gtrapp
asked on
What accounts to use for what service in SharePoint Server 2010?
In the application event logs, I see this error:
The SharePoint Health Analyzer detected a condition requiring your attention. Accounts used by application pools or service identities are in the local machine Administrators group.
Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow malicious code to execute. The following services are currently running as accounts in the machine Administrators group:
SharePoint - 80 (Application Pool)
SharePoint Central Administration v4 (Application Pool)
OSearch14(Windows Service)
SPTimerV4(Windows Service)
WebAnalyticsService(Window s Service)
However, when looking at the drop down list box for services and web applications on the Credential Management page in Central Administration, I don't see some of these that are listed above in the log. I like to change the accounts that the services are using.
Drop down list box has these listed:
Farm Account
Service application Pool - Security Token Service Application Pool
Service Application Pool - SharePoint Web Services Default
Service Application Pool - SharePoint Web Services System
Web Application Pool – MySites
Web Application Pool - SharePoint - 80
Windows Service - Claims to Windows Token Service
Windows Service - Document Conversion Launcher Services
Windows Service - Document Conversion Load Balancer Service
Windows Service - Microsoft SharePoint Foundation Sandbox Code Service
Windows Service - SharePoint Foundation Help Search
Windows Service - SharePoint Server Search
Windows Service - User Profile Synchronization Service
Windows Service - Web Analytics Data Process Service
For the ones I don’t know, which services reported in event log above, would match what services are listed in the drop down list box?
SharePoint Central Administration v4 (Application Pool) = ??
SPTimerV4(Windows Service) = ??
OSearch14(Windows Service) = Windows Service - SharePoint Server Search ( I think)
Thank you.
The SharePoint Health Analyzer detected a condition requiring your attention. Accounts used by application pools or service identities are in the local machine Administrators group.
Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow malicious code to execute. The following services are currently running as accounts in the machine Administrators group:
SharePoint - 80 (Application Pool)
SharePoint Central Administration v4 (Application Pool)
OSearch14(Windows Service)
SPTimerV4(Windows Service)
WebAnalyticsService(Window
However, when looking at the drop down list box for services and web applications on the Credential Management page in Central Administration, I don't see some of these that are listed above in the log. I like to change the accounts that the services are using.
Drop down list box has these listed:
Farm Account
Service application Pool - Security Token Service Application Pool
Service Application Pool - SharePoint Web Services Default
Service Application Pool - SharePoint Web Services System
Web Application Pool – MySites
Web Application Pool - SharePoint - 80
Windows Service - Claims to Windows Token Service
Windows Service - Document Conversion Launcher Services
Windows Service - Document Conversion Load Balancer Service
Windows Service - Microsoft SharePoint Foundation Sandbox Code Service
Windows Service - SharePoint Foundation Help Search
Windows Service - SharePoint Server Search
Windows Service - User Profile Synchronization Service
Windows Service - Web Analytics Data Process Service
For the ones I don’t know, which services reported in event log above, would match what services are listed in the drop down list box?
SharePoint Central Administration v4 (Application Pool) = ??
SPTimerV4(Windows Service) = ??
OSearch14(Windows Service) = Windows Service - SharePoint Server Search ( I think)
Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Questions:
How do I change the SharePoint 2010 Timer service account?
How do I change the Central Admin Application Pool account?
When I run STSADM updatefarmcredentials, will it change accounts used by services?
What is the best way to change a service account for other service application pools?
I need to review all of the services and what accounts they are using. I have the wrong accounts running services.
Thanks.