Is a multiple administrative and service accounts a MUST for MOSS 2007/2010?
Want to set up a MOSS 2007 server farm and was reading up on how to do it. One Msft article insist that I need multiple accounts. My sys admin tells me that I can use one account for everything. This account is a domain account and is a member of the domain admin group, it has dbcreator, public, secadmin, serveradmin, sysadmin roles on the db server. Any thought on the topic? Thanks,EJM
October 18th, 2010 11:24pm
Using multiple service accounts is a generally accepted best practice approach for setting up a SharePoint environment. It is not required, but highly recommended for a production environment by Microsoft and by the majority of experienced SharePoint administrators. Multiple services accounts allows for rights and responsibilities to be distributed, so that specific accounts can be given the minimum access necessary to accomplish certain functions within a SharePoint farm, such as synchronizing profiles or crawling content. Using one account pools all of those rights and responsibilities in a single account, creating a single point of failure and a large vulnerability for your farm. If that account should be locked, there's a good chance nothing in your farm will work. If that account should become compromised, it will provide the keys to the kingdom (which, if its a domain admin will go far beyond just SharePoint). It is certainly possible from a technical standpoint to use a single account (I often do that when I need to create a quick VM for testing or development in a throwaway environment, but never in Production), but not at all recommended. JohnMCTS: WSS v3, MOSS 2007, and SCOM 2007 MCITP: Enterprise Project Management with Project Server 2007 Now Available on Amazon - The SharePoint 2010 Disaster Recovery Guide. Also available - The SharePoint 2007 Disaster Recovery Guide. My blog: My Central Admin.
October 18th, 2010 11:51pm
yes, you need multiple services account because SharePoint uses service accounts to run specific services behind the scenes. SharePoint does not function under the practice of running everything as administrator. More logical and one point of thinking: if your administrator account get locked or password expired so what happened your application will stop working. here is good article which tell you whats the min account we required http://www.shareesblog.com/?p=247 and detailed tech-net article is here: http://technet.microsoft.com/en-us/library/cc263445(office.12).aspx hope this works thanks -ws SharePoint administrator, MCTS,MCITP
October 18th, 2010 11:57pm
John, Thank you for summarizing the service account topic for me. I've got more details from my sys admin who confimed that basically what you have said. We use one account in our dev platform, and multiple account for production. Regards, EricEJM
October 19th, 2010 8:51pm
@WS, Thanks for the reference links! -EricEJM
October 19th, 2010 8:53pm