This Post is part of  SharePoint 2010 Installation Series

Accounts list

It is strongly recommended to create domain accounts and use them as service accounts.

For more information see this topic

You need to create at least the following accounts in Active Directory

My current naming scheme is Computer Name-Product – User Role

In my case i am using one account the farm admin account (Fo-Dev-07-SP-Farm )for all

The sharepoint services.

But you should create for every service a separate service account in order to meet least-privilege security best practice.

You should give a service account only the permissions needed by the service to work properly. E.g. the content access account only needs read permissions. Using the SharePoint Farm Account which is member of the farm administrators group as the content access account isn’t the thing I would do

Create Accounts

Steps to add users

1. Click Start , Administrative Tools , Active Directory Users And Computers
2. Select the folder you want to add user in and right click it add new user
3. Enter User Details , Click Next
4. Enter password And Uncheck User Must Change Password
5. Check User Cannot Change Password and Password Never Expires

 

1. Click Next and Finish
2. Repeat the same process for all the users

Assign Permissions

Setup administrator( Fo-Dev-07-SP-Admin )

1. You need to put the setup Admin account has to be a member of the administrators group on every server SharePoint should be installed
   1. Select Start , Administrative Tools , Computer Management
   2. Under System Tools – Local Users and Groups
   3. Right Click Administrators – Properties
   4. Click Add enter Setup Admin account (Fo-Dev-07-SP-Admin(
   5. Repeat the same steps for each server in the farm
2. The same above steps should be done to the account Fo-Dev-07-SP-Farm
3. Setup Admin account must be assign the following roles in the sql server : dbcreator and securityadmin. ( will configure that in the SQL Server Installation Step Later in this series )

Farm account ( Fo-Dev-07-SP-Farm )

The farm account is used for the following things :

1. "Configure and manage the server farm."
2. "Act as the application pool identity for the SharePoint Central Administration Web site."
3. "Run the Microsoft SharePoint Foundation Workflow Timer Service."
4. In my case i am using the same account for the SharePoint services.

SQL Server service account ( Fo-Dev-07-SQL-Services )

You don’t need to assign permissions since they are assigned during installation of SQL Server 2008.

The SQL Server service account is used to run SQL Server and should be a domain account.

1. 

   Kevin Hughes

   04/27/2010 at 9:46 pm

   I hate to be nitpicky, but this seems to describe a MOSS 2007 environment, not a SharePoint Server 2010 installation. There is no SSP, WSS or MOSS in SP Server 2010. And while you reference the correct article in technet regarding the three initial setup accounts, you don’t reference http://technet.microsoft.com/en-us/library/cc560988(office.14).aspx#About which describes the numerous services which aren’t named in your article. Another thing is that in SP2010 you no longer have to set the service accounts to “can’t change password” or “password never expires” since the concept of “Managed Accounts” is introduced.

   Let me know when you have a revised article. I’d love to see it.

   Kevin

   Reply
2. 

   Serial

   11/05/2010 at 2:11 am

   At least 7 or 8 thousands visitors at your weblog now, nice results for single website.

   Reply
3. 

   G

   04/13/2011 at 2:56 pm

   Abdel,

   As Kevin mentioned above, can you please revise your article with corrections ? This can be misleading to sharepoint newbies if they come across your article and make it as a reference. This post is for MOSS 2007 and NOT Sharepoint 2010

   Reply