Hi Paul I always run things in least privilege configuration and the only time I run the farm account as an admin is when I am:
1. Provisioning the user profile service 2. Applying a service pack or cumulative update After install I always revoke the local administrators right. The effect is a couple of DCOM fixes need to be made but for most installs that usually is about it. For a dev box I think its really important to run it this way, because otherwise something that might work perfectly fine in dev may not work when deployed to prod which is more likely to be least-privilege. regards Paul From: ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] On Behalf Of Paul Noone Sent: Tuesday, 23 August 2011 11:24 AM To: ozMOSS (ozmoss@ozmoss.com) Subject: 2010 service account warning Hi guys, We've just installed our 2010 dev farm. All we have done is provision CA, no services as yet. We are receiving the following warning: "Accounts used by application pools or service identities are in the local machine Administrators group." The more I look into this, the more perplexed I become. The opinions on whether the SP_Farm account should be in this group appear divided. But the fact is that it has to be in order to provision and install services. So what's the opinion of the list? Do you remove it after provisioning, or do you leave it where it is?? I'm also seeing a Missing server side dependencies error. I have activated the SharePoint Server Standard Site Features and SharePoint Server Enterprise Site Features for CA. I then re-analysed this rule but it's still there. Some online references suggest enabling the Search Server Web Parts parts but there's no feature matching that name. Could these messages be appearing simply because we've yet to run the Farm Config wizard? Regards, Paul
_______________________________________________ ozmoss mailing list ozmoss@ozmoss.com http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
