Central Administration errors "The server farm account should not be used for other services." RRS feed

  • Question

  • Hello.  Very new to sharepoint (but enjoying it).  I configured a small farm (on a single server) for a small office (40 users).  I used my DOMAIN\administrator account as my server farm account (in retrospect this isn't a good idea huh?).  Now when I go into Central Administration I get an error saying "The server farm account should not be used for other services." because I'm assuming this same DOMAIN\administrator account is being used for all my other services. 

    The explanation is as follows:

    DOMAIN\administrator, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm. The following services were found to use this account: Microsoft Project Server Events Service executes events triggered by changes to entities on the ProjectServer.(Windows Service) 
    SharePoint - 80 (Application Pool) 
    User Profile Synchronization Service(Windows Service) 
    OSearch14(Windows Service) 
    Microsoft Project Server Queuing Service executes project related jobs asynchronously. Example queue jobs: Save project, publish project, submit timesheet.(Windows Service) 
    Web Analytics Data Processing Service(Windows Service) 

    Now I know I need to make a new managed account in the Register Managed Account window of Central Administration, but where does this account need to originate?  From my Active Directory Service?  I'm guessing (I want to be absolutely clear before moving forward) that I need to make two new accounts in my domain: a server farm account (something like domain\SharePointFarmAccount) and a services account (DOMAIN\SharePointServicesAccount).  Then I can reference them as managed accounts in Central Administration?  And then set my new SharePointFarmAccount to manage the Farm Account and my services account to manage those services?  Am I right?  If so, what rights (on the domain) do these accounts need?

    Thank you !

    Monday, July 18, 2011 7:22 PM


All replies