Corey’s Guide to SharePoint 2013 Service Accounts
Posted
Wednesday, July 31, 2013 3:09 PM
by
CoreyRoth
For SharePoint 2010, I wrote a post that covered some typical service accounts that you might need along with suggested names. I wanted to update the list for SharePoint 2013 as I get asked these questions a lot by people new to installing things. This list is of course open to debate but this is typically what I personally am going to start with when setting up a new multi-server SharePoint 2013 farm. Did I miss anything? Do you have any suggestions? Leave a comment!
Here is the list I typically start with. I have included a brief description of what the account is used for and the required permissions.
| Account | Permissions | Description |
| sp_Setup | - SQL Server – dbcreator and securityadmin roles
- Local administrator on SharePoint servers
| - This account is used to perform the initial install and configuration of SharePoint.
- Technically not a service account
|
| sp_Farm | - SQL Server – dbcreator and securityadmin roles
- Allow log on locally
- Log on as a service
| - SharePoint farm account specified in SharePoint Configuration Wizard
- This account also will have local administrator privileges when provisioning User Profile Synchronization
|
| sp_PortalAppPool | | - Application pool account for main SharePoint web application
- Could also just be called sp_AppPool or spAppPool + <PortNumber>
|
| sp_ServiceAppPool | | - Application pool account for web application hosting service applications
|
| sp_MySitesAppPool | | - Application pool account for My Sites web application
|
| sp_UserProfileSync | | - Account used to synchronize user profiles from Active Directory
|
| sp_Search | | - Account used for running Search Service
|
| sp_SearchCrawl | - Full Read on each web application
| - This account is used by search when crawling
- This account must not have local administrator permission or SharePoint administrator permissions
|
| sp_SuperUser | | - Used for caching on publishing sites.
|
| sp_SuperReader | - Full-read permission in User Policy for Web Application
| - Used for caching on publishing sites.
|
| sp_Workflow | - SQL Server – dbcreator and securityadmin roles
- Log on as a service
- Allow log as locally
| - Login with this account when installing Workflow Manager
- Be sure to specify this account user@domain format.
- Used for Workflow Manager and Service Bus services
- Should not be the same account as farm account
|
Note for some of the permissions such as “Log on as a batch job” or “Log on as a service”, you will not have to set unless you are in an environment that specifically locks these down.
Some SQL accounts that you will likely use:
| Account | Description |
| sp_SQLService | - Service account for SQL Server.
|
| sp_SQLAgent | - SQL Server Agent account.
|
| sp_SSAS | - Service account for SQL Server Analysis Services.
|
| sp_SSRS | - Service account for SQL Server Reporting Services.
|
This is a decent list to get you started. For reasons why you might want this many accounts be sure and check out my SharePoint 2010 post on the same topic. That post covers why you want multiple accounts and reminds you that you should use different accounts for production environments. Let me know what you think and I’ll post updated to the list! Thanks!