Skip to main content

SharePoint2010 Service Account (System Acccount)

Image
By
In SharePoint 2010 service account taking important part. Most of the services run under the different-2 service account. So while using the service account in SharePoint have to understand the about the service account. Service Account always gives the least privileges/Least Services. 

What is Service Account
  1. Service accounts are general administrator accounts that are used for maintenance purposes. 
  2. Usually these accounts are used to allow one system (rather than a user) to interact with another system or running a different-2 services. 
  3. The model for managing and provisioning service accounts is slightly different from normal provisioning. Service account has a higher permission then the normal account.
  4. Service accounts are requested, provisioned, and managed in the same manner as regular accounts. 
  5. Service accounts use the same resource objects, provisioning processes, and process/object forms as regular accounts. 
A service account is distinguished from a regular account by an internal flag. When a user is provisioned with a service account, SharePoint manages a mapping from the user's identity to the service account. This user is considered the owner of the Service Account.

SharePoint 2010 Service Account
  1. Service Account user must not be a member of AD admin Group.
  2. Uses least privileges/least services policy.
  3. Service Account basically a local account but preferable have an Active Directory account.  If you are scaling out your farm into multiple machine and multiple database.
  4. Service Account basically not used by human personally. It is used by the SharePoint Services. 
  5. You either use the same account for all the SharePoint Service; but it is bad practice to use the Single Account, It works for the Development machine. But in the development environment must use the different account for different services.
Problem with Service account problems
  1. When Password retention policy kicks in then services that running using service account stop working.
  2. Never use Login to your CA site or Your even your web site with "System Account". Best practice use AD account.

If the Service accounts not being used by the human being than how could the password change by that account?

In SharePoint 2007 this is disaster  most of the services stop running due to the password expiration policy this disadvantage fixed by the SharePoint 2010 by using the Managed Account Future that will automatically manage the Password expiration policy.

Register Managed Accounts (SharePoint Central Administration)
  1. To register new Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
  2. On the Security page select Configure managed accounts under General Security.
  3. On the Managed Accounts page select Register Managed Account.
  4. On the Register Managed Account page (see illustration below) specify the credentials and select the password change policies as desired.

List of SharePoint Service Account and Permission Please see the below link







Labels:

Comments

Post a Comment

Popular posts from this blog

SharePoint RPC Protocols Examples Using OWSSVR.DLL

By
What is SharePoint RPC Protocols? Part 1 This reference includes information about the methods and usage of SharePoint Foundation Remote Procedure Call (RPC) protocol. This protocol can be used in Win32-based applications or in ASPX applications to make HTTP POST requests to the server. Methods in this protocol that do not modify the contents of the database can also be used in URL protocol to make HTTP GET requests. Definition taken from http://msdn.microsoft.com/en-us/library/ms448359.aspx You will find the OWSSVR.DLL in SharePoint 2010 Server Physical Path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI and MOSS C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\ISAPI OWSSVR.DLL List of commands DialogView  Display ExportList GetProjSchema GetUsageBlob HitCounter RenderView To read more about the OWSSVR.DLL command Please read the URL Protocol from Microsoft Blog having a URL http://msdn.microsoft.com/en...
1 comment
Read more

SharePoint 2013 Search Database Part 1

By
SharePoint 2013 Search architecture drastically change, as earlier in FS4SP 2010 we have 2 search applications “FASTContentSSA” and “FASTQuerySSA” and 7 total database in use. Following are the List of DB (FS4SP) FASTContentSSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTQuerySSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTSearchAdminDatabase : Fast Search Admin Database  In SharePoint 2013 search has only 1 Search Service application and 4 database in use. No property store database need any more, now the properties are directly stored inside the index component and all the index directly indexed to the physical system where FS4SP data comes from database as well as from the File system now data directly stored and indexed/ retried from the Physical disk because of this performance increase and search experien...
Post a Comment
Read more

STS CryptographicException Error : Key set does not exist

By
Common mistakes Both SharePoint Site and SSO Site NOT running on the same application pool. Application pool identity user doesn’t have permission to access the certification.  Solution to this problem Set the same identity pool to  : 2. Be sure to grant rights to the certificate for the App Pool running the web service Start -> Run -> MMC File -> Add/Remove Snapin Add the Certificates Snap In Select Computer Account, then hit next Select Local Computer (the default), then click Finish On the left panel from Console Root, navigate to Certificates (Local Computer) -> Personal -> Certificates You're certificate will most likely be here. Right click on your certificate -> All Tasks -> Manage Private Keys Set you're private key settings here. Add app pool account Reset iis
Post a Comment
Read more