Archive
“User modifications to the SharePoint content database” error message when you upgrade a SharePoint Server 2007 content database to SharePoint Server 2010
The Pre-Upgrade Checker for Microsoft Office SharePoint Server 2007 is designed to verify that your existing installation of SharePoint 2007 is ready for the upgrade to SharePoint 2010. It verifies that the OS is the correct version, that there are no orphan sites or sub-sites, it verifies the web config file, the SQL database version and a host of other items.
When going to run the Pre-Upgrade Checker included with SharePoint 2007, Service Pack 2, we got a nasty little surprise. The Pre-Upgrade Checker told us that there was a problem with the database schema. Uh-oh.
It returned a potential blocking issue that our SQL database schema had some serious user modifications. It read, in part:
Potential Upgrade Blocking Issues
Issue : Content database with modified database schemas
User modifications to the SharePoint content database, including but not limited to table schemas, index, stored procedures, are not supported and will cause upgrade to future versions of SharePoint to fail. The databases in the following list seem to have been modified from the original schema:
Data Source=SERVER\SHAREPOINT;Initial Catalog=Content_Database;Integrated Security=True;Enlist=False;Connect Timeout=15
That could be a problem. We went to the logs and had a look:
[InvalidDatabaseSchema] [DEBUG] [6/14/2010 10:39:19 AM]: Checking schemas in content database Content_Database…
[DatabaseSchema] [ERROR] [6/14/2010 10:39:32 AM]: [Content_Database].[sysdiagrams] EXTRA Table
[DatabaseSchema] [ERROR] [6/14/2010 10:39:36 AM]: [Content_Database] NON EQUAL Property Tables
[SPObjectProcessor] [DEBUG] [6/14/2010 10:39:42 AM]: The rule failed.
It appeared as if there was an extra table inserted into the database, one that was not present in the original SharePoint database schema. Somehow, there was a table calledsysdiagrams that was not created by SharePoint, and it was causing a mismatch with the Pre-Upgrade Checker.
Upon a little investigation within the SQL Server, the dbo.sysdiagrams table was located at Content_Database -> Tables -> System Tables.
How was the dbo.sysdiagrams table created? A little bit of searching revealed the answer. If someone clicks on the Database Diagrams within your database, it will immediate prompt you to create the necessary objects for for database diagramming. Clicking “Yes” to this prompt will result in the creation of the dbo.sysdiagrams tables and some related stored procedures. While these don’t pose any obvious risks to SharePoint as the diagrams relate only to the database, the Pre-Upgrade Checker will throw an error if they are present.
To correct the error, and allow the Pre-Upgrade Checker to run successfully, we performed the following:
- We backed up the SharePoint_Content Database before making any changes. This is critical in case something goes wrong.
- I deleted the dbo.sysdiagrams table from Content_Database -> Tables -> System Tables
- I deleted the following stored procedures from Content_Database –> Programmability -> Stored Procedures -> System Stored Procedures
- sp_upgraddiagrams
- sp_helpdiagrams
- sp_helpdiagramdefinition
- sp_creatediagram
- sp_renamediagram
- sp_alterdiagram
- sp_dropdiagram
The screenshot below illustrates these a little better.
After deleting the table and the stored procedures, we were able to run the SharePoint Pre-Upgrade Checker and our SharePoint site passed every check.
references:
http://support.microsoft.com/kb/982579
http://selfinflictedsharepoint.blogspot.com/2010/06/sharepoint-pre-upgrade-checker-fails.html
Error After Upgrading MOSS 2007 SP1 to SP2
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.
Parser Error Message: Data at the root level is invalid. Line 1, position 1.
Source Error:
Line 1: <browsers> Line 2: <browser id="Safari2" parentID="Safari1Plus"> Line 3: <controlAdapters> |
Source File: /App_Browsers/compat.browser Line: 1
Solution
I noticed that on the server the App_Browsers folder contained a new folder beside the compat.browser file named _vti_cnf. This folder contained another compat.browser file containing some meta info. I deleted this folder and this fixed the problem.
