Setting Users for my managed services and application pools

I setup my SharePoint 2013 test environment and I developed an intranet site. Now inside my test environment I set all the application pool & managed services to use Farm user account for simplicity. Now I want to setup my UAT environment and I want
to follow the best practice for managing users and service accounts.
I have read the “Core Solutions Of MS SharePoint 2013” book, and it have listed the following table:-
First question. What is the difference when saying that the user “Must be a member of the Farm Administrators group” Or must be “Domain user account”?
Second question , when I first install SharePoint 2013 a lot of applications pools and managed services such as excel services , access services, Performance Point Service Application, business
data connectivity and Machine Translation Service  will be automatically created , so which account they will be using and should I define separate accounts for each managed service ?
Third question. What is the recommendation for SharePoint 2013 regarding service accounts?, to use separate account for each manage service, for example one user for excel services , second user
for access services ,etc?
Fourth question. For example the documentation mentioned that the Required roles for the excel services is “Domain user account.”, but what permissions this domain user need to have ?
thanks for any help, and sorry so adding multiple questions inside the same post.

Q #1: This means the user must be part of the Farm Admins group. Every user is a Domain User.
Q #2: Generally those should be using a single Domain User account in a single Application Pool to minimize memory usage and reduce unnecessary complexity.
Q #3: The less Application Pools the better. E.g. One account/App Pool for all Web Applications, one account/App Pool for all Service Applications, and then Central Administration is obviously separate.
Q #4: You don't need to specifically give this type of user any sort of rights
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Similar Messages

  • Change "Services and applications" names in failover cluster manager

    Hi. Id like to change "Services and applications" names in failover cluster manager for Windows Server 2008 R2.
    I right click on one and press rename, but when i change the name and press enter i get the message "To rename this service or application please rename the Client Access Point via its property page"
    It's important that we don't change the network name for the service

    Hi,
    Checkout this blog post
    PowerShell for Failover Clustering: Let’s Rename a Few Things
    But keep in mind if you rename the resources and you are using them in a script or backup you need to check this also with the new name.
    Greetings, Robert Smit Follow me @clustermvp http://robertsmit.wordpress.com/ “Please click "Vote As Helpful" if it is helpful for you and Proposed As Answer” Please remember to click “Mark as Answer” on the post that helps you

  • "Services and Applications" is missing from the Failover cluster manager menu

    Hi,
    I am not sure this is the right group for my question, but I couldn't find anything else more suitable.
    In my Hyper-V installation (Windows 2012 Data Center), I am missing "Services and Applications". I am using Windows 8 to manage the cluster and I need this menu to import an existing VM into the cluster. How can I get this option or is there a
    software that I need to install?
    Thanks

    Repost here: http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/threads
    in the Hyper-V forum.  You'll get a lot more help there.
    This forum is for Virtual Server 2005.

  • In cluster Manager there are no services and application listed on a node.. what does this mean?

    In Cluster Manager I can see two nodes listed.
    When I click on the first it lists the two SQL Server instances.
    On the other node there are no services and application listed....what does this mean?
    Mr Shaw

    Yes Instance A and Instance B will also be installed in the second node.
    Just go to configuration manager in the other node, you will see those instances in stopped state.
    Assume I install Instance A in a 2 node cluster with node A and Node B, it installs instanceA binaries in both nodes, What it does when failover is shutdown Instance A in Node A, move the disks to node B and start the instance A in the node B. Its basically
    the same instance.
    Regards, Ashwin Menon My Blog - http:\\sqllearnings.com
    Oh I get you.. 
    The missing bit on the puzzle is that the binaries are installed on both nodes at the same time.
    Thanks,
    Ben
    Mr Shaw

  • Work Management Service (WMS) Application on mulit-farms

    Hi guys,
    Is there any limitation for configuration the Work Management Service (WMS) Application on multi-farms?
    I have 2 farms – farm A hosts all SAs and farm B hosts only web contents.
    I understand there is dependency between WMS and search and UPS. Does that mean I cannot deploy my WMS on farm A?  
    Thanks

    Hi,
    According to your post, my understanding is that you want to configuration the Work Management Service (WMS) Application on multi-farms.
    Per my knowleadge, you can deploy Work Management Service on farm A.
    Though there is dependency between WMS and search and UPS, , some service applications such as Search and User Profile can be shared across server farms in SharePoint 2013.
    In addition, you can also configure a SharePoint Server 2013 content farm that receives search queries to trust the SharePoint Server 2013 farm that sends the queries.
    More information:
    Share service applications across farms in SharePoint 2013
    Configure trust for search between two SharePoint Server 2013 farms
    SharePoint 2013: Work Management Service Application
    Best Regards,
    Linda Li
    Linda Li
    TechNet Community Support

  • One of cloud doesn't work in failover with Event ID 1205 and 1069 and unable to move services and application another node

