I find myself using this all the time so allow me to share it. And thanks to Todd Klindt, SharePoint Legend, for making it available. If you are not subscribed to his blog, you should be.Service Account Suggestions for SharePoint 2010
by Todd O. KlindtNo presence information  on 10/23/2010 9:31 PM

Category: SharePoint 2010

During our daylong Admin session at SPTechCon, the question came up about what service accounts we thought people should be using with SharePoint 2010. I promised I’d blog the recommendations that we made. Here is the table I put up.

Account name


Domain rights

Local SharePoint Server rights needed

SQL rights needed

sp_install Used to install SharePoint binaries. Domain User Local administrator on all SharePoint boxes dbcreator and securityadmin SQL roles
sp_farm Farm account. Used for Windows Timer Service, Central Admin and User Profile serve Domain User Local Admin during UPS provisioning, log on locally right None
sp_webapp App pool id for content web apps Domain User None None
sp_serviceapps Service app pool id Domain User None None, unless using Office Web Apps. Them must give access to content databases manually
sp_search Search process id Domain User None None
sp_content  Account used to crawl content Domain User None None
sp_userprofile1 Account used by the User Profile services to access Active Directory Must have Replicating Change permissions to AD. Must be given in BOTH ADUC and ADSIEDIT. If domain is Windows 2003 or early, must also be a member of the “Pre-Windows 2000” built-in group. None None
sp_superuser2 Cache account Domain User Web application Policy Full ControlWeb application super account setting None
sp_superreader2 Cache account Domain User Web application Policy Full readWeb application super reader account setting None

1) See http://technet.microsoft.com/en-us/library/ee721049.aspx and http://www.harbar.net/articles/sp2010ups.aspx

2) http://www.sharepointchick.com/archive/2010/10/06/resolving-the-super-user-account-utilized-by-the-cache-is.aspx

Again, these are just recommendations. You may end up using more accounts if you have multiple application pools, for instance. Your particular farm may require different accounts.