SyncUpgradeTimerJob sleeping for 10 seconds for SharePoint 2007 SP1 or SP2 Upgrade
while upgrading to SP2 I was tripped by the fact that it took a really long time to complete the upgrade process. I checked with the upgrade.log file from C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS folder found the following line was written:
[SPManager] [DEBUG] [4/19/2008 10:51:53 AM]: SyncUpgradeTimerJob: sleeping for 10 seconds
Solution:
Set the following services to manual startup and shut them off:
World wide web service
Microsoft Single Sign-on Service
Windows Sharepoint Services Search
Restart spadmin and sptimer services
If needed: Command line with C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>psconfig.exe -cmd upgrade -inplace b2b -wait -force
Using WSPBuilder and SharePoint solution generator for Creating a List Instance in MOSS2007
In this post I am going to explain how we can make use of WSPBuilder for creating a List instance.
First we need to install SharePoint Solution Generator. You can download the same from here
http://download.microsoft.com/download/4/0/b/40b62080-6295-4d63-b396-d779fb9b4449/VSeWSSv12.exe
Now follow the steps for generating List Definition. Here I am going to create a List Definition of a List named “Configurations”
Start SharePoint solution generator
Select List Definition and click on Next button
Specify the Site Url where the list is present and click Next
Select the List and click Next
Provide a project name and path, then click Next
Click Finish
Before clicking Exit, click “Click here to open the generated solution” and click Exit
You can see the “Configurations” folder. Let it be opened. Now open visual studio and create a WSPBuilder project
Once the project is created, add a new blank feature
Now, copy the folder “Configurations” and paste it under the feature folder as shown below
Open the ListDefinition.xml file and copy the following content
Once the content is copied, paste it in the elements.xml file as shown below and delete the file “ListDefinition.xml” from visual studion project
You can also see ListInstance, make a similar entry in your elements.xml file. Also replace the FeatureId with the FeatureId specified in the feature.xml file
Now build the wsp, deploy it and activate the feature. This will add the list to the site.
Hope this was helpful!!!
Create an Ajax Web Part for MOSS2007
For creating Ajax Web part in MOSS2007, firstly we need to enable Ajax in SharePoint 2007. We need to edit web.config of the web applications of SharePoint 2007 to support AJAX.
We will add multiple sections in web.config file as the following
1- Add the following entries under <configSections>
<sectionGroup name=”system.web.extensions”type=”System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″>
<sectionGroup name=”scripting”type=”System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35″>
<section name=”scriptResourceHandler” type=”System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ requirePermission=”false” allowDefinition=”MachineToApplication” />
<sectionGroup name=”webServices” type=”System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″>
<section name=”jsonSerialization” type=”System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ requirePermission=”false” allowDefinition=”Everywhere” />
<section name=”profileService” type=”System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ requirePermission=”false” allowDefinition=”MachineToApplication” />
<section name=”authenticationService” type=”System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ requirePermission=”false” allowDefinition=”MachineToApplication” />
</sectionGroup>
</sectionGroup>
</sectionGroup
2- Add the following entries under <pages>
<controls>
<add tagPrefix=”asp” namespace=”System.Web.UI”assembly=”System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
</controls>
3- add the following entries under <compilation><assemblies>
<add assembly=”System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
4- add the following entries under <httpHandlers>
<add verb=”*” path=”*.asmx” validate=”false”type=”System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
<add verb=”*”path=”*_AppService.axd” validate=”false”type=”System.Web.Script.Services.ScriptHandlerFactory, SSystem.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
<add verb=”GET,HEAD”path=”ScriptResource.axd”type=”System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ validate=”false” />
5- add the following entries under <httpModules>
<add name=”ScriptModule” type=”System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
6- at the end of the web.config and before <configuration> add the following:
