none
Can we set application pool identity as "NTAUTHORITY/Network Service"

    Question

  • Dear All,

    Do you have any ideas whether we can use "NTAUTHORITY/Network Service" or "NTAUTHORITY/Local Service" to set for sharepoint application pool identities and sharepoint services? In that case are there any impact on the sharepoint activities?

    Thanks with Regards,
    Long Nguyen
    • Edited by LongNguyenJPN Wednesday, August 27, 2008 3:08 AM update
    Wednesday, August 27, 2008 3:07 AM

Answers

  • Hi, 

    SharePoint will configure the application pool account automatically. No manual configuration is necessary.

     

    The following are automatically configured for your information:

    1.    Membership in the db_owner role for content databases and search databases associated with the Web application.

    2.    Access to read from the configuration and the SharePoint_AdminContent databases.

    3.    Additional permissions for this account to front-end Web servers and application servers are automatically granted.

     

    Yes, you can use one account for all application pool services and other services, but it is not recommended.

     

    For more information, please refer to:

    Plan for administrative and service accounts (Windows SharePoint Services) (http://technet.microsoft.com/en-us/library/cc288210.aspx)

     

    For a list of account permissions for different deployment scenarios, see the Windows SharePoint Services security account requirements (http://go.microsoft.com/fwlink/?LinkId=92885&clcid=0x409)

     

    Hope the information can be helpful.

    -lambert


    Posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, August 29, 2008 2:25 AM

All replies

  • You should always use a domain user for app pool identities of sharepoint applications. That way, it has access to all resources that is needed by sharepoint to perform.

    Network Service account is a less priviledged machine account, and if you use it, you need to provide proper rights to it in sql server, something which is not recommended. So better use a domain user account instead of Network service.

    Wednesday, August 27, 2008 6:54 AM
  • Hi xwindow,

    Thanks for your useful information. If it happens that I use a domain user for application pool, share point services which is not a service account which right I should have given for this domain user? 

    Not directly related to SharePoint but can I able to use the same above domain account for other applications' app pools and services, sql server services (application on separate servers but use the same database with sharepoint).

    Thanks with Regards,
    Long Nguyen
    Wednesday, August 27, 2008 7:28 AM
  • Hi, 

    SharePoint will configure the application pool account automatically. No manual configuration is necessary.

     

    The following are automatically configured for your information:

    1.    Membership in the db_owner role for content databases and search databases associated with the Web application.

    2.    Access to read from the configuration and the SharePoint_AdminContent databases.

    3.    Additional permissions for this account to front-end Web servers and application servers are automatically granted.

     

    Yes, you can use one account for all application pool services and other services, but it is not recommended.

     

    For more information, please refer to:

    Plan for administrative and service accounts (Windows SharePoint Services) (http://technet.microsoft.com/en-us/library/cc288210.aspx)

     

    For a list of account permissions for different deployment scenarios, see the Windows SharePoint Services security account requirements (http://go.microsoft.com/fwlink/?LinkId=92885&clcid=0x409)

     

    Hope the information can be helpful.

    -lambert


    Posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, August 29, 2008 2:25 AM