Microsoft Office Tutorials and References
In Depth Information
SharePoint Service Accounts and Services
After it installs, SharePoint creates and enables a number of services and application pools in
order to work properly. To be able to do their jobs, these services need to run with some sort of
account context. Some of those services do work only on the local machine and therefore can
get away with using local accounts. But some will need to access the SQL server or other servers
on the network and therefore should not use local accounts. There is also a service or two that,
because of the work it does (or from a troubleshooting standpoint) should be a unique account,
not shared by any other service.
Depending on how you install SharePoint, you may have to create domain accounts to apply
to those services. As a matter of fact, SharePoint has a health analyzer in which there are rules
that certain services must have unique domain accounts. To understand SharePoint and keep it
in good working order, it helps to know what those services are, what they do, and what access
their accounts need while remaining secure.
Depending on how SharePoint is installed, you may have the following service accounts:
Setup Account (Standalone Install) To install SharePoint, you must be logged in on the
server with an administrative account. If your server is not in a domain, this account needs
to be the local Administrator (or the equivalent). On a domain, the account can be a domain
admin. The account must be able to install software locally and should also be allowed to
add and start services on the server.
With a Standalone installation, all other service accounts used by SharePoint are set up
automatically (using local system or network service accounts). It really is the easiest installation,
in addition to being the cheapest. Although it is not really scalable, it is convenient. It is also
a great way to get an understanding of what SharePoint and its services look like when
running, and it gives you a chance to simply get started using SharePoint. Once you’ve explored
its functions, it makes it easier to then do a Complete installation and configure the services
manually, because you will know how they work.
THE CHEESE STANDS ALONE
You don’t have to install SharePoint in a domain environment. You also can install SharePoint on
a stand-alone server in a workgroup with no domain controller.
Just install SharePoint using the Standalone option on the server (or, if you don’t want to use SQL Server
2008 Express, install SQL on the server, and then install SharePoint using the Complete option).
If you choose a Standalone install, the databases and services setup will be done for you by SharePoint
using the administrative account you used to log in. It will specify that all services will run using
local system or network service server accounts.
Having both SharePoint and SQL on the same server means that all the database and service
management can be done without needing to access anything on a different server and therefore only
need to use local accounts.