What are the accounts used in SharePoint Foundation 2010 for a least privileged configuration

In Many Organization while Implementing  SharePoint 2010 . the first question which may arise is What are the account we need to create and what are the permission levels it should have . I have tried my best to collate the things together and text it in my Blog .


The setup account: This is the account with which the useris logged that runs the setup. This account must be a local administrator on all systems where SharePoint Foundation 2010 setup is run.

Post-Setup Configuration Run-As user: This is the user that runs the PSC tool.
This user must also be a local administrator
PSC runs a prerequisites check .
In addition to being a local administrator on all computers running Office Server, this account also has the following requirements on a remote server running SQL Server to be used as part of a SharePoint Foundation 2010 Services farm

Must be a SQL login
Must be a member of the SQL Server Database Creators Role
Must be a member of the SQL Server Security Administrators Role
This account need not be a local administrator on the server running SQL Server

This is the only account given explicit rights on SQL. It will give the database access account the SQL privileges it needs because it has the rights to do so.

The database access account: This is the account that is specified to the PSC tool when creating or connecting to a Configuration Database.
This account need not be the same as the PSC Run-As user and it need notbe a local administrator on any computer running Office Server.
It should also not be a local administrator on the SQL server, and doesnot require any SQL permissions in advance of creating a configuration database. Many of us refer to this as the “farm admin” account, but thisis misleading. The user that accesses the Central Admin Web pages to perform farm administrative activities is the farm admin account.

Central Admin App Pool ID:This account is “automatically” configured by the PSC tool to be the same account as the database access account that is stipulated to the PSC tool when creating a configuration database. This account and the SPTimer account constitute one exception to separate accounts being usedfor all account types.

The SPTimer account: As with the Central Admin App Pool ID, this account is “automatically” configured by the PSC tool to be the same account as the database accessaccount that is stipulated to the PSC tool when creating a configuration database.

The Farm Admin account: As mentioned earlier, this is the user that accesses the Central Admin Web pages to perform farm administrative functions.
This account can create Web applications, site collections, SSPs, configure Search, IFSS, Profile Imports, assigning permissions, and so on.

Advertisements

About Pratik Vyas

Hi Readers, Welcome to Pratik’s SharePoint Blog. First of all Thank you very much for taking interest and spending time to tour my Blog I am in the ocean of SharePoint since January 2008 (almost 4 years), and still I feel I have to go more deep. I am working with a well known MNC as a SharePoint Consultant. Here I used consultant because I do a little development and customization with administration. I am very much interested in Microsoft products. I have started blogging since 2008 but I can say in real manner I have started it in 2011 (as I have posted only 4-5 blogs from 2008 to 2011 J) I believe there isn’t anything impossible in SharePoint, the only thing is sometimes we have to think something off track. I have posted couple of blogs which was discovered by going some off track, we can simply say it TRICKS. Feel free to reach me in case of any issues or queries I will be more than happy to help you. Good bye and Happy Reading, Cheers !!
This entry was posted in SharePoint 2010, SharePoint Administration, What are the accounts used in SharePoint Foundation 2010 for a least privileged configuration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s