Saturday, 27 September 2008

Security account requirements for Sharepoint 2007

Security account requirements for the configuration of Sharepoint 2007
To install Office SharePoint Server 2007 in a server farm environment, at-least 2 accounts are required:
A user account that you can use to install Office SharePoint Server 2007 and run the SharePoint Products and Technologies Configuration Wizard. This account must be: A domain user account.

A member of the Administrators group on each of your front-end servers. A member of the SQL Server Logins, which grants login access to your SQL Server instance. A member of the SQL Server Database Creator server role, which grants permission to create and alter databases. A member of the SQL Server Security Administrators server role, which grants permission to manage server logins.

A unique domain user account that you can specify as the Office SharePoint Server 2007 service account. This user account is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. It is recommended that you follow the principle of least privilege and do not make this user account a member of any particular security group on your front-end servers or your back-end servers.