Account name |
Role |
Domain rights |
Local SharePoint Server rights needed |
SQL rights needed |
sp_install | Used to install SharePoint binaries. | Domain User | Local administrator on all SharePoint boxes | dbcreator and securityadmin SQL roles |
sp_farm | Farm account. Used for Windows Timer Service, Central Admin and User Profile service | Domain User | Local Admin during UPS provisioning, log on locally right | None |
sp_webapp | App pool id for content web apps | Domain User | None | None |
sp_serviceapps | Service app pool id | Domain User | None | None, unless using Office Web Apps. Them must give access to content databases manually |
sp_search | Search process id | Domain User | None | None |
sp_content | Account used to crawl content | Domain User | None | None |
sp_userprofile1 | Account used by the User Profile services to access Active Directory | Must have Replicating Change permissions to AD. Must be given in BOTH ADUC and ADSIEDIT. If domain is Windows 2003 or early, must also be a member of the “Pre-Windows 2000” built-in group. | None | None |
sp_superuser2 | Cache account | Domain User | Web application Policy Full Control
Web application super account setting |
None |
sp_superreader2 | Cache account | Domain User | Web application Policy Full read
Web application super reader account setting |
None |
Please note these are just recommendations. You may be using more accounts if you multiple application pools.