Microsoft Office Tutorials and References
In Depth Information
database access account. However, each application pool does use server resources to
function, so some organizations actually require there be a limited number of application pools
for a SharePoint implementation. It can be a balancing act, but it’s something to keep in mind
when planning accounts for SharePoint.
Search Account This account should be a domain user. It directly accesses the Search
database. Because it takes the questions entered into the search field in SharePoint and queries
the Search database records with them, it is considered the query account.
Content Access Account Also known as the index , gatherer , or crawler account , this account
analyzes all the content in SharePoint site collections. It must be a domain user, and it will
automatically be given full read rights to all web applications. It also has access to the search
database to write in the information it has gathered. Often administrators just use the search
account for both search and content access services.
ADDITIONAL SERVICES MIGHT NEED LOVE TOO
If you enable the new Business Data Connectivity service, Sandboxed Code, or Subscription Settings
service, they will need their own service accounts as well. Keep in mind that content database and
service accounts like Search (but not Index, strangely enough), will require that their account be
registered in SharePoint as a managed account before being applied. So, it is a good idea to plan for
the accounts, create them in Active Directory, and then register them as managed accounts soon
after SharePoint installation.
Optional SharePoint Admin or SharePoint utility Account I also suggest you consider a
general-purpose SharePoint administrator account. This account should be a domain admin
(or at least a local admin for each SharePoint server) so it can install tools locally on all
SharePoint servers on the farm, run the SharePoint command-line tools, and be used as an
administrator for Central Administration and new site collections you may create. It comes
in handy for me when I need to troubleshoot a site or a setting in Central Administration. I
always know that account’s name and password, and it is usually the first administrator of
most site collections I create (of course, this may not be allowed to remain after handing the
collection over to its rightful owner, but it’s convenient during setup).
PREPARING FOR POWERSHELL
New with this version of SharePoint are SharePoint-specific shell cmdlets (pronounced “command-
lets”). Microsoft is going all out with PowerShell, hoping that customers will prefer to use it rather
than the old favorite, the STSADM command-line tool.
With STSADM, the permissions required to run a command depend on what you want to do. It has to
be run on the SharePoint server locally (or at least on a server in the farm), so the account needs to have
local administrative rights on the server. If you are doing farm-related commands, such as creating a
web application or starting a service, the account also needs to be a farm administrator. If the
commands are only for a site collection, the account needs local admin rights on the server and needs to be
a site collection admin for the site collection being worked on.