<system.web.extensions>
<scripting>
<webServices> <!– Uncomment this line to enable the authentication service. Include requireSSL=”true” if appropriate. –> <!– <authenticationService enabled=”true” requireSSL = “true|false”/> –> <!– Uncomment these lines to enable the profile service. To allow profile properties to be retrieved and modified in ASP.NET AJAX applications, you need to add each property name to the readAccessProperties and writeAccessProperties attributes.–> <!– <profileService enabled=”true” readAccessProperties=”propertyname1,propertyname2″ writeAccessProperties=”propertyname1,propertyname2″ /> –>
</webServices>
<!–<scriptResourceHandler enableCompression=”true” enableCaching=”true” /> –>
</scripting>
</system.web.extensions>
<system.webServer>
<validation validateIntegratedModeConfiguration=”false” />
<modules>
<add name=”ScriptModule” preCondition=”integratedMode”type=”System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″/>
</modules>
<handlers>
<removename=”WebServiceHandlerFactory-Integrated” />
<addname=”ScriptHandlerFactory” verb=”*” path=”*.asmx”preCondition=”integratedMode”type=”System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
<addname=”ScriptHandlerFactoryAppServices” verb=”*”path=”*_AppService.axd” preCondition=”integratedMode”type=”System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
<addname=”ScriptResource” preCondition=”integratedMode”verb=”GET,HEAD” path=”ScriptResource.axd”type=”System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
</handlers> </system.webServer>
7- add the following entry under <SafeControls> section
<SafeControl Assembly=”System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″Namespace=”System.Web.UI” TypeName=”*” Safe=”True” />
Understanding and working with the Web Part Verbs
Here, I display what are the web part verbs and how we can implement it in web part code.
Web part verb is an action rendered in the web part menu by the web part frame work as part of the chrome which rendered a rounded the web part.
The verbs can do server side or client side actions.To implement verbs in web parts we need to override verbs property.
Let us display an example about web part verbs:-
This is a simple example to illustrate the role of web verbs, I’ll add a verb called “Change Button Tile”, as below screen shoot when we click on this verb a server side handler to change button text form “Before click on verbs”
to “After click on verbs”
Here’s the implementation of Web Part Verbs
As web said above web part verb is an action which can call a client-side function or a server-side handler. Here we add server side handler.
To add Web Part Verbs as menu items, override the Verbs property of the Web Part. The Verbs property returns a read-only WebPartVerbCollection, so you will need to merge a collection of Verbs with the base.Verbs property to create a new WebPartVerbCollection
Here as I said, I have implemented a server side handler for change button title, as the following
Comparison between workflow created using SharePoint Designer and Visual Studio Designer for Windows Workflow Foundation
|
SharePoint Designer |
Visual Studio Designer for Windows Workflow Foundation. |
| Can write only sequential workflows. | Can write both sequential and state machine workflows. |
| Automatic deployment against the specific list or library against which workflow is being designed. | Can be deployed as a feature. |
| Logic is defined declaratively using Steps which comprises of Conditions and Actions | Logic could be defined through custom code written using C# or VB.NET. |
| Workflows could be associated to a specific list or library. | Workflow can be authored as Template which once deployed could be associated with any list or library. |
| Workflow modifications not possible. | Workflow modifications are possible using Modification forms built using ASP.NET or InfoPath form. |
| Workflow markup, rules all are stored as a document library on the site. | Workflows are compiled as an .NET assembly. |
| Can’t be debugged. | Debugging is possible using Visual Studio. |
| ASP.NET Forms only can be used as an input form |
ASP.NET and InfoPath Forms can be used as input forms |
How to wrap a user control inside web part using WSP Builder
How to wrap a user control inside web part using WSP Builder
Here , I describe a simple way for wrapping ASP.NET user control inside web part for deployment to SharePoint using WSP builder.
1- Create WSP Project
a- Firstly, you need to have WSP Builder Package to be deployed on your development environment.
b- Open visual studio , from File menu, select New -> Project , Select WSPBuilder from project type pane , in the name box type GSWebpart.
