Farm Install Guide – Part 1

The purpose of this post is to show the typical steps required to install and configure a medium sized SharePoint Server 2010 farm.

Other pages of this post include:

Scope

The following aspects of setup and configuration are covered in this post (the topic is comprised of multiple posts):

  • Web Server Prerequisites and Configuration
  • Creating the Service Accounts
  • Installing SharePoint Server
  • Starting Services on SharePoint Servers
  • Importing Active Directory User Accounts
  • Configuring Search

Assumptions

It is assumed that a SQL Server Cluster and Active Directory will have already been installed and configured

General Notes

It is recommended that you install SharePoint Server 2010 on a computer that has a new installation of Windows Server 2008 R2 with SP1 or later and all critical updates applied.

The account that you select for installing SharePoint Server 2010 needs to be a member of the Administrators group on every server on which you install SharePoint Server 2010.

You must install SharePoint Server 2010 on the same drive on all load-balanced front-end Web server computers.

You must use the complete installation option on all computers you want to be index servers, query servers, or servers that run Excel Calculation Services.

After you complete the installation and configuration of accounts, ensure that you do not use the local system account to perform administration tasks or to browse sites. For example, do not use the same account that is used to run setup to perform administrative tasks.

Installation Flow

Install Flow

The tables below details the various accounts required to install and configure SharePoint Server 2010.

Installation Accounts

Account Purpose Description
SQL Server service account. Used to run SQL Server. Will be the service account for the MSSQLServer and SQLServerAgent windows services. Should be either a local system or domain user account.
SharePoint Setup Account. Used to run the initial setup and SharePoint Products Configuration Wizard. Should be:

  • Domain user account
  • Member of the Administrators group on each server on which Setup is run
  • Member of the securityadmin and dbcreator SQL Server security roles.
Server farm account. Used to perform the following tasks:

  • Configure and manage server farm
  • Act as the application pool identity for the SharePoint Central Administration site
  • Run the Microsoft SharePoint Foundation Workflow Timer Service
Should be:

  • Domain user account
  • This account will be automatically granted additional permissions on the Web and Application servers that are joined to the farm.
  • The account is added to the SQL Server login on the computer that runs SQL Server with the dbcreator, securityadmin and db_owner security roles.

Additional Administrative Accounts

Account Purpose Description
SharePoint Foundation Search account. Used as the account for the SharePoint Foundation 2010 Search service. Must have domain user account permissions.

Will be automatically added to the WSS_WPG machine level group.

Granted read access to the server farm configuration and SharePoint administration content databases.

Assigned db_owner role for the SharePoint Foundation 2010 search database.

SharePoint Foundation Search content access account. Used by the SharePoint Foundation 2010 Search service to crawl content across sites. Must have domain user account permissions and must not be a member of the farm administrators group.

Granted read access to the server farm configuration and SharePoint administration content databases.

Assigned db_owner role for the SharePoint Foundation 2010 search database.

Also, a full read policy is created on all Web applications for this account.

Service Accounts

Account Purpose Description
Application pool account. Used for the application pool identity. Will be automatically added to the WSS_WPG local machine group.

Also, the following SQL permissions are automatically granted:

  • Assigned db_owner for the content databases.
  • Assigned to the WSS_CONTENT_APPLICATIONS_POOLS role associated with the farm configuration and SharePoint administration content databases.
Search service account. Used as the service account for the SharePoint Server 2010 Search service. Automatically added to the local machine WSS_WPG group.

Also assigned to the WSS_CONTENT_APPLICATIONS_POOLS SQL Server role associated with the farm configuration and SharePoint administration content databases.

Default content access account. Used within a specific service application to crawl content. Must be a domain user account and have read access to external or secure content sources that require content crawling by this account.

To be able to crawl SharePoint.

Excel Services unattended service account. Used by Excel Services to connect to external data sources that requires a username and password and are based on non-Windows operating systems. Must be a domain user account.
My Sites application pool account. Used for the identity for the My Site application pool. Must be a domain user account.

Automatically added to the local machine WSS_WPG group.

Also assigned to the WSS_CONTENT_APPLICATIONS_POOLS SQL Server role associated with the farm configuration and SharePoint administration content databases.

User Profile Sync content account. Used to host the sync content as an application pool. Must be a domain user account.

Automatically added to the local machine WSS_WPG group.

Also, the following SQL permissions are automatically granted:

  • Assigned db_owner for the content databases.
  • Assigned to the WSS_CONTENT_APPLICATIONS_POOLS role associated with the farm configuration and SharePoint administration content databases.
User Profile Sync account. Used to do the actual profile synchronization. Must be a domain user account.

Requires replicating directory changes permissions.

User Profile Sync Services account. Used to run the actual User Profile Services application. Must be a domain user account.

Continue to part two of this post.

2 comments

  1. Ernest says:

    Nicely done guide for the faint at heart!!

  2. RZoolander says:

    Excellent poast and series. Thank you for doing this. So much better than the Microsoft sites version

Leave a Reply

Your email address will not be published. Required fields are marked *


Follow

Get every new post delivered to your Inbox

Join other followers: