Monday, March 26, 2012

Who really is this farm account in SharePoint 2010

If you have been working with SharePoint and if you are reading articles related to SharePoint, this word, "Farm Account" appears a lot in them and definitely you should be familiar with it. But I am pretty sure you must be wondering where you are defining this farm account at the first place in SharePoint. Is it your domain Administrator or someone else.

This is the place where you define the farm account for your SharePoint 2010.

Specify Configuration Database Settings

Even though the SharePoint 2010 Product Configuration Wizard asks you to specify a user as a database access account, it's not just an database access account. This account is the farm account which is used as the application pool identity for Central Administration and as the process account for the Microsoft SharePoint Foundation 2010 Timer service.

The server farm account requires the domain user account permissions. But I am always granting him domain administrator's permission and of course it's not required.

After you run the SharePoint Configuration Wizard, machine-level permissions include:
  • Membership in the WSS_ADMIN_WPG Windows security group for the SharePoint Foundation 2010 Timer service.
  • Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer service application pools.
  • Membership in WSS_WPG for the Central Administration application pool.

After you run the configuration wizards, SQL Server and database permissions include:
  • Dbcreator fixed server role.
  • Securityadmin fixed server role.
  • db_owner for all SharePoint Server 2010 databases.
  • Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 server farm configuration database.
  • Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 SharePoint_Admin content database.

After you have completed the Product Configuration Wizard and when you are logged into SharePoint, in the right top corner of the bowser if you are logged in as "DOMAIN\Administrator", you are not logged in from the farm account. It is from your domain administrators account. If you are logged in as "System Account", then it is from your farm account. Please identify the difference.

For more information on account permissions and security settings on SharePoint 2010,
     Visit

Happy Coding.

Regards,
Jaliya