Hello,
Can i use same service account as farm admin and for all service applications ?
What is recommended approach?
Thanks,
Service Account , All services Apps and Farm Admin
September 11th, 2015 11:52am
My personal recommendation is:
1) Farm Admin running only required services (e.g. User Profile Sync Service, Central Admin, STS)
2) Web App running the Application Pool for all Web Applications
3) Service App account for running all other Service Applications
4) Claims to Windows Token account for running C2WTS
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2015 12:07pm
http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=237 Is a good place to start. We usually have seperate app pools for each web app as a security measure and use an "Admin"
account instead of an "Install" account.
September 11th, 2015 2:06pm
> We usually have seperate app pools for each web app as a security measure
Not really a security measure as the accounts of the pools can be leveraged to compromise other data within the farm. It just leads to (poor) performance issues.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2015 2:29pm
Hi ,
Recommendation is to use a separate account as mentioned here : https://technet.microsoft.com/en-us/library/cc288210%28v=office.14%29.aspx
However , please note that if you use a separate service account as mentioned above , the implementing Kerberos would be a challenge.
You can also go ahead as below
1. One service account for Farm , App Pool , and Service appls
2. a new ac for Search content crawl account.
3. New Svc ac for SQL
4. use user and super reader for caching.
In this method you have to make sure service account is always up and the password won't changes, you have to ignore farm health warnings which says you can't use 1 account for all.
September 12th, 2015 4:34am
HI,I would recommend to use different account for service application like Search,User profile apart from the farm account.Its not recommended to use the same account for all the functions in share point.Please check the links below that explains more in details about the service accounts and the privileges in share point.
http://expertsharepoint.blogspot.my/2013/11/what-are-accounts-used-in-sharepoint.html
http://expertsharepoint.blogspot.my/2015/04/permissions-needed-to-administrate.html
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2015 11:55pm
You should always consolidate accounts as best as possible, e.g. Search, UPA, MMS, etc. are run by a general service account.
September 14th, 2015 12:29am
This topic is archived. No further replies will be accepted.
Other recent topics
