locked
SharePoint 2013 Service Accounts RRS feed

  • Question

  • Hi All, 

    SharePoint Service Accounts are controlled by a vendor. Vendors are bit reluctant to assign multiple service accounts. 

    However, SharePoint requires a couple of service accounts and I sent them, minimum 3 service accounts for SharePoint

    1. sp_farm (Windows Timer Service, Central Admin and User Profile service)
    2. sp_sql (SQL Server Service account)
    3. sp_install (or sp_admin) ( for installing lay SharePoint binaries)

    They are asking to install sp_farm account can used to install SharePoint. 

    I know its not correct, but can SP_FARM account used to install SharePoint server? 

    Q: What implications to server if I use SP_FARM account and not SP_Admin (SP_Install). 

    I always follow Todd blog http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=391

    What advise should tell them as them manager the servers? 

    Thanks for your help. 

    Aroh


    Aroh Shukla

    Thursday, August 28, 2014 10:17 AM

Answers

  • Hi Shukla,You can find the detailed explanation on the below article.We can use Farm account as Installation purpose but the Good pratice is Farm account to use as Admin purpose and INST as To install sharepoint.

    http://expertsharepoint.blogspot.de/2013/11/what-are-accounts-used-in-sharepoint.html


    Anil Avula[MCP,MCSE,MCSA,MCTS,MCITP,MCSM] See Me At: http://expertsharepoint.blogspot.de/

    • Marked as answer by JasonGuo Thursday, September 4, 2014 8:29 AM
    Tuesday, September 2, 2014 4:35 AM
  • Hi

    you can use only one user account for all farm and service administration - but this should have all needed/specific rights . This mean that  is a big hole of security

    For that is recommended to use separate service accounts  / minimum set of permissions


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    • Marked as answer by JasonGuo Thursday, September 11, 2014 9:23 AM
    Thursday, August 28, 2014 2:15 PM
  • The install account can be any account, including a normal Domain User. This user will need local administrator to the SharePoint servers and sysadmin rights to the SQL instance. I would just use your domain user account.

    If you have any Publishing sites, you will need a Super User and Super Reader that are not used for any other purpose in the SharePoint farm.


    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by JasonGuo Thursday, September 11, 2014 9:23 AM
    Thursday, August 28, 2014 2:28 PM

All replies

  • Hi

    you can use only one user account for all farm and service administration - but this should have all needed/specific rights . This mean that  is a big hole of security

    For that is recommended to use separate service accounts  / minimum set of permissions


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    • Marked as answer by JasonGuo Thursday, September 11, 2014 9:23 AM
    Thursday, August 28, 2014 2:15 PM
  • The install account can be any account, including a normal Domain User. This user will need local administrator to the SharePoint servers and sysadmin rights to the SQL instance. I would just use your domain user account.

    If you have any Publishing sites, you will need a Super User and Super Reader that are not used for any other purpose in the SharePoint farm.


    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by JasonGuo Thursday, September 11, 2014 9:23 AM
    Thursday, August 28, 2014 2:28 PM
  • Hi Trevor and Romeo, 

    Thanks for your expert and valuable feedback. 

    To summarize, sp_farm also be used to install SharePoint binaries. 

    @Romeo: What kind of security concern we might have in the scenario which I have in the question above? We will ask for one more service account User Profile later on.

     Thank you.

    Cheers, 
    Aroh


    Aroh Shukla

    Friday, August 29, 2014 12:50 AM
  • Hi Shukla,You can find the detailed explanation on the below article.We can use Farm account as Installation purpose but the Good pratice is Farm account to use as Admin purpose and INST as To install sharepoint.

    http://expertsharepoint.blogspot.de/2013/11/what-are-accounts-used-in-sharepoint.html


    Anil Avula[MCP,MCSE,MCSA,MCTS,MCITP,MCSM] See Me At: http://expertsharepoint.blogspot.de/

    • Marked as answer by JasonGuo Thursday, September 4, 2014 8:29 AM
    Tuesday, September 2, 2014 4:35 AM
  • Hi

    For installing and configuring SharePoint Server 2013, need minimum three service accounts with some rights.

    In my experience, should not use same service accounts for all SharePoint services.

    Never use setup account for application pool, user profile, timer service, etc.

    regards

    Sabareesh

    Tuesday, December 22, 2015 11:20 AM