    Any one please respond.
    I've been working on creating a windows server 2008 R2 cluster for about a month now and I keep getting an error whenever I try to add a 2nd node. I keep
    getting The cluster node is not reachable. However, when I validate the configuration, everything goes through success. I created and destroyed the cluster a couple of times, but no luck. I even re-installed Windows Server 2008 R2 on both servers, re-configured
    the iSCSI, and the same warning keeps coming up. 
    I installed a new a new SQL Server 2008R2 Named Instance on an exisiting SQL Server cluster node (Node 1 &Node2). When I try to manually fail
    over 
    the Services and applications  to another node (Node1 to node2) using Failover Cluster Manager, I get the errors
    The cluster has these Events:
    Event ID
    1069: Cluster resource 'IP Address xx.xx.xx.xx' in clustered service or application 'ClusterDtc' failed.
    Event ID 1205:The Cluster service failed to bring clustered service or application 'ClusterDtc' completely online
    or offline. One or more resources may be in a failed state. This may impact the availability of the clustered service or application..
    Why the cloud server doesn’t move to node2? you can see screen shorts below.
    1.
    in system configuration-
    3. in
    system configuration---->warning--->Validate All Drivers Signed
    after creating cluster I got below errors.
    Any info you might know would be really helpful.

    Dear Ravikumar
    From clone support they given reply mail...
    mail from Ramu...
    That would be a typical work around in this situation. But what we intend to do cannot be accomplished through this work around as we need the validations to complete successfully.
     We are looking for an option either to get the driver signed or use a different signed adapter for the same. Could you please suggest us something on that line. 
    Mail from Support....
    Hello,
    Unfortunately this is not something that we would be able to do in a virtual environment; You are welcome to try different drivers however we would not be able to provide any support 
    for untrusted drivers. The only true solution would be to upgrade from a VM to a dedicated server where you would have control of all the drivers as there is no virtualization layer to
     contend with. Stepping into the territory of untested drivers for a custom configuration in a virtual environment will certainly prove to be an uphill battle.
     I would advise contacting Microsoft's support for additional assistance as they will be able to provide the most accurate information regarding this concern. 
    Regards
    Systems Administrator

  • Problem in adding Custom Provider for Work Management Service

    Hello,
    I'm facing an issue in adding custom provider for work management service. As you are aware, Work management service is a Provider model and we
    can integrate with other systems by adding custom providers. So with that confidence, i have started writing a connector as mentioned below.
    Step - 1: Added new provider xml in the below path
    "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\CONFIG\WorkManagementService\Providers"
    Provider Name: provider.bizagitasklist
    Provider XML Content: 
    <Provider ProviderKey="DAA52AF3-A147-4086-8C0C-82D2F83A089D" OverrideProviderKey="" Assembly="adidas.TaskProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5d6f3e6be60a351b" > </Provider>
    Step -2: Added a class which inherits "IWmaTaskProvider" and implemented the override methods.
    public class BizAgiTaskListProvider : IWmaTaskProvider
    public string LocalizedProviderName
    get { return "BizAgiTaskListProvider"; }
    public string ProviderName
    get { return "BizAgiTaskListProvider"; }
    public Microsoft.Office.Server.WorkManagement.CalloutInfo GetCalloutInfo(IWmaTaskContext context, string taskExternalKey, string locationExternalKey)
    return null;
    public DashboardExtensionInfo GetDashboardExtensionInfo(IWmaBasicProviderContext context)
    return new DashboardExtensionInfo { ClassName = "SP.UI.SharePointExtension" };
    public BulkEditResult HandleBulkEdits(IWmaTaskContext context, BulkEdit updates)
    return null;
    public TaskEditResult HandleTaskEdit(IWmaTaskContext context, BaseAggregatorToProviderTaskUpdate taskUpdate)
    return null;
    public void RefreshSingleTask(IWmaTaskRefreshContext context, string externalKey)
    public void RefreshTasks(IWmaTaskRefreshContext context)
    //context.WriteProviderCustomData(
    Step – 3: Written a class to fetch the tasks from BizAgi System which has method to provide the task data.
    But I’m not able to feed those tasks in the class written in Step – 2 as I’m able to find any method which will take Tasks as Input and I’m not
    sure about the format of tasks.
    I’m able to debug the provider, and the breakpoint hitting in only one method and two properties.
    (LocalizedProviderName, ProviderName, GetDashboardExtensionInfo).
    Can you please help me to proceed further in implementing the above solution?
    Best Regards
    Mahesh

    Hi Mahesh,
    Although the implementation of work management service application is based on the provider model, I reckon the current SP 2013 RTM does not support custom providers. Only SharePoint task lists, Project server and MS Exchange are supported for now.
    Regards,
    Yatin

  • Company code set up for material management

    Experts,
    When I try to create sales order error is coming Comany code IN02 not set up for material management. In OMSY I have changed current and previous accordingly.
    Resolve this.
    Thanks & regards,
    Supriyo

    Mr. Naren,
    This is not a reply from an expert. I am practicing in IDES on my own in my house. I try to do all things in configuration on my own with the available study material.
    Whenever I get any error first I try myself whether it takes 2/3 days to get it resolved. Then I go to Google for further search help. Finally I go to SCN.
    Thanks & regards,
    Supriyo

