Necessary SharePoint Service Accounts
When it comes to looking for SharePoint information, my first stop is Sharee’s Blog. Sharee is a SharePoint guru who’s blog is loaded with real-world scenarios. Unlike some of TechNet articles and Microsoft’s blogs that post filtered information based on how the product is “supposed” to work, rather than how it actually works in the real-world, Sharee blogs about some really cool SharePoint stuff that’s based on her own experiences.
Today she posted this information about SharePoint Service Accounts. There is so much scattered information on this topic all over the Web. It is great to see this information in one place. If you work with SharePoint, you will appreciate this blog post.
Here’s a portion of her article.
“SharePoint uses service accounts to run specific services behind the scenes. SharePoint does not function under the practice of “running everything as administrator”. There are several documents regarding all of the different service accounts that are recommended for SharePoint, but for some organizations the sheer number of accounts is simply not manageable. So I’ve put together a list of what I would consider the minimum accounts (and rights) for a typical SharePoint installation. The account you use to run setup on any server where MOSS needs to be installed must belong to the local administrators group. In addition, this account must be a Domain User and be a member of the following SQL server security roles: Logins, Securityadmin & Dbcreator. This account is responsible for creating new databases and creating new IIS sites so it is important to make sure the right permissions are set.
Typically, an account such as the domain administrator is used to run the installation; however it is strongly recommended that you use a dedicated account to log in and install Windows SharePoint Services and Office SharePoint 2007 servers. This account can also be used as the identity of the Central Administration site application pool, or it can be unique. You should always use the service account that you create to run all the WSS 3.0 services instead of a regular user account.”
Check out the entire article for more details: Necessary SharePoint Service Accounts.