MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Service Account Questions

  Asked By: Sampat    Date: May 15    Category: MOSS    Views: 1812

I guess my first question is: What accounts do I really need to
separate out for MOSS 2007?

I've currently got one (1) sharepoint administrator account for the SPS
2003 installation, and that account is restricted to the SPS 2003
servers and the SQL server (but is a domain admin account so that it can
read AD).

In my MOSS installation, I'm pretty much using that account in the test
environment because it can access everything. What do you NEED to
change here?

Do I really need nine accounts:

* SQL Server Service Account: Account used by SQL to run all SQL
* Server Farm Account
* SSP Service Account
* Office SharePoint Server Search Account
* Default Content Access Account
* User Profile and Properties Content Access Account
* Excel Services Unattended Account
* One account per application pool: This is typically three
accounts; SSPAdministration, MySite and your main 'Portal' or

BTW: I've only got one MOSS 2007 server, and I may end up with two that
will be stand alone installations, e.g. their own farms.



7 Answers Found

Answer #1    Answered By: Amrita Durgude     Answered On: May 15

I'm not an administrator  but I play one on TV. So, I don't hold any hard
beliefs in this area, but I don't think that you want "One account  per
application pool". Generally, each active application  pool that you
create consumes at least 100 MB of RAM that grows to accommodate usage.
Unless there is a strict demand for memory/thread affinity, I would use
one common application pool. Also, I don't personally see value in
having all those separate service  accounts. But I'm a developer that
generally authenticates as the Administrator and uses Administrator for
all my service accounts. So, what do I know.

Answer #2    Answered By: Maricela Conway     Answered On: May 15

My standard farm  install would have 3 app pools,
with 3 distinct accounts:

Farm account  (Central Admin App Pool)

SSP Account (Shared Services App Pool)

Community Account (Shared App Pool)

The primary reason, in my mind, for creating additional app pools is to
trap errors introduced by your developers.

Answer #3    Answered By: Vinay Thakur     Answered On: May 15

This section starts with a table of 6 accounts  for MOSS (4 for
WSS) that you can pre-create.

Answer #4    Answered By: Shameka Rich     Answered On: May 15

I usually just use 3 accounts... I have been uninstalling and
reinstalling and literally "trying" to break my dev install of MOSS
to document any anomolies that I find, and I've never had a problem
with just the 3. I use svc_spadmin, svc_sqladmin, and svc_test.

Answer #5    Answered By: Micheal Knight     Answered On: May 15

I go the route of being able to trap your developer's
errors within the confines of an application  pool.

I usually use the following:

Central Admin

And then for each additional web application, they each get their own.

Overkill? Maybe, but when you've got a horde of customers hitting your
site, you've got to do what's best for them right?

Answer #6    Answered By: Cathy Cameron     Answered On: May 15

"trap your developer's errors"

I guess that's why us devs only need one app pool. We don't make errors.

Answer #7    Answered By: Kerri Steele     Answered On: May 15

Maybe it's more trapping the developers.

Didn't find what you were looking for? Find more on Service Account Questions Or get search suggestion and latest updates.