Saturday, November 19, 2011
SharePoint 2010 Service Accounts and permissions overview
(1) Needs to be a part of the Local Administrators group while the User profile service is being created. Once created, this account can be removed.
(2) AD Permission required by the User Profile service
(3) Required for a specific AD container when using the incoming email service.
(4) There may be a large number of these, one per entity
(5) Appropriate rights will need to be granted to this account for any EXTERNAL content being crawled (file system, shared folder, Lotus Notes, etc)
Logon as a service and Logon as a batch job is needed for the spFarm and spCrawl accounts.