  • The OMS is not set up for Enterprise Manager Security

    Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
    bash-2.05$ ../../bin/emctl secure agent <password>
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Agent is already stopped... Done.
    Securing agent... Started.
    Requesting an HTTPS Upload URL from the OMS... Failed.
    The OMS is not set up for Enterprise Manager Security.
    i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
    heres the emdctl.trc on the agent machine:
    2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    bash-2.05$ lsof | grep 3872
    bash-2.05$
    seems to be failing the connect but nothing is running on the port so i'm not sure why
    Thanks in advance
    Message was edited by:
    user581869

    some further information and hopefully someone can help me...
    I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
    $OMS_HOME/opmn/bin/opmnctl stopall
    $OMS_HOME/bin/emctl stop oms
    $OMS_HOME/bin/emctl secure oms
    $OMS_HOME/bin/emctl start oms
    $OMS_HOME/opmn/bin/opmnctl startall
    then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
    $AGENT_HOME/bin/emctl status agent -secure
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
    Agent is secure at HTTPS Port 3872.
    Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
    OMS is secure on HTTPS Port 1159
    I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
    $AGENT_HOME/bin/emctl status agent -secure
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
    Agent is unsecure at HTTP Port 3872.
    Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
    OMS is running but has not been secured. No HTTPS Port available.
    same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

  • How to set password for a zip file and should be checked when reading that

    Hi friends,
    how to set password for a zip file and should be checked when reading that file???
    thanks.
    Praveen Reddy.J

    Heyy man, i think, u did not get my problem.
    all i have to do is:
    i have to create a zip file, and we should secure it with password when creating. and whenever the user wants to open that zip file he should provide correct passowrd otherwise he could not read that file. So, we should check for that also.
    Tanks for reply.

  • How to restrict acess to a single user for a proxy service in OSB

    how to restrict acess to a single user for a proxy service in OSB

    A.     Go to Proxy Service and Click on the Security tab
    B.     Click on Transport Acess Control Policies to Edit.
    C.     Click on Add Conditions to Restrict the users.
    D.     In the Predicate List Select the User Category
    E.     Give the User Name to which you want to give access.

  • Management Services and Repository pending state?

    I just rebuilt the repository for my EMGC(10.1.0) and everything is working fine except under unknown availability in the alert tab I have the entry "Management Services and Repository" - "Target is Temporarily in status pending state. Does anyone know what or how to get this out of the pending state? I shutdown EMGC and restarted it. I have rebooted the box, nothing seems to fix it, it has been this way for 4 days now.
    thanks
    Larry

    4 days? tried metalink yet?
    to get you started see note:
    290856.1
    If that doesn't help or you can't get anything else out of metalink, post again...

  • Error in Grid Control: Setup - Management Services and Repository - error

    Hi, sometimes , in our grid control, we could see in
    Setup -> Management Services and Repository -> errors, the following error
    OMS failover: Error in OMS status collection. ORA-20233: Invalid Target=Management Services and Repository or Metric=Management_Servlet_Status (validate_target_metric)
    How can I correct this ?
    We are in 10.2.0.5 ( with 3 management servers )
    thanks for your help
    regards,

    See the metalink note 388280.1,4487966 for solution.
    Hope this helps,
    Regards
    Click here to [ Restore and recover OCR|http://www.oracleracexpert.com/2009/08/restore-and-recover-ocr-from-backup.html]
    Click here to [Replace and repair OCR|http://www.oracleracexpert.com/2009/09/how-to-move-or-replace-and-repair-ocr.html]
    Click here to [Backup and Recover VOTE|http://www.oracleracexpert.com/2009/08/voting-disk-backup-and-recovery.htmll]
    http://www.oracleracexpert.com

  • Activating Business set function for Campus management

    Hello All,
    I am trying to activate the business set function for Campus management but ending up in error
    Invalid Status
    Business function FICAX is not in target business function set
    We are in Ehp4 and its IDES system. Do i miss any settings / configurations
    Regards,
    Anand

    Hello Tina,
    Kindly regret for delay in reply and I have sent you the mail.
    Regards,
    Anand

  • WADK components & setting used for power management with answer file for windows 8.1 ent

    hello,
    I have to deploy windows 8.1 ent device with MDT answer file related to power management  with customized  following settings:
    High performances
    sleep timeout settings
    standby or sleep and hibernate setting
    Enable critical battery task.
    But don't know 
    1. how to manage power settings using answer file (WADK) for win8.1.
    2. which OS Windows image component and setting used for power management in WADK.
    Thanks
    Richa Km

    The way I do it with my task sequences (this works with MDT as well as SCCM) is to have an exported power plan using the POWERCFG -EXPORT command.  I create a software package around the resulting *.POW file with a command do do an POWERCFG -IMPORT.
     I then issue a POWERCFG -SETACTIVE command to the GUID of the *.POW file to enable that power scheme.
    More information on the POWERCFG command can be found here:
    https://technet.microsoft.com/en-us/library/cc748940%28v=ws.10%29.aspx
    Hope that helps,
    Darth.Mongo

Maybe you are looking for