The following is the list of
accounts I use when building Enterprise Production SP2013 farms.
Account
name
|
Role
|
Rights
|
SPSetup
|
Used to install SharePoint
binaries
|
• Domain User
• Local Admin all SP servers
• DBCreator SQL role
• SecurityAdmin SQL role
|
SPFarm
|
Farm account. Used for Windows
Timer Service, Central Admin and User Profile service
|
• Domain User
• Local Admin during UPS
provisioning
• Log on locally right
|
SPPortalAppPool
|
App pool id for content web apps
|
• Domain User
|
SPServicesAppPool
|
Service app pool id
|
• Domain User
|
SPMySitesAppPool
|
MySites App pool id for profile
service
|
• Domain User
|
SPSearch
|
Search process id
|
• Domain User
|
SPContent
|
Account used to crawl content
|
• Domain User
|
SPProfileSync
|
Account used by the User Profile
services to access Active Directory
|
Must have Replicating Change
permissions to AD. Must be given in BOTH ADUC and ADSIEDIT. If domain is
Windows 2003 or early, must also be a member of the "Pre-Windows
2000" built-in group.
|
SPCacheSuperUser
|
Super User Cache account
|
• Domain User
• Web app Policy Full ControL
|
SPCacheSuperReader
|
Super Reader Cache account
|
• Domain User
• Web app Policy Full Read
|
SPServices
|
The
SPServices account is used to run several service applications
|
• Domain User
|
No comments:
Post a Comment