Lars Nielsen's Discoveries

November 23, 2009

Installing SharePoint on Windows Server 2008

Filed under: Administration,SharePoint — Lars Nielsen @ 10:44 am

Recently I set up a set of servers for a new SharePoint 2007 farm.  It was my first attempt to install on VMWare virtual servers over Windows Server 2008.  Having slightly messed up deployments in the past I tried to do everything by the book this time round – especially getting all those accounts and permissions set up correctly.  Installation was mainly a matter of tracing through the various resources out there.  First stop was this article on how to set up SharePoint on Windows Server 2008.   And the first point to notice is you have to slipstream all the updates to SharePoint into the installation binaries before you start the install.

Basically I just followed this with a slight detour onto Plan for administrative and service accounts (Office SharePoint Server) – a great article that should be in everyone’s bookmarks.   For interest I cross-referenced the article with the pages in the SharePoint Administrators Handbook where Bill English sets out the accounts you need and it all seemed to tie up apart from the fact that some of the accounts have different names, you can work out which is which. 

The only account you actually need to get going is the SharePoint Setup User account (you log on to the server under this account to being the install) but it’s a good idea to get all the other accounts set up beforehand and get some kind of naming convention for them, put them all in an OU and keep things organised.   For the SQL Server Service Account I plumped for Local System rather than a domain account, partly because I’m not sure why you’d want a domain account and partly because we don’t use Kerberos (just haven’t got round to it).  I’d also been told by someone that the SSP application pool account should be the same as the SSP service account, to prevent a rush of errors in the event log, but I created two different accounts and it hasn’t cause any problems so far.

I also found I have to change the Content Access account when configuring SharePoint – by default SharePoint sets up the Search Service account as the Default Content Access account in the SSP.  Of course I changed this it to be the Content Access account I had already set up.  It’s important to make sure that the Content Access account has no administrator level access to any content in SharePoint.  If not, the search crawler will start to crawl unpublished content.  And also I read somewhere (can’t find a ref right now) that when you crawl a file share with a content access account that has too many privileges, the security trimming doesn’t work properly.  The best way to do this is to make that the Content Access account is not a member of anything in AD.  I wrote in the description of the account “DON’T PUT THIS IN ANY GROUPS!”  – just a warning to other admin folks who might be tempted to bump up its privilege level.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

%d bloggers like this: