We have exapnded our single server install of sharepoint and now need to update our security accounts.I have created the following accounts in AD:SPContentPoolSVC SPConfigSVC SPSearchSVCSPCrawlSVC Each is a Domain User.I then assigned the search and crawl user accounts from in the Central Administrator.My problem is that I do not know how to assign the config and content pool accounts.Also, during the assigning of these accounts, will they automaticly be greanted the correct permissions in SQL?

Hi Jay,when you talk about update your sharepoint services account, you have some accounts which you need to update:-1- Central administartion application pool and Windows SharePoint Services Timer Account .2- Web application application pool Account.3- account that is used by the Windows SharePoint Services Help Search service.4- the default content access account that is used by the Windows SharePoint Services Help Search service.5-the account that is used by every Shared Services Provider (SSP) on the server farm6- the account that is used to run the Office SharePoint Server Search service, and the default content access account that is used by the Office SharePoint Server Search service.7- if you use SSO,the account that is used by the Microsoft Single Sign-On Service.all the required steps are listed here , http://support.microsoft.com/kb/934838 .Best Regrads, Ahmed Madany

So in my case, since I already updated the search and crawl accounts from within central admin, are the only commands I need:Stsadm -o updatefarmcredentials -userlogin DOMAIN\SPConfigSVC -password passstsadm -o updateaccountpassword -userlogin <var>DOMAIN</var>\SPContentPoolSVC -password <var>NewPassword</var> -noadmin

- To update your Central Administration Application Pool and Timer service you have to perform 2 steps:-1- update server which host Central Administration as the following:-stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword2- on other servers in the farm , run the following command,stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword -local- for updating application pool account that is used by web application you can the stsadm command as you mention, also you can do that from central administration , Central Administartion -> under Security Configuration section -> select service accounts -> go through it by select web application pool -> then from drop down list select windows sharepoint service web application -> then select application pool you want and update its account.- you also need to update SSP account , update it as the article say:-stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword Please, Be careful while update sharepoint services accounts , because any failure lead to many problem, i advise you read the above article and identify your plan to update.Good LucK Best Regrads, Ahmed Madany

Should the SSP account be something other than SPContentPoolSVC, or SPConfigSVC?Also, do I need to assign any unque permissions to either the farm account of the application pool account, or will that be automaticly assigned?Lastly, when I update the pool credentials in the central admin it tells me that the SPN will need to be updated. The server has an SPN set for http\internet_name. I suppose I can update the crednetials for this, however is this normal?

Hi Jay,1- it is recommended to make an account for SSP as http://technet.microsoft.com/en-us/library/cc263445.aspx , but if you use SPContentPoolSVC or SPConfigSVC , there is no problem.2- when you update sharepoint services accounts, new accounts take new permissions automatically.3- you create SPN to an accounts if you plan to use kerberos authentication, did you use kerberos authentication?Best Regrads, Ahmed Madany

Keybose is enabled, so I suppose I will have to reset the SPN as well.

OK, kerberos is enabled, i have some question 1- is all your farm run with kerberos? or you are running specific web application with kerberos?2- is search running with kerberos configuartion also?if yes, then all accounts will be used for running sharepoint services and application pools must have SPN .Best Regrads, Ahmed Madany

Hi jay,any feed back about your problems?Best Regrads, Ahmed Madany

I am sorry, I have yet to try.kerbose is set for the entire farm, but the farm is veyr small (consisting only of a single web server and single sql server). I can probably get away with going back to NTLM.The only reason we enabled kerbose was to attempted to resolve a double hop issue, but we no longer have this requirement.

Hi,ok Joy, the above steps applied either with kerberos or NTLM, only SPN Kerberos Needed, Good Luck.Best Regrads, Ahmed Madany

I believe I have changed everything over sucessfully. Thanks.