Microsoft Office Tutorials and References
In Depth Information
configured for the
In the end, you should have at least five managed accounts, one for the server farm, one for
Search, at least one web application content database access account, one for the Sandboxed
Code service, and one for the BDC service (Figure 3.22). You might notice that the farm account
doesn’t have any password schedule. That is because when it was configured during the
installation of SharePoint, there was no option to set up its password schedule. To edit that, you can
click the Edit icon for the account if you’d like. I am going to leave it for now.
PASSWORD EXPIRATION POLICY?
It helps to know what the domain policy is for password expiration if you are going to use managed
accounts, because this feature might require some planning. The default domain policy for Server
2008 is a maximum password age of 42 days.
Something else to consider is the lockout policy. If SharePoint should make a mistake too many
times while trying to change the password, lockout could be enforced.
You can use the Group Policy Management console (installed by default on Server 2008 R2) at Start
Administrative Tools Group Policy Management to check your policy (if you have the r fight to access
the domain controller; if you don’t, ask your AD admin to do it). Once in the console, open the domain
node, and then select the Default Domain Policy (keep in mind that, in your environment, there might
be other policies in force). In the Details pane, select the Settings tab, and then display the details for
Security Settings Account Policies/Password Policies.