Hello,
Can i use same service account as farm admin and for all service applications ?
What is recommended approach?
Thanks,
Technology Tips and News
Hello,
Can i use same service account as farm admin and for all service applications ?
What is recommended approach?
Thanks,
My personal recommendation is:
1) Farm Admin running only required services (e.g. User Profile Sync Service, Central Admin, STS)
2) Web App running the Application Pool for all Web Applications
3) Service App account for running all other Service Applications
4) Claims to Windows Token account for running C2WTS
> We usually have seperate app pools for each web app as a security measure
Not really a security measure as the accounts of the pools can be leveraged to compromise other data within the farm. It just leads to (poor) performance issues.
Hi ,
Recommendation is to use a separate account as mentioned here : https://technet.microsoft.com/en-us/library/cc288210%28v=office.14%29.aspx
However , please note that if you use a separate service account as mentioned above , the implementing Kerberos would be a challenge.
You can also go ahead as below
1. One service account for Farm , App Pool , and Service appls
2. a new ac for Search content crawl account.
3. New Svc ac for SQL
4. use user and super reader for caching.
In this method you have to make sure service account is always up and the password won't changes, you have to ignore farm health warnings which says you can't use 1 account for all.
HI,I would recommend to use different account for service application like Search,User profile apart from the farm account.Its not recommended to use the same account for all the functions in share point.Please check the links below that explains more in details about the service accounts and the privileges in share point.
http://expertsharepoint.blogspot.my/2013/11/what-are-accounts-used-in-sharepoint.html
http://expertsharepoint.blogspot.my/2015/04/permissions-needed-to-administrate.html