Initial deployment administrative and service accounts in SharePoint 2013
Applies to: SharePoint Server 2013 Standard, SharePoint Server 2013 Enterprise, SharePoint Foundation 2013
Topic Last Modified: 2014-06-11
Summary:Learn about the administrative and service accounts that are required to initially install SharePoint 2013.
This article provides information about the administrative and service accounts that are required for an initial SharePoint 2013 deployment. Additional accounts and permissions are required to fully implement all aspects of a production farm.
|For a complete list of permissions, see Account permissions and security settings in SharePoint 2013.|
|Do not use service account names that contain the symbol $.|
To deploy SharePoint 2013 on a server farm, you must provide credentials for several different accounts.
The following table describes the accounts that are used to install and configure SharePoint 2013.
SQL Server service account
The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services:
If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following:
Use either a Local System account or a domain user account.
If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (<domain_name>\<SQL_hostname>).
The instance name is arbitrary and was created when SQL Server was installed.
Setup user account
The Setup user account is used to run the following:
If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
Server farm account or database access account
The server farm account is used to perform the following tasks:
Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm.
The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles:
|We recommend that you install SharePoint 2013 by using least-privilege administration.|