Tuesday, March 5, 2013

What are the accounts used in SharePoint Foundation 2010 for a least privileged configuration


In Many Organization while Implementing  SharePoint 2010 . the first question which may arise is What are the account we need to create and what are the permission levels it should have . I have tried my best to collate the things together and text it in my Blog .


The setup account: This is the account with which the useris logged that runs the setup. This account must be a local administrator on all systems where SharePoint Foundation 2010 setup is run.

Post-Setup Configuration Run-As user: This is the user that runs the PSC tool.
This user must also be a local administrator
PSC runs a prerequisites check .
In addition to being a local administrator on all computers running Office Server, this account also has the following requirements on a remote server running SQL Server to be used as part of a SharePoint Foundation 2010 Services farm

Must be a SQL login
Must be a member of the SQL Server Database Creators Role
Must be a member of the SQL Server Security Administrators Role
This account need not be a local administrator on the server running SQL Server

This is the only account given explicit rights on SQL. It will give the database access account the SQL privileges it needs because it has the rights to do so.

The database access account: This is the account that is specified to the PSC tool when creating or connecting to a Configuration Database.
This account need not be the same as the PSC Run-As user and it need notbe a local administrator on any computer running Office Server.
It should also not be a local administrator on the SQL server, and doesnot require any SQL permissions in advance of creating a configuration database. Many of us refer to this as the “farm admin” account, but thisis misleading. The user that accesses the Central Admin Web pages to perform farm administrative activities is the farm admin account.

Central Admin App Pool ID:This account is “automatically” configured by the PSC tool to be the same account as the database access account that is stipulated to the PSC tool when creating a configuration database. This account and the SPTimer account constitute one exception to separate accounts being usedfor all account types.

The SPTimer account: As with the Central Admin App Pool ID, this account is “automatically” configured by the PSC tool to be the same account as the database accessaccount that is stipulated to the PSC tool when creating a configuration database.

The Farm Admin account: As mentioned earlier, this is the user that accesses the Central Admin Web pages to perform farm administrative functions.
This account can create Web applications, site collections, SSPs, configure Search, IFSS, Profile Imports, assigning permissions, and so on.

No comments:

Popular Posts

Disclaimer

The opinions expressed on this blog are the personal views of Pratik's SharePoint Blog, and do not represent or reflect the viewpoints or policies of any past, present, or future employer, colleague, or customer, or any other entity. The posts on this blog are provided ‘as is’ with no warranties, express or implied, and confer no rights. Use of information contained within this blog, including specific technical steps mentioned herein, is at your own risk. References to specific software products, processes, resources, or companies do not imply any endorsement.