* Domain user account
* MSSQLSERVER
* SQLSERVERAGENT
* MSSQL$InstanceName
* SQLAgent$InstanceName
* Domain User Account
* Setup
* Member of administrators group on each server on which setup is run
* SharePoint Products Configuration Wizard * SQL Server login on the computer that runs SQL Server
* Member of following SQL Server security roles:
* securityadmin fixed server role
* dbcreator fixed server role
if you run powershell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database
Following machine level permissions are assigned to the setup user account after running configuration wizard:
* Membership in WSS_ADMIN_WPG windows security group
* Membership in IIS_WPG role
Following database permissions are assigned to the setup user account after running configuration wizard:
* db_owner on the SharePoint Server 2010 Server Farm Configuration database
* db_owner on the SharePoint Server 2010 Central Administration content database
* Membership in WSS_SHELL_ACCESS database role
Server Farm Account Or Database Access Account Farm Account Used to perform following tasks:
* Domain User Account
* Configure and manage the server farm Additional permissions are automatically granted for the server farm account on web servers and application servers that are joined to the farm
Application pool identity for SharePoint Central Administration Web Site
This account is automatically added as a SQL Server Login on the computer that runs SQL Server, and following SQL Server security roles are assigned:
* Run the Microsoft SharePoint Foundation Workflow Timer Service
* dbcreator fixed server role
* securityadmin fixed server role
* db_owner fixed database role for all SharePoint databases in the server farm
* Membership in WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 Server farm configuration database
* Membership in WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 SharePoint Admin content database
Following machine level permissions are assigned to the server farm account after running configuration wizard:
* Membership in WSS_ADMIN_WPG windows security group
* Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer Service application pools
* Membership in WSS_WPG for the central administration application pool
Microsoft SharePoint Foundation 2010 Search Service Account Service account used by Microsoft SharePoint Foundation 2010 Search Service * Domain User Account
Following machine level permissions are configured automatically:
* Membership in WSS_WPG
* Memebership in WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 Server farm configuration database
* Read access to server farm configuration database
* Read access to the SharePoint admin content database
* db_owner role for the Microsoft SharePoint Foundation 2010 search database
Microsoft SharePoint Foundation 2010 Search Content Access Account This service account is used by the SharePoint Foundation 2010 Search service to crawl content across sites
* Domain User Account
* Following SQL Server and database permissions are configured automatically:
* Read across to the server farm configuration database
* Read access to the SharePoint admin content database
* This account is assigned to the db_owner role for the SharePoint Foundation 2010 search database
* Full read policy for the SharePoint Foundation 2010 search content access account for all web applications
Application Pool Account Service account used for application pool identity
* Domain User Account
Following machine level permissions are configured automatically:
* Membership in WSS_WPG group
Following SQL Server and database permissions are configured automatically:
* db_owner role for all the content databases
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint admin content database
Microsoft SharePoint Server Search Service Account Service account used by Microsoft SharePoint Server Search Service * Domain User Account
* Must have access to the propogation location share (or shares) on all search query servers in a farm
* Modify Permissions on %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS
Following machine level permissions are configured automatically:
* Member in WSS_WPG group
Following SQL Server and database permissions are configured automatically:
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with farm configuration database
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint admin content database
Default Content Access Account Default content access account is used to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern * Domain User Account
* Read access to external or secure content sources that you want to crawl by using this account
* For SharePoint Server sites that are not a part of the server farm, this account must be explicitly granted full read permissions to the web applications that host the sites
Content Access Accounts Accounts that are configured to access content using the Search Administration crawl rules feature Optional * Domain User Account
* Read access to the external or secure content sources that this account is configured to access
* For SharePoint Server sites that are not a part of the server farm, this account must be explicitly granted full read permissions to the web applications that host the sites
Excel Services unattended service account Service account is used by excel services to connect to external data sources that require user name and password, if the account is not configured excel services will not attemt to connect to these types of data sources * Domain User Account
My Sites Application Pool Account Application pool account used by web application that will host all my sites * Domain User Account
Following machine level permissions are configured automatically:
* Membership in WSS_WPG group
Following SQL Server and database permissions are configured automatically:
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with farm configuration database
* Assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint admin content database