2- Create New WebPart with Feature
a- In visual studio, Right click on GSWebPart Project, and point to Add, and then click New Item…
b- In the Categories pane, click WSPBuilder. In the Templates pane, click Web Part Feature. In the Name box, type ConverterWebPart, and then click OK.
c- In the Feature Settings dialog, type My Web Part for the Title, A web part built using WSPBuilder for the Description and set the Scope to be Site. Click OK.
3- Adding ASP.NET Project Types to the WSPBuilder Project
a- In visual studio, right click on GSWePart Project , select unload project.
b- In visual studio, right click on GSWePart Project , select Edit project.
c- Locate the ProjectTypeGuids element and add the ASP.NET web application project type guid {349C5851-65DF-11DA-9384-00065B846F21}.
d- Save and then close the GSWePart.csproj file.
e- Right-click on the GSWePart project and select Reload Project.
f- Right-click on the GSWePart project and select Properties On the Application tab, change the Target Framework to be .NET Framework 3.5. Save the changes
4- Creating Web User Control
a- In visual studio, right click on Template Folder, then point to add then select new folder , rename it to CONTROLTEMPLATES.
b- Right click on CONTROLTEMPLATES folder , then point to add then select new folder , rename it to GSWebPart.
c- Right-click the GSWebPart folder, select Add then click New Item.
d- In the Categories pane, click Web. In the Templates pane, click Web User Control. Name the control ConverterWebPartUserControl.ascx, and then click Add.
e- Delete the CodeBehind attribute in the ConverterWebPartUserControl.ascx file. Replace the Inherits attribute with GSWebPart. ConverterWebPartUserControl, GSWebPart, Version=1.0.0.0, Culture=neutral, PublicKeyToken=[your PublicKeyToken]. The following code shows the corrected file:
f- <%@ Control Language=”C#” AutoEventWireup=”true” Inherits=” GSWebPart. ConverterWebPartUserControl, GSWebPart, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9410bf5b454f3bbd” %>
g- Open the ConverterWebPartUserControl.ascx file in the designer view. Click the Toolbox, and then add a Label using a drag-and-drop operation. Switch to the code view and rename the ID property to be MyLabel and add “SharePoint” as text property
h- Open the MyWebUserControl.ascx.cs file and the MyWebUserControl.ascx.designer.cs file. Change the namespace to GSWebPart in both files.
5- Wrapping the User Control and Connecting the Properties
This procedure demonstrates how to wrap the user control inside the web part and connect the properties between SharePoint, the web wart and the user control.
To wrap the user control and connect the properties
a- Open the ConverterWebPart.cs file.
b- Within the CreateChildControls() method, delete the single line of code under the // Your code here… comment. Enter code to load the MyWebUserControl, assign the value of MyProperty to the DisplayText property of the control and then add the control to the web part’s Controls collection. The code below demonstrates how to do this:
// Your code here…
ConverterWebPartUserControl myControl =
(ConverterWebPartUserControl)Page.LoadControl(“~/_controltemplates/MyWebPart/MyWebUserControl.ascx”);
this.Controls.Add(myControl);
c- Right-click on the MyWebPart solution and select Rebuild Solution
change service accounts and service account passwords in SharePoint Server 2007
How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0
To change the passwords for service accounts in Microsoft office SharePoint server 2007 and in Microsoft Windows SharePoint Services 3.0, we need to do steps with stsadmin commands and through Central Administration Web Site.
Let us do simulation with complete example, the following table contains farm servers
| Server Name | Server Role |
| WebFront1 | Webfrontend server, Query Server |
| WebFront2 | Webfrontend server, Query Server |
| Index1 | Host Central Administration Site, Indexer |
| SQL1 | Clustered Database |
| SQL2 |
We need to change the password for accounts that run central administration service, office SharePoint search service, and SSP.
