SharePoint 2010 admin and service account requirements?

Question

This technet article http://technet.microsoft.com/en-us/library/cc263445.aspx describes the accounts required for a SharePoint 2010 installation. I've always followed this and my clients have never had issues creating so many accounts for a SharePoint installation.

Now this one client has a network administrator who wants to make do with the 3/4 accounts he's already got created for some other SharePoint installation done by a different vendor.

He's argument is that it reduces the number of accounts that must be managed as he is the only one looking after their network and infrastructure.

I think that once created, these accounts don't need to be managed at all and if they do, then this can be done via Central Admin managed accounts section.

Can you guys let me know what the drawbacks are of using one account for say the search services and search content access?

Answer 1

Somethings that come to mind are

1. Troubleshooting is difficult. When you're scanning logs in a single server farm (with a SQL backend) you'll see the same generic account being used. Where as if you had a seperate account for each service, you'd know exactly where to start looking.
2. If you're using kerberos, that could be a PITA delegation wise and a security hole IMO
3. One account gets locked out, everything goes down...
4. Thinking about it more, theres plenty of other security issues, namely onece the account is comprimised, they have the keys to your sharepoint farm and anywhere else that account has access.

Me personally, I have a service account for each sharepoint service as reccomended by MS. I manage a 2000 user account active directory (i know that's small), so honestly, what's 4 more?

The key for your client, is to have a good way of keeping track of the usernames/passwords and knowing what the user accounts are used for. Sounds more like a managment