SharePoint 2013 Best Practices: Service Accounts

Wednesday, February 6, 2013

Service Account Overview

  • SQL_Service, for the SQL Server service.
  • SQL_Admin, for the SQL Server administrator.
  • SP_Admin, for the SharePoint administrator and setup user.
  • SP_Farm, for the SharePoint farm service.
  • SP_WebApps, for the user-facing web application app pool.
  • SP_ServiceApps, for the service application app pool.
  • SP_Crawl, default content access account.
  • SP_UserSync, user profile synchronization account.
  • SP_EnterpriseAdmin, powerful account for handling all kinds of high privileg operations.
  • Farm administrators, normal admin user accounts are used as SharePoint Farm Administrators.


​​This account should be used for running SQL Server engine and SQL Server Agent. Create inside Service Manage Accounts Container inside AD to keep it controlled. Have the following characteristics:​
  • Belongs to the Users Domain Group.
  • ​​Use only for this two SQL services, if installed more (what you should do) keep the service accounts suggested by the installation program..


This account is needed for performing high privilege jobs and (such as installing fixes, upgrades, etc.). It needs to have the following permissions:
  • Either SQL Administrator or db_owner of all SharePoint databases.
  • Local administrator of each SharePoint server.
  • Member of Farm Administrators group.

share this post
Share to Facebook Share to Twitter Share to Google+ Share to Stumble Upon Share to Evernote Share to Blogger Share to Email Share to Yahoo Messenger More...