Service account for central Admin in SharePoint

As most of you probably know, SharePoint should be installed with two service accounts. One, lets call it spserviceaccount, should be the account that runs all SharePoint web applications, all mysites etc and the otherone, lets call it spappserviceaccount, should only run the central admin app-pool.

So why, well, imagine if you hade the same account even for central admin, what could happen? If, someone bad, was to hack the SharePoint so that it could start running bad programs, they would also be able to create new sites, delete sitecollections and more. Not very nice, hence we use a special app account central admin to make sure that we are just a bit safer.

How do we do set it?
Best way is to actually run the installation wizard as spappserviceaccount and make sure you set the right user in every step of the installation.

Already up and running and want to change it?
Well, I havn’t tried this, but it is supposed to be doable using stsadm, please check this kb-article: http://support.microsoft.com/kb/934838

It should be something like:
stsadm –o updatefarmcredentials –userlogin DomainNameUserName -password NewPassword

But please check the article.

Gustaf Westerlund
CRM and SharePoint Consultant

Humandata AB
www.humandata.se