Thanks guys. That's how I figured it. Will investigate the AD angle.
Regards, Paul -- Online Developer/Administrator, ICT Projects Team CEO Sydney From: [email protected] [mailto:[email protected]] On Behalf Of Paul Turner Sent: Wednesday, 10 November 2010 10:29 AM To: ozMOSS Subject: RE: Give direct permissions to service accounts in site collections Yep, you should just need a normal (non-privileged account) with no permissions set i.e. if you create a new account in AD (not from a template) then SharePoint will setup everything with the right level of access when you create the farm. You only need to make sure the account set as the Farm account has access to SQL. Regards, Paul Turner MCT, MCPD: Enterprise, MCSD, MCDBA, MCTS, MSF, Microsoft vTSP Consultant M: 0412 748 168 A: 66 Henley Beach Road, Mile End SA 5031 E: [email protected]<mailto:[email protected]> W: www.dws.com.au<http://www.dws.com.au/> This email and any files transmitted with it are confidential and are only for the use of the person to whom they are addressed. If you are not the intended recipient you have received this email in error and are requested to delete it immediately. Any opinion expressed in this e-mail may not necessarily be that of DWS Pty Ltd. Please consider the environment before printing this email. From: [email protected] [mailto:[email protected]] On Behalf Of Paul Culmee Sent: Wednesday, 10 November 2010 9:52 AM To: 'ozMOSS' Subject: RE: Give direct permissions to service accounts in site collections Hiya Usually when that happens, someone has messed with AD policies, which has removed certain account rights required by these accounts. This will show up by jacking up the level of audit logging for security events. In theory, you really shouldn't need to do site collection based permissions for SharePoint service accounts because they are governed by web application policies in central admin and the farm administrators group. If you have say, some script that runs as a service account that SharePoint is not aware of - say a backup script in powershell or VBS, then it will need to be granted access to whatever site collection it talks to but most of the time you'd still go via web application policies. But its early in the morning and I don't have a SharePoint farm to look at, so this is a Tony Abbott answer (its not gospel because I didn't write it down - oh wait - damn! :) Regards Paul From: [email protected] [mailto:[email protected]] On Behalf Of Paul Noone Sent: Wednesday, 10 November 2010 7:04 AM To: ozMOSS Subject: Give direct permissions to service accounts in site collections Hi guys, We've recently been receiving an influx of errors that may be relate to service account permissions. One of the suggestions made to me was to explicitly add and grant permissions to these accounts (including setup account) to each site collection. Apart from the time involved in fulfilling this request can anyone see any reason to do this?? It's my understanding that all these accounts have their permissions defined at the account level either at the network or system level and should not need to be manually added to a site. Kind regards, Paul Noone --------------------------------------------------- Online Developer/Administrator Information Communication and Technology Catholic Education Office, Sydney p: (02) 9568 8461 f: (02) 9568 8483 e: [email protected]<mailto:[email protected]> w: http://www.ceosyd.catholic.edu.au/
_______________________________________________ ozmoss mailing list [email protected] http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
