 | Account used by the User Profile services to access Active Directory | Must have Replicating Change permissions to AD. Must be given in BOTH ADUC and ADSIEDIT. If domain is Windows 2003 or early, must also be a member of the “Pre-Windows 2000” built-in group. | None | None |
| sp_superuser2 | Cache account | Domain User | Web application Policy Full ControlWeb application super account setting | None |
| sp_superreader2 | Cache account | Domain User | Web application Policy Full readWeb application super reader account setting | None |
1) See http://technet.microsoft.com/en-us/library/ee721049.aspx and http://www.harbar.net/articles/sp2010ups.aspx
Again, these are just recommendations. You may end up using more accounts if you have multiple application pools, for instance. Your particular farm may require different accounts.
tk
Jim Ehrenberg (SharePoint Pros, Inc.) 