The Server farm account should not be used for other services

Summary: As a good practice, the account that is used to run the SharePoint 2010 Timer
service and other system services in the SharePoint farm should not be used for
other services in the farm.

Cause: The Farm Account, which is used for the SharePoint 2010 Timer service and the
Central Administration site, is highly privileged and should not be used for
other services on any computers in the server farm otherwise, that will result
in below Security error message in the Health Analyzer Central Administration.

Health Analyzer Error Details:

1

2

CONTOSO\Administrator, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm. The following services were found to use this account: Microsoft Project Server Events Service executes events triggered by changes to entities on the ProjectServer.(Windows Service)
SharePoint – 40492 (Application Pool)
Microsoft Project Server Queuing Service executes project related jobs asynchronously. Example queue jobs: Save project, publish project, submit timesheet.(Windows Service) SPSearch4(Windows Service)
Web Analytics Data Processing Service(Windows Service)

Resolution: You need to Change the Server farm account used for other services to low privileged account. This error may vary as per the services running in your environment.

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group. In this example, we have created one domain User Account with the name of “EPMSvcAccount” which is not a part of local administrative group. Follow below steps to fix above error –

     2.  Register the “EPMSvcAccount” on the SharePoint Server 2010 farm as per below snapshot:

3

3. On the Central Administration home page, click Security, and then in the General Security section, click Configure service accounts.

4. On the Service Accounts page, in the Credential Management section, in the upper drop-down  list, click the service for which you want to update credentials.

4

5. Run the IISRESET /NOFORCE on APP and WFE server.

5   6. Check in the Health analyzer you will notice the issue is fixed now.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: