Change passwords used for administration accounts (Office SharePoint Server)
Updated: April 19, 2007
Applies To: Office SharePoint Server 2007
Use this task to change the password information for several features, services, and Web applications in Microsoft Office SharePoint Server 2007. Domain policies often require that domain account passwords be updated periodically. This change provides additional security in case one of the passwords might have been compromised. You can configure the various features, services, and Web applications of Office SharePoint Server 2007 to run as a domain account. Because domain policy might require passwords to expire regularly, you might have to change the passwords for these accounts for these features, services, and Web applications to continue to function properly.
If the service, feature, or web application pool is running as a built-in account, such as Network Service, the password does not expire and therefore will not need to be updated.
The passwords will need to be updated only if they are running under a domain account and domain policies require passwords to be expired.
The password information for the following will have to be updated after the passwords have been changed in the domain controller:
SQL Server (MSSQLSERVER) service
SQL Server Agent (MSSQLSERVER) service
SQL Server Full Text Search (MSSQLSERVER) service [optional]
SharePoint Central Administration Web application pool
Office SharePoint Server Search service
The default access account
Windows SharePoint Services Search service
Shared Service Providers
Microsoft Single Sign-On service
Windows SharePoint Services Timer service
Application pool identity for all Web applications used by Office SharePoint Server 2007
The OfficeServerApplicationPool identity runs as the Network Service account and will not to have to be changed.
Profile import feature
The following tasks are required to perform the procedures for this task:
Some of these procedures require that a Web application or Windows service be restarted. This might cause services or content to be momentarily unavailable to users. Each procedure will give the details of what must be restarted and the possible affects to users.
Some of these procedures require membership in the Administrators group on the local computer. Other procedures require only membership in the Farm Administrators group (WSS_RESTRICTED_WPG Windows security group). Each procedure will give details of what level of access is required to perform the procedure.
These procedures can only be performed after the password has been changed on the domain controller. The credentials entered are checked against those on the domain controller. If you enter the new password before the password has been changed on the domain controller, an error will result and the settings will not be changed.
If Office SharePoint Server 2007 is installed in a least-privileges configuration and you need to update the Office SharePoint Server 2007 password, use one of the following methods:
Method 1: Start the SPAdmin service on all computers in the farm before you update the password. Stop the SPAdmin service when the password update is complete.
Method 2: Add the database access account to the local administrators group of each computer in the farm that has an online search instance. Log on using that account, and then use the Stsadm command-line tool to update the password. When the password update is complete, remove the database access account from the local administrators group on each computer.
To change the passwords, perform the following procedures: