Thursday, September 30, 2010

Why do we need managed accounts in SharePoint 2010 ?

Hi All,

SharePoint 2010 shipped with a new feature called "Managed Accounts". Managed accounts is a feature that allow sharepoint farm admins and system engineers to manage service accounts/Services created for the sharepoint 2010.

For Example: you might need a service account for your application pool or different accounts for the Sandbox solutions in SharePoint. So, You have to keep those service accounts with their password in a secured file in your system. If the password for one of those accounts has been changed, the result of this your service account will stop functioning.

The solution for this comes with SharePoint 2010 that you can register your service accounts as a Managed Accounts, and you don't need then to remember the password once you register them in your farm. and also the sharepoint 2010 will take care of the password expiry policy that you have in your organization by creating a new strong password and notify you as well. At the same time you can change the managed accounts that manage the service applications/services from the central administration.

How can i register a service account in my far ? here are the steps:
1) Open Central administration.
2) Select security.
3) Select Managed accounts.
4) Type your domain username and password you would like to register.
username: DOMAINNAME\USERNAME
password: ACCOUNTPASSWORD

5) Optional, configure SharePoint to notify you if you have password expiry policy by creating new password.

Tip: This is a good practice to enable SharePoint to generate the password for you and send a notification to you. Even if you are working in an organziation with high password requirement's policy in there, you can let SharePoint change it for you automatically to keep your environment secure and you can change it after that as well.

Once you register your managed accounts in your farm, you can then change those managed accounts to different service applications in SharePoint.

How can i change the service accounts for SharePoint services?
1) Open Central Administration.
2) Select Security.
3) Select Manage Service Accounts.
4) Select the service application and the required managed account.

Tip: Once you select the service application, you will be able to assign to any managed account in your farm.

Summary: It's recomended to create your managed accounts and use it across your farm without the need to remember the password for your accounts.

Hope this helps.


Regards,
Mostafa Arafa
twitter.com/mostafaelzoghbi

No comments: