Posts Tagged ‘Service Accounts’

Just another SharePoint VM–Part 2–Setting up the service accounts

October 10, 2012 Leave a comment

If you have not already checked it out, the installation and configuration of Windows Server 2012 on a new VM has been published in Part 1. We shall now progress on to setting up required service accounts before going on to install other software components and prerequisites for SharePoint.

When you install SharePoint, it is recommended that you create service accounts as which each of the several services – not only those of SharePoint but also those of SQL Server – may run. For SharePoint 2013, the required service accounts are enumerated in this TechNet guidance.

In order to create these service accounts, we’ll use the Active Directory Users and Computers tile on the Start Menu shown below:


When in the management console, expand the local domain, right click on the "Managed Service Accounts" branch and drill down the "New" option to create a new "User".


The first one we’ll create is a service account to run the SQL Server service as:


The following settings relating to the password policy are what I typically use to ensure that service account passwords do NOT expire and cause the services to stop unannounced.


Follow this up with a few more accounts:

1. To use as the SharePoint setup user – the low privilege account that we shall install SharePoint as – we shall call this "SP Setup"

2. For the farm account – the one that SharePoint application pool is going to use – we shall call this "SP Service"

3. The account using which to run the service applications after installing SharePoint – we shall call this "SP Services"

When done, you should have the following:


Next we need to add the SharePoint setup service account – known as SP Setup above to the local Administrators group on this server. To do this, right click on the user and choose "Properties". Go to the "Member Of" tab and click on the "Add…" button. In the "Select Groups" dialog, type "Administrators" into the object names to select box and click on "Check Names" to resolve it.


Click on "OK" on the "Select Groups" dialog to see the group added to the list of those that the user is a member of. Click "OK" on the Properties dialog to complete. After we have completed installing SQL Server 2012 on the machine, we will need to add a login to SQL Server for this user and add them to a couple of roles – securityadmin, dbcreator and db_owner.

NOTE: The documentation says you only need the db_owner role if you run powershell cmdlets using this account that affect the database which I usually do require.

NOTE: We do not do any of this for the SharePoint Farm account – known above as SP Service – because during SharePoint Configuration, this account should automatically be given the required database privileges.

We can now progress on to installation of SQL Server 2012 and SharePoint 2013.

Read about installing and configuring SQL Server 2012 in readiness for SharePoint 2013 in Part 3.

%d bloggers like this: