Viftech Page Loader

SharePoint 2013 In-Built Service Accounts Explained

You simply cannot have just one service account for multiple scenarios since not all scenarios require the same security levels, such as development and environment which do not in any way require the same kind of security levels that production does. A solution for this is to create different built-in service accounts for varying scenarios in SharePoint 2013 and SharePoint Online. We have compiled a list of three kinds of service accounts in the 2013 version of SharePoint based on varying security levels.

Low Security Option

The low security service account option is the one with comes with the minimum number of accounts required in order to install SharePoint properly. There is only one SQL account which is used as the administrator to run all services and five SharePoint service accounts listed below.

  1. Farm Administrator Account
  2. Web Application Pool Account
  3. SharePoint Service Application Pool Account
  4. Crawl Account
  5. User Profile Synchronization Account

SQL Server

The SQL Admin account is local administrator used to run the SQL server and it is a service account for services such as MSSQLSERVER SQLSERVERAGENT and SQL Admin on the SQL Server.

WHY?

As we have mentioned before, this service account is for low security reasons which is why there is only one. This is the local administrative account and is needed to be able to install SQL. You can also run the SQL AGENT along with Database Engine Services with this administrative account. You may also use this account to grant rights to your SP Farm.

WHY?

This security option is designed to utilize the lowest number of accounts while also maintaining the level of security that it promises. You can use SP Farm as your main SharePoint account during the configuration process but keep in mind that it needs to obtain local administrator rights first before being able to function adequately. Among the list of roles it needs, SP Farm also requires the Securityadmin and DBcreator roles on the server to create the configuration along with the databases. SP Farm will then become your Farm Administrator and it will run the Time Service and web apps for Central Administration so that it can easily access the SharePoint content database server.

SP Pool

This is a domain account which is used for the identification of the application pool. When you create a web application, a pool is created for it which is when you choose SP Pool.

SP Services

This is a domain account which is created to be used for Service Application pools. When users create a Managed Metadata Service application and a pool is created, SP Services is the account to be chosen.

SP Crawl

This account is made to be used within the Search Service Application. Its purpose is to crawl content. The service application automatically approves this request and allows it to gain access to overall web applications and to also run SharePoint Windows Search Service.

SP UserProfiles

This profile is utilized for User Profile sync between your Active Directory and your Service Application. Though there are no local rights granted to this account, you can give it its own Replicate Directory Changes Rights in the Active Directory to smoothen then process of synchronization.

Medium Security Option

This security option is your best bet when it comes to installing SharePoint as it utilizes a handful of more accounts than the low security option but the performance differences are quite significant. When you give limited rights to every account, you reduce the chances of damage in the event that a certain account is hacked, and you are also compliant with Microsoft’s own recommendations which suggests that you should install SharePoint 2013 with the least-privilege administration.

WHY?

This option was created to enhance security with the help of two administrative accounts rather than one: SP Admin and SP Search. In this setting, you don’t give the complete Farm administrative rights to the SP Farm account, but rather rely on SP Admin to install and configure SharePoint 2013. The SP Farm is only allowed to run the services as well as to connect to the database. What’s more is that instead of allowing the SP Crawl account to run the Windows Service along with having READ rights over all of the web applications, this task will now be done with SP Search.

SP Farm

This is a domain account on which SharePoint Timer Service and web applications for Central Administration access the SharePoint content database. To make this happen, this account does not need administrative rights. The SharePoint configuration wizard gives out the proper minimal privilege into the back-end development of the SQL Server database. This kind of minimum privilege has roles such as security admin and dbcreator.

SP Admin

You can use this domain account to not only install but to also configure the farm. SP Admin is also the account you use to run the SharePoint Configuration Wizard for SharePoint 2013. This is the only account which explicitly requires local administrative rights to function.

SP Pool

This account is utilized for application pool identity. When you create any web application and a pool is created for it, this is the account to be used.

SP Services

SP Services is a domain account which you can use for Service Application Pools. When you create a managed metadata service application and a pool is created for it, this is the account to be used for it.

SP Crawl

This domain account can be used within the Search Service application to migrate through the content to gain read access overall web applications.

SP Search

This domain account is used to run the SharePoint Windows Search Service.

SP UserProfiles

In the medium security level, this account is used to enable User Profile Sync between your active directory and your service applications, however, it does not require any local administrative rights to do so. You can give it its own Replicate Directory Changes Rights in the Active Directory to smoothen then process of synchronization.

High Security Option

This is the highest security level which provides you with the kind of security you need if your main goal is absolute safety. It comes with the most number of service accounts but provides only a small increase in security for the farm. However, you may use this security for a number of reasons.

WHY?

There is a difference between the medium and high security options which means we now have a different account for two base services: SQL Agent and Database Agent, however, there are no new changes for the SQL Admin.

SQL Admin

This is the local administrator accounts and it needs local rights to help install SharePoint 2013 and SharePoint online onto the SQL Server.

SQL Agent

This account has no local rights and is only used to run the SQL Agent Windows Service.

SQL Engine

This account is only utilized to run the Database engine windows service.

WHY?

Since there is only one difference between the medium security and high security accounts options, we know that the new addition is that we now have a new account for the web application pool hosting which is why we will only be discussing the new addition here.

SP MySitePool

This is a new addition to the high security option. It is a domain account that’s sole purpose is to be used for My Sites Web Application Pool Identity which is fairly simple to the SP Pool. However, this account is only used for the My Sites Web Application.

Which security option you choose entirely depends on the needs your organization faces. However, should any confusions arise, you can always rely on reputable SharePoint development firms like Viftech to always have your back.

# Tags:

Close

Leave a Reply


Similar Blog Articles

Top SharePoint Online Consulting Companies Near Me

Microsoft SharePoint, also known as Microsoft SharePoint Products and Technologies, is a business collaboration platform launched in 2001, consisting of software products and elements that includes, among a selection of components, collaboration functions, based on web browser, process management modules, search modules and a document management platform (document management). The evolution of SharePoint is attributed […]

Rating — 5 (2 voices) by Farhan on October 11, 2019

5 Key Trends of SharePoint as a Service in 2019

In 2015 it was said that SharePoint is back and stronger than ever. In fact, it’s amazing how SharePoint has found its way back to winning ways and is now the core tool for Collaboration and Intranet as part of Microsoft 365 and Office 365. Microsoft has renewed the complete UI in recent years, and […]

Rating — 5 (2 voices) by marvi syed on September 25, 2019

How Much Does SharePoint License Cost?

SharePoint is truly one of the world’s most incredible platforms for any organization. It allows workers to share and handle content, and data enabling better teamwork. By acquiring a SharePoint license, you get the chance to manage your content effectively, and it also helps to improve the productivity of your business. SharePoint allows dynamic teams to connect and collaborate on projects efficiently. They can share files, data, and information, […]

Rating — 5 (2 voices) by developer on August 21, 2019

YOU'VE GOT

A PROJECT IN MIND

WHAT'S NEXT?

Sent us a message with a brief description of your project. Our expertteam will review it and get back to you within one business day withfree consultation and to discuss the next steps.