Account name
|
Role
|
Domain rights
|
Local SharePoint Server rights needed
|
SQL rights needed
|
sp_install
|
Used to install SharePoint binaries.
|
Domain User
|
Local administrator on all SharePoint boxes
|
dbcreator and securityadmin SQL roles
|
sp_farm
|
Farm account. Used for Windows Timer Service, Central Admin and User Profile service
|
Domain User
|
Local Admin during UPS provisioning, log on locally right
|
None
|
sp_webapp
|
App pool id for content web apps
|
Domain User
|
None
|
None
|
sp_serviceapps
|
Service app pool id
|
Domain User
|
None
|
None, unless using Office Web Apps. Them must give access to content databases manually
|
sp_search
|
Search process id
|
Domain User
|
None
|
None
|
sp_content
|
Account used to crawl content
|
Domain User
|
None
|
None
|
sp_userprofile
|
Account used by the User Profile services to access Active Directory
|
Must
have Replicating Change permissions to AD. Must be given in BOTH ADUC
and ADSIEDIT. If domain is Windows 2003 or early, must also be a member
of the "Pre-Windows 2000" built-in group.
|
None
|
None
|
sp_superuser
|
Cache account
|
Domain User
|
Web application Policy Full Control
Web application super account setting
|
None
|
sp_superreader
|
Cache account
|
Domain User
|
Web application Policy Full read
Web application super reader account setting
|
None
|
Again, these are just recommendations. You may end up using more accounts if you have multiple application pools, for instance. Your particular farm may require different accounts.
Posts
No comments:
Post a Comment