Microsoft Office Tutorials and References
In Depth Information
If you check each of the other databases, you’ll see that the correct accounts have access and
that the farm account actually made their databases for them, too.
This indicates that even though the configuration was done on a page on the SharePoint
server, there wasn’t any smoke and mirrors. The databases you named (except for the one
used by Central Administration’s site collection, which has that ugly long GUID) yourself,
and the accounts you assigned are assigned to them, as expected. The setup account did its
job, and the farm account continued it.
You did it. These are your SharePoint databases (there may be more or fewer databases on
your SQL server, depending on how it’s configured and what products are using it in your
Now let’s go back to the SharePoint server to check the security groups and IIS.
Confirming SharePoint Local Security Groups
To confirm the local security group changes on the local SharePoint server, open the Computer
Management console (Start Administrative Tools Computer Management), open the Local
User And Groups node in the navigation pane, and click the Groups folder in the content pane.
(I’m assuming you’ve used the Computer Management console before.)
If you scroll down the list of groups on the server, you should see WSS_WPG, WSS_ADMIN_
WPG, and WSS_RESTRICTED_WPG.
For WSS_WPG, the accounts in this group generally only need read access to resources on
the server. If you double-click, it should contain a lot of the service accounts you assigned:
farm account, search account, content database account, and, oddly enough, the BDC account
For the WSS_ADMIN_WPG group, whose members generally need both read and write
access, only the setup account and server farm account are members (Figure 3.61).
And for the WSS_RESTRICTED_WPG group, the lone member is the farm account. That
stands to reason because that is the account, on behalf of the whole SharePoint farm, that speaks
to the SharePoint Administration service, which has a local system identity.
So now, if you should have to troubleshoot permissions or set up a folder that will need them,
you know what groups are available on the SharePoint servers and what their members are.