locked
SharePoint Farm Account RRS feed

  • Question

  • Hi

    I understood that the Farm Account is the account that runs the Timer Service. But In CA there is a Farm Administrators group. The account that runs the timer service is listed in this group.

    What the difference?

    If I need to add additional Farm Administrators should they simply be added to this group, irrespective of the account that runs the timer job?

    If I wanted to install SharePoint specific software on Application server, which account should be used , Timer account or additional account added to the group?

    Thanks

    Monday, August 22, 2016 8:55 AM

Answers

  • Hello Jones,

    The answer to your first question(about difference) is :

    Farm Account - (a.k.a. database access account) is used as the application pool identity for Central Administration & It's the process account for the Windows SharePoint Services Timer service. 

    Farm Administrators group   Members of the Farm Administrators group have Full Control permissions to and responsibility for all servers in the server farm. Members can perform all administrative tasks in Central Administration for the server or server farm. They can assign administrators to manage service applications, which are instances of shared services. This group does not have access to individual sites or their content.   --- (Source: technet)

    Now, second important question about 'installing software, but it fails'.......

    My be the software you are trying to install is trying to access config db of sharepoint and due to lack of access it's failing. Although you are logged in as a farm administrator, but you don't have permissions that a farm account has.

    Try this: (Only if you trust the software to be installed..)

    1 - Run the software as different user. (Shift+Right click on software exe -> 'Run as different user'), then enter the credentials of 'FARM ACCOUNT'. This should install the software successfully.

    2 - If the step 1 fails, then, add 'Farm Account' into local administrators' group on that server, then perform step 1 again. Once completed, don't forget to remove 'farm account' from local admin group of that server.

    Please update us with the results.

    --------------------------------------------------------------------------------------------------------------------

    Vote and Mark as Answer if the suggestion is helpful.


    Mohammed Ammar ES

    Tuesday, August 23, 2016 10:01 AM

All replies

  • The farm account is one account that runs a few of the basic core functions of SharePoint.

    The Farm Administrators Group is a group for people who administer the farm. The farm account may well be part of that, I don't know off the top of my head.

    You should be using named user accounts for your administrators and they should be added to that group. As a rule you should almost never log in with the farm account or the setup account.

    • Proposed as answer by Nico Martens Monday, August 22, 2016 9:33 AM
    Monday, August 22, 2016 9:10 AM
  • Hi

    Thanks Alex, If I ned to install SharePoint Specific Software on the server, and the software needs to look-up existing SharePoint Applications, which account should be used ?

    I'm part of the Farm Admin Group, logged in as that, but when I attempt to install software, wizard kicks off but does not complete as no applications can be found. I suspect this is a permmisions issue, and Farm account has not been setup correctly and needs access to db?

    As in, http://blogs.devhorizon.com/reza/2012/03/07/adding-additional-farm-admins-to-an-existing-farm/

    Thanks again



    Monday, August 22, 2016 10:15 AM
  • Hi orange juice jones,

    What the SharePoint application does the software need to access? If it needs to access service applications, you need to use a service account.

    More Information about accounts in SharePoint 2010, you could refer:

    https://technet.microsoft.com/en-us/library/cc678863(v=office.14).aspx

    It would better if you could provide more detail about the Software. It might be helpful to the research.

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 23, 2016 7:27 AM
  • Installing software is one of the cases where the setup account is the right one. Note that that is different to the farm account. If you're trying to work out what account to run the software as, rather than install it, then that's a complicated question and the farm account is generally the wrong answer.
    Tuesday, August 23, 2016 8:14 AM
  • Hello Jones,

    The answer to your first question(about difference) is :

    Farm Account - (a.k.a. database access account) is used as the application pool identity for Central Administration & It's the process account for the Windows SharePoint Services Timer service. 

    Farm Administrators group   Members of the Farm Administrators group have Full Control permissions to and responsibility for all servers in the server farm. Members can perform all administrative tasks in Central Administration for the server or server farm. They can assign administrators to manage service applications, which are instances of shared services. This group does not have access to individual sites or their content.   --- (Source: technet)

    Now, second important question about 'installing software, but it fails'.......

    My be the software you are trying to install is trying to access config db of sharepoint and due to lack of access it's failing. Although you are logged in as a farm administrator, but you don't have permissions that a farm account has.

    Try this: (Only if you trust the software to be installed..)

    1 - Run the software as different user. (Shift+Right click on software exe -> 'Run as different user'), then enter the credentials of 'FARM ACCOUNT'. This should install the software successfully.

    2 - If the step 1 fails, then, add 'Farm Account' into local administrators' group on that server, then perform step 1 again. Once completed, don't forget to remove 'farm account' from local admin group of that server.

    Please update us with the results.

    --------------------------------------------------------------------------------------------------------------------

    Vote and Mark as Answer if the suggestion is helpful.


    Mohammed Ammar ES

    Tuesday, August 23, 2016 10:01 AM