I recently attended a great 2 day event at MSFT, the UK User Groups came together and had 2 full days of presentations, demo's and discussions, I found it very beneficial, the SUGUK sessions were great and I thought Mark Wilson's session on Hyper-V was excellent...
There were several questions raised in the SharePoint track chalk and talk sessions about service accounts so I thought I'd clarify things a little bit... I'll also see if a SUGUK session on Content DB's and Licensing is warranted, there were a few questions around these topics and I was asked about them by several people during the breaks, watch this space...
MOSS requires several service accounts, fact. Running everything as one user isn't good practice and isn't a good idea, even for dev/demo - IMO at least, Colin and Nick don't completely agree...
So, how many accounts do you need to run MOSS? The answer: "it depends..."
(yes, I am a technical consultant, since when did you expect me to actually answer a question?)
Seriously though, it does depend on your scenario, but at least 6...
Here a table that breaks down what you need:
Account Type | Purpose | Suggested Service Account |
MOSS Farm Account | Server Farm Account This account needs some SQL permissions granting: dbcreator and security admin (do not grant this account SA!) If using ADACM this is the account used for creating objects in the OU specified - so you'll need to delagate permissions on the OU to this user. | _Serv_MOSSFarm1 |
MOSS App Pool | Identity for the any MOSS Web App Application Pool(s)A separate process identity should be used for each content Web App (this allows for greater security and auditing). Using the site name in the naming is not advisable as although this may make troubleshooting and auditing easier it reduces security by showing the relationship between App Pools and Web Apps. | _Serv_MOSSAppPool1 |
SSP Service Account | SSP service account | _Serv_MOSSSSP1 |
SSP App Pool | Identity for the SSP Web App Application Pool | _Serv_MOSSSSPAppPool1 |
MOSS Search | Account under which the Office SharePoint Server Search runs under | _Serv_MOSSSearch1 |
MOSS Content Access | Account used to access content sources to be crawled and indexed. Need to grant this account permission to any NON-MOSS content sources (e.g. NTFS file share, Exchange public folder, websites etc...)Separate accounts may be configured for access to specific content sources using crawl rules. | _Serv_MOSSCrawl1 |
User profile & Properties Access Account | Account used to access Active Directory for the Profile import | _Serv_MOSSDSA1 |
WSS Search | Account which the Windows SharePoint Services Search service runs under. Due to the fact the Office SharePoint Server Search service is running this will only index the WSS Help files. | _Serv_MOSSWSSSearch1 |
WSS Content Access | Account used by WSS search service to crawl content. | _Serv_MOSSWSSCrawl1 |
MOSS Install Account | Account used to install MOSS and perform all the required configuration changes.As this account will be used to install and configure the SharePoint servers it must be granted local admin on all farms members and have permissions to the SQL instance.This account can be disabled after installation and configuration is complete (it is not advised to delete it). | _Serv_MOSSInstall1 |
SQL Services | Used to run MS SQL Services | _Serv_SQLSVC1 |
Hope this helps!
Useful reading:
No comments:
Post a comment
Please feel free to comment on this post, I want to hear your feedback!