As I mentioned in the above table, Index 1 server hosts (central administration role), also play as indexer. So we need to update services account password as the following:-
1- Update the password for the account that is used by the Central Administration application pool. To do this, follow these steps:
a- On all servers in the server farm, open a command prompt, type the following line, and then press ENTER:
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin
b- On the server that hosts the Central Administration Web site, type the following line at the command prompt, and then press ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword
c- On all other servers in the server farm, type the following line at the command prompt, and then press ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword -local
d- Restart Microsoft Internet Information Services (IIS) 6.0. To do this, type the following line at the command prompt, and then press ENTER:
iisreset /noforce
2- Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed on the Timer Job Definitions page of SharePoint 3.0 Central Administration. To do this, follow these steps:
a- Open SharePoint 3.0 Central Administration, click Operations, and then click Timer job definitions under Global Configuration.
b- Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed in the list.
Note If the Administration Application Pool Credential Deployment job definition is displayed in the list, wait until it disappears from the list.
WebFront1 and WebFront2 servers play Query Role and hosts web applications . So we need to update the password of the application pool account that is used by Web applications on the server farm, the password for the account that is used by every Shared Services Provider (SSP) on the server farm, and for the account that is used to run the Office SharePoint Server Search service as the following:-
1- Update the password for the application pool account that is used by Web applications on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm -o updateaccountpassword -userlogin DomainName\UserName -password NewPassword –noadmin
2- Update the password for the account that is used by every Shared Services Provider (SSP) on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword
3- Update the password for the account that is used to run the Office SharePoint Server Search service. To do this, type the following line at the command prompt, and then press ENTER:
stsadm.exe -o osearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
4- Update the password for the default content access account that is used by the Office SharePoint Server Search service. To do this, follow these steps:
a- Open SharePoint 3.0 Central Administration, and then click the link to the SSP Web application under Shared Services Administration.
b- Under Search, click Search settings, and then click Default content access account.
c- Specify the password to use for the content access account, and then click OK.
Refernces:-
User and Service Account (Office SharePoint Server)
User and Service Account
There are two types of installation in MOSS2007, standalone installation and server farm installation. According to your installation type selection you need to plan for administrative and service accounts.
Single server standard requirements
In case of, you are deploying to a single server computer, accounts requirements are greatly reduced. You can use a single account for all of the account purposes. In a production environment, ensure that the accounts you create have the appropriate permissions for their purposes.
| Account | Description | Single server standard requirements |
| SQL Server service account | SQL Server prompts for this account during SQL Server Setup. This account is used for the following SQL Server services:§ SQL Server (MSSQLSERVER)§ SQL Server Agent (SQLSERVERAGENT) | Local System account (default) |
| Setup user account | The user account that is used to run:§ Setup on each server computer§ The SharePoint Products and Technologies Configuration Wizard
§ The Psconfig command-line tool § The Stsadm command-line tool |
Member of the Administrators group on the local computer |
| Server farm account | This account is also referred to as the database access account.This account is:§ The identity for the application pool that hosts the SharePoint Central Administration Web site.
§ The process account for the Windows SharePoint Services Timer service. |
Network Service (default)No manual configuration is necessary. |
| SSP application pool account | Application pool identity for the shared services administration Web application. | No manual configuration is necessary. |
| SSP service account | Used by the following:§ SSP Web services for inter-server communication§ SSP Timer service to run specific types of jobs
§ Application pool identity of application pool associated with the virtual directory associated with a given SSP |
§ No manual configuration is necessary.§ This account should not be a member of the Administrators group on any computer in the server farm. |
| Office SharePoint Server Search service account | Used as the service account for the Office SharePoint Server Search service. There is only one instance of this service and it is used by all SSPs. | By default, this account runs as the Local System account.§ If you want to crawl remote content by changing the default content access account or by using crawl rules, change this to a domain user account. If you do not change this account to a domain user account, you cannot change the default content access account to a domain user account or add crawl rules to crawl this content. This restriction is designed to prevent elevation of privilege for any other process running as the Local System account. |
| Default content access account | The default account used within a specific SSP to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern. | No manual configuration is necessary if this account is only crawling local farm content. If you want to crawl remote content by using crawl rules, change this to a domain user account, and apply the requirements listed for a server farm. |
| Content access account | A specific account that is configured to access a content source. This account is optional and is specified when you create a new crawl rule. For example, content sources that are external to Office SharePoint Server (such as a file share) might require a different content access account. | Same as the SSP default content access account listed previously. |
| Profile import default access account | Used to:§ Connect to a directory service, such as the Active Directory directory service, a Lightweight Directory Access Protocol (LDAP) directory, a Business Data Catalog application, or other directory source.§ Import profile data from a directory service.
