This blog focus on planning and understanding the
configuration of SharePoint service accounts while SharePoint installation and
configuration. I have been working in farm
deployment architecture from couple of months. I observed miss configuration of
accounts lead you tons of critical errors in the Event log of all the servers
in the farm. It’s a best practice to understand use of each account before
configuring the SharePoint server farm. Here is the brief information about the
account and configuration. The number of accounts may vary based on complexity
of the farm and services.
To Install SharePoint 2013 on a Server farm following
accounts needs to be created and configured:
1.
SQL Service Account:
Account
|
Purpose
|
Requirements
|
SQL Service Account (SP_SQLService)
|
The
SQL Server service account is used to run SQL Server. It is the service
account for the following SQL Server services:
·
MSSQLSERVER
·
SQLSERVERAGENT
|
This account is mostly used to install
SQL for SharePoint
|
Setup account (SP_Setup)
|
This is a domain account which is used
to run following:
·
Install SharePoint
·
Run configuration
wizard
|
·
Domain user account.
·
Member of the local
Administrators group on each server on which Setup is run.
·
SQL Server login on
the computer that runs SQL Server.
·
Member of the
following SQL Server roles:
o
securityadmin fixed server role
o
dbcreator fixed server role
If
you run Windows PowerShell cmdlets that affect a database, this account must
be a member of the db_owner fixed database role for the
database.
After
you run the configuration wizards, machine-level permissions for the setup
user administrator account include:
·
Membership in the
WSS_ADMIN_WPG Windows security group.
·
Membership in the
IIS_WPG role.
After
you run the configuration wizards, database permissions include:
·
db_owner on the SharePoint server farm
configuration database.
·
db_owner on the SharePoint Central
Administration content database.
|
Farm Account (SP_Farm)
|
The
server farm account is used to perform the following tasks:
·
Configure and
manage the server farm.
·
Act as the
application pool identity for the SharePoint Central Administration Web site.
·
Run the Microsoft
SharePoint Foundation Workflow Timer Service.
|
·
Domain user
account.
Additional
permissions are automatically granted for the server farm account on Web
servers and application servers that are joined to a server farm.
The
server farm account is automatically added as a SQL Server login on the
computer that runs SQL Server. The account is added to the following SQL
Server security roles:
·
dbcreator fixed server role
·
securityadmin fixed server role
·
db_owner fixed database role for all SharePoint
databases in the server farm
|
Application Pool Account (SP_AppPool)
|
Account for application pool for
different web application
|
·
Domain user
account.
|
Search Service account (SP_Search)
|
Used to configure Search service
application
|
·
Domain user
account.
·
Read permission to
the web application
|
·
SP_Farm: This account is
used to for following activites:
ð
Application pool identity
for Central Administration
ð
Process account for the
SharePoint Foundation 2013 Timer Service
After you run setup, machine-level
permission includes:
·
Membership in the WSS_ADMIN_WPG
Windows security group for the SharePoint Foundation 2013 Timer service.
·
Membership in
WSS_RESTRICTED_WPG for the Central Administration and Timer service application
pools.
·
Membership in WSS_WPG
for the Central Administration application pool.
After
you run the configuration wizards, SQL Server and database permissions include:
·
Dbcreator fixed server role.
·
Securityadmin fixed server role.
·
db_owner for all SharePoint databases.
·
Membership in the
WSS_CONTENT_APPLICATION_POOLS role for the SharePoint server farm configuration
database.
·
Membership in the
WSS_CONTENT_APPLICATION_POOLS role for the SharePoint_Admin content database.
Service Application Pool account:
Service application pool account is setup by default during
installation. Following permission is allocated automatically after
configuration:
ð
The
application pool account is a member of WSS_WPG
ð
The
following SQL Server and database permissions for this account are configured
automatically:
è The application pool
accounts for Web applications are assigned to the SP_DATA_ACCESS role for the
content databases.
è This account is
assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm
configuration database.
è This account is
assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the
SharePoint_Admin content database.
Gireesh Painuly
References: MSDN
Whenever you are working from home, flexibility is a prerequisite. You are not bound into some particular working hours instead; you set your schedule for feasible working which is not less than a blessing. For me, it often means starting later and finishing later since I am a night owl and my productivity is way better than in the day.
ReplyDeleteBesides the above fact, if you want off from work for few days then you do not have to involve yourself in some consent or permission things from your boss, just work for longer hours to save the upcoming days of the week, and most of the times you are your own boss so following this strategy would not affect your working productivity. It will help you a lot in molding your life according to your schedule if you are getting it right.
If you want to read complete blog, visit our website.
https://academicswritingservice.co.uk/2020/07/11/advantages-of-work-from-home/