Service Accounts

All Service Accounts (unless noted under Description) will be registered in SharePoint as Managed Accounts which will allow SharePoint to manage password changes automatically.

The following lists service accounts used for the SharePoint Farm:

Description	Account Name	Roles	Permissions and notes
SQL Server Service Account	SP10_SQL	Runs services: MSSQLSERVER SQLSERVERAGENT	* Requires sysadmin for SQL Server Agent
SharePoint Setup User Account	SP10_Setup	Runs Setup and SharePoint Wizard MUST be Administrator on all SharePoint Servers (add to SharePoint Farm Admins AD security group)	dbcreator, securityadmin server roles and db_owner for all SharePoint databases.
SharePoint Server Farm Account Database Access Account (not Content Access)	SP10_Farm	Must have associated email address like sharepoint@company.com; will send users alerts. Is automatically given SharePoint permissions and SQL Permissions Must log in (once) to the server for User Profile setup to work properly You have to make this a local admin AND make give it the log on locally right separately. The former privilege needs to be retained after this account is removed from local admin. should be dbcreator & securityadmin plus db_owner on SP DB's.	*
SharePoint Service Applications Service Account	SP10_Apps	AppPool Identity for Service Applications (except Search)	* For least privileged user use a separate account for each service application. However, best practice is to limit the number of application pools. * If using Office Web Apps, this account must be dbo on all content databases.
SharePoint User Profile Synchronization Service Account (Unmanaged)	SP10_Sync	Runs User Profile Sync Jobs	*Needs AD permissions: UPS Setup
SharePoint User Profile Application Service Account (Unmanaged) AD Connection Account	SP10_Profile	Runs User Profile Sync Jobs	*Needs AD permissions: UPS Setup</td
SharePoint MySite AppPool Identity	SP10_MySite	MySite Web Application Pool Identity	*
SharePoint Web Analytics Service Account	SP10_Analyze	Web Analytics Service Account	*
SharePoint Managed Metadata Service Account	SP10_Metadata	Runs Managed Metadata Service	*
SharePoint Search Service Account Search Query App Pool Account	SP10_Search	Runs Search Service	*
SharePoint Content Access Account (Unmanaged)	SP10_Crawl	Used for SharePoint Foundation 2010 Content Access Account SharePoint 2010 Content Access Account	*
Search Administration App Pool Account	SP10_SearchAdmin	Runs Application Pool for SharePoint Foundation Admin Component	*
SharePoint Web Application Pool Account	SP10_Intranet	Runs AppPool for Portal Web App	*
Objec Cache User Account (Unmanaged)	SP10_SuperUser	Needs Web App Policy Full Control [1]	*
Object Cache Reader Account (Unmanaged)	SP10_SuperReader	Needs Web App Policy Read Control [2]	*

Additional Service Accounts for services:

Description	Account Name	Roles	Permissions and notes
Office Web Apps Service Account	SP10_OfficeWeb	*	* Needs access to content databases.
Unattended Excel Services Service Account (Unmanaged)	SP10_Excel	*	In general, any Secure Store application credentials, such as this account should be Unmanaged
Unattended Visio Graphics Services Service Account (Unmanaged)	SP10_Visio	*	In general, any Secure Store application credentials, such as this account should be Unmanaged
Unattended PerformancePoint Services Service Account (Unmanaged)	SP10_PerfPoint	*	In general, any Secure Store application credentials, such as this account should be Unmanaged

Service Account References

Administrative and service accounts required for initial deployment (SharePoint Server 2010)

Retrieved from "http://wiki.wahidsaleemi.com/Pages/Service_Accounts"

Skin by RIL Partner