If no account is specified, the default content access account is used. If the default content access account does not have read access to the directory or directories that you want to import data from, use a different account. You can plan up to one account per directory connection. |
§ Read access to the directory service.§ If Enable Server Side Incremental is selected for an Active Directory connection and the environment is Windows 2000 Server, the account must have the Replicate Changes permission in Active Directory. This permission is not required for Windows Server 2003 Active Directory environments.§ Manage User Profiles personalization services permission.
View permissions on entities used in Business Data Catalog import connections. |
| Excel Services unattended service account | The account that Excel Calculation Services uses to connect to external data sources that require a non-Windows user name and password string for authentication. If this account is not configured, Excel Services will not attempt to connect to these types of data sources. Although the account credentials are used to connect to non-Windows data sources, the account must be a member of the domain in order for Excel Calculation Services to use it. | Must be a domain user account. |
| Windows SharePoint Services Search service account | Used as the service account for the Windows SharePoint Services Help Search service. There is only one instance of this service in a farm. | By default, this account runs as the Local System account. |
| Windows SharePoint Services Search content access account | Used by the Windows SharePoint Services Search application server role to crawl content across sites. | Must not be a member of the Farm Administrators group.The following are automatically configured:Added to the Web application Full Read policy for the farm. |
| Application pool identity | The user account that the worker processes that service the application pool use as their process identity. This account is used to access content databases associated with the Web applications that reside in the application pool. | No manual configuration is necessary.The Network Service account is used for the default Web site that is created during Setup and configuration. |
Server farm requirements
In case of, you are deploying to more than one server computer use the server farm standard requirements to ensure that accounts have the appropriate permissions to perform their processes across multiple computers.
| Account | Description | Server farm standard requirements |
| SQL Server service account | SQL Server prompts for this account during SQL Server Setup. This account is used for the following SQL Server services:§ SQL Server (MSSQLSERVER)§ SQL Server Agent (SQLSERVERAGENT) | Use either a Local System account or a domain user account.If a domain user account is used, this account uses Kerberos authentication by default, which requires additional configuration in your network environment. If SQL Server uses a service principal name (SPN) that is not valid (that is, that does not exist in the Active Directory directory service environment), Kerberos authentication fails, and then NTLM is used. If SQL Server uses an SPN that is valid but is not assigned to the appropriate container in Active Directory, authentication fails, resulting in a “Cannot generate SSPI context” error message. Authentication will always try to use the first SPN it finds, so ensure that there are no SPNs assigned to inappropriate containers in Active Directory.If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (domain_name\SQL_hostname$). |
| Setup user account | The user account that is used to run:§ Setup on each server computer§ The SharePoint Products and Technologies Configuration Wizard
§ The Psconfig command-line tool § The Stsadm command-line tool |
§ Domain user account.§ Member of the Administrators group on each server on which Setup is run.§ SQL Server login on the computer running SQL Server.
§ Member of the following SQL Server security roles:
If you run Stsadm commands that affect a database, this account must be a member of the db_owner fixed database role for the database. |
| Server farm account | This account is also referred to as the database access account.This account is:§ The identity for the application pool that hosts the SharePoint Central Administration Web site.
§ The process account for the Windows SharePoint Services Timer service. |
§ Domain user account.§ If the server farm is a child farm with Web applications that consume shared services from a parent farm, this account must be a member of the db_ownerfixed database role on the configuration database of the parent farm.Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm.
