http://blogs.msdn.com/ketaanhs/archive/tags/Service+Accounts/default.aspxTags: Service Accountsen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/ketaanhs/archive/2008/08/12/service-accounts-to-be-used-for-sharepoint-2007-moss.aspxTue, 12 Aug 2008 18:20:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:8851915ketaanhs1http://blogs.msdn.com/ketaanhs/comments/8851915.aspxhttp://blogs.msdn.com/ketaanhs/commentrss.aspx?PostID=8851915http://blogs.msdn.com/ketaanhs/rsscomments.aspx?PostID=8851915<P style="MARGIN: 0in 0in 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>One of my customers happened to ask me if we have some set of service accounts to be created (minimal) for sharepoint deployment. Following are some of them:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>Following are the accounts that would be required:<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>SPECIAL PERMISSION ACCOUNT:</FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"></SPAN><FONT size=3><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin">(1) Setup User Account &nbsp;– Used for running install and to admin server (Basically this account with do things like: Installation, Service Pack Installs, Server Maintenance, Farm Configurations, etc). Also note that this domain account has to be a LOCAL ADMIN on each every box in our Sharepoint Farm.Apart from that this account will also need DBCREATOR and SECURITYADMIN Roles on the database server.<o:p></o:p></SPAN></FONT></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>GENERAL ACCOUNTS:<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(2) Server Farm Account &nbsp;– Central Admin App Pool Account, Timer Service Account. This account will be used during the installation when the installation would prompt for User Account.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><FONT size=3><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin">(3) SSP App Pool Account : This is just a domain user and SharePoint would give all the required permissions to it.<o:p></o:p></SPAN></FONT></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(3) SSP Service Account – All SSP services and jobs. This could be the same account as the SSP APP POOL account.</FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(4) MOSS Search Account – Used by search service.&nbsp; Also become default content access account for search. This account should only have the read access to all the web-application as it needs to crawl it.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(5) WSS Search Service Account– Used by the help system crawler. We will configure this service only once a day as this is really not need for anything.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(5) WSS Search Content Account– Used to access the data by the help system crawler. Again this can be the same account as the WSS Search Service Account.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>(6) Application Pool Identities– The account used to access the content databases for the web app.&nbsp; Also account for w3wp.exe.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><FONT size=3>So we created only above 6 service accounts which are all just domain users and only the (1) account is the local admin on all Sharepoint box and with some special Database roles assigned.<o:p></o:p></FONT></SPAN></P> <P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN style="FONT-FAMILY: 'Cambria','serif'; COLOR: #0070c0; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin"><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=8851915" width="1" height="1">Service Accounts