Sharepoint Foundation 2010
in [Windows Services]
|
Prev: Access Denied when changing email address used for Request Access
Next: Custom View Styles (VWStyle.xml)
From: achen on 8 Jul 2010 16:21 I received a critical issue from the Sharepoint Health Analyzer as below. Other than this alert, everything appears working just fine. Should I resolve this by changing the server farm account, or changing the accounts for SharePoint - 80 (Application Pool) and SPUserCodeV4(Windows Service) ? ***************************************** Title: The server farm account should not be used for other services. Severity: 1 - Error Category: Security Explanation: NT AUTHORITY\NETWORK SERVICE, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm. The following services were found to use this account: SharePoint - 80 (Application Pool) SPUserCodeV4(Windows Service) Remedy: Browse to http://{server_name}:{port}/_admin/FarmCredentialManagement.aspx and change the account used for the services listed in the explanation. For more information about this rule, see "http:// go.microsoft.com/fwlink/?LinkID=142685". Failing Services: SPTimerService (SPTimerV4) *****************************************
From: achen on 8 Jul 2010 16:54 Why I found this conflict is because according to this page: http://technet.microsoft.com/en-us/library/ee662519(printer).aspx ******************************** The server farm account is used to perform the following tasks: - Configure and manage the server farm. - Act as the application pool identity for the SharePoint Central Administration Web site. - Run the Microsoft SharePoint Foundation Workflow Timer Service. ******************************** The second one above (Application Pool) obviously is what the alert told me having problem. If the server farm was meant to do that, why does it complain?
From: achen on 8 Jul 2010 18:57
Ben, Thank you for the reply. This is a production environment, I have no problem changing the SharePoint - 80 (Application Pool) account. Two more questions: 1. Could I change it to "Local Service", or I need to register a new local / domain account to do that? When I tried changing it to the Local Service account, there is a pop-up windows saying: ***************************************************************************** To ensure that all credential caches in IIS have updated, you must run the command "IISRESET /NOFORCE" on all servers in the farm. This should be done after all credential updates have been completed. ***************************************************************************** Not knowing exactly what it might do, I didn't confirm the change. 2. How about SPUserCodeV4 windows service? Do I just change the "Log on as" account to Local System? |