This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: § dbcreator fixed server role § securityadmin fixed server role db_owner fixed database role for all databases in the server farm |
| SSP application pool account | Application pool identity for the shared services administration Web application. | No manual configuration is necessary.The following are automatically configured:§ Membership in the db_owner role for the SSP content database.
§ Access to read from and write to the SSP content database. § Access to read from and write to content databases for Web applications that are associated with the SSP. § Access to read from the configuration database. § Access to read from the Central Administration content database. Additional permissions to front-end Web servers and application servers are automatically granted. |
| SSP service account | Used by the following:§ SSP Web services for inter-server communication§ SSP Timer service to run specific types of jobs
§ Application pool identity of application pool associated with the virtual directory associated with a given SSP |
§ Use a domain user account.§ No manual configuration is necessary. The same permissions as the SSP application pool account are automatically granted.§ This account should not be a member of the Administrators group on any computer in the server farm. |
| Office SharePoint Server Search service account | Used as the service account for the Office SharePoint Server Search service. There is only one instance of this service and it is used by all SSPs. | § Must be a domain user account.§ Should not be a member of the Farm Administrators group on the server.The following are automatically configured:
§ Access to read from the configuration database. |
| Default content access account | The default account used within a specific SSP to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern. | § Must be a domain user account.§ Must not be a member of the Farm Administrators group.§ Read access to external or secure content sources that you want to crawl by using this account.
§ For sites that are not a part of the server farm, this account must explicitly be granted Full Read permissions on the Web applications that host the sites. The following are automatically configured: Full Read permissions are automatically granted to content databases hosted by the server farm. |
| Content access account | A specific account that is configured to access a content source. This account is optional and is specified when you create a new crawl rule. For example, content sources that are external to Office SharePoint Server (such as a file share) might require a different content access account. | § Read access to external or secure content sources that this account is configured to access.For Web sites that are not a part of the server farm, this account must explicitly be granted Full Read permissions on the Web applications that host the sites. |
| Profile import default access account | Used to:§ Connect to a directory service, such as the Active Directory directory service, a Lightweight Directory Access Protocol (LDAP) directory, a Business Data Catalog application, or other directory source.§ Import profile data from a directory service.
If no account is specified, the default content access account is used. If the default content access account does not have read access to the directory or directories that you want to import data from, use a different account. You can plan up to one account per directory connection. |
§ Read access to the directory Read access to the directory service.§ If Enable Server Side Incremental is selected for an Active Directory connection and the environment is Windows 2000 Server, the account must have the Replicate Changes permission in Active Directory. This permission is not required for Windows Server 2003 Active Directory environments.§ Manage User Profiles personalization services permission.
View permissions on entities used in Business Data Catalog import connections. |
| Excel Services unattended service account | The account that Excel Calculation Services uses to connect to external data sources that require a non-Windows user name and password string for authentication. If this account is not configured, Excel Services will not attempt to connect to these types of data sources. Although the account credentials are used to connect to non-Windows data sources, the account must be a member of the domain in order for Excel Calculation Services to use it. | Must be a domain user account. |
| Windows SharePoint Services Search service account | Used as the service account for the Windows SharePoint Services Help Search service. There is only one instance of this service in a farm. |
The following are automatically configured:
|
| Windows SharePoint Services Search content access account | Used by the Windows SharePoint Services Search application server role to crawl content across sites. |
The following are automatically configured: Added to the Web application Full Read policy for the farm. |
| Application pool identity | The user account that the worker processes that service the application pool use as their process identity. This account is used to access content databases associated with the Web applications that reside in the application pool. | No manual configuration is necessary.The following are automatically configured:
Additional permissions for this account to front-end Web servers and application servers are automatically granted. |
References:-
http://technet.microsoft.com/en-us/library/cc263445%28office.12%29.aspx#Section2
ahmedmadany 