SharePoint2010 Service Account (System Acccount)

In SharePoint 2010 service account taking important part. Most of the services run under the different-2 service account. So while using the service account in SharePoint have to understand the about the service account. Service Account always gives the least privileges/Least Services. 

What is Service Account
  1. Service accounts are general administrator accounts that are used for maintenance purposes. 
  2. Usually these accounts are used to allow one system (rather than a user) to interact with another system or running a different-2 services. 
  3. The model for managing and provisioning service accounts is slightly different from normal provisioning. Service account has a higher permission then the normal account.
  4. Service accounts are requested, provisioned, and managed in the same manner as regular accounts. 
  5. Service accounts use the same resource objects, provisioning processes, and process/object forms as regular accounts. 
A service account is distinguished from a regular account by an internal flag. When a user is provisioned with a service account, SharePoint manages a mapping from the user's identity to the service account. This user is considered the owner of the Service Account.

SharePoint 2010 Service Account
  1. Service Account user must not be a member of AD admin Group.
  2. Uses least privileges/least services policy.
  3. Service Account basically a local account but preferable have an Active Directory account.  If you are scaling out your farm into multiple machine and multiple database.
  4. Service Account basically not used by human personally. It is used by the SharePoint Services. 
  5. You either use the same account for all the SharePoint Service; but it is bad practice to use the Single Account, It works for the Development machine. But in the development environment must use the different account for different services.
Problem with Service account problems
  1. When Password retention policy kicks in then services that running using service account stop working.
  2. Never use Login to your CA site or Your even your web site with "System Account". Best practice use AD account.

If the Service accounts not being used by the human being than how could the password change by that account?

In SharePoint 2007 this is disaster  most of the services stop running due to the password expiration policy this disadvantage fixed by the SharePoint 2010 by using the Managed Account Future that will automatically manage the Password expiration policy.

Register Managed Accounts (SharePoint Central Administration)
  1. To register new Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
  2. On the Security page select Configure managed accounts under General Security.
  3. On the Managed Accounts page select Register Managed Account.
  4. On the Register Managed Account page (see illustration below) specify the credentials and select the password change policies as desired.

List of SharePoint Service Account and Permission Please see the below link







Comments

Popular posts from this blog

SharePoint RPC Protocols Examples Using OWSSVR.DLL

Types of Features in SharePoint 2013

STS CryptographicException Error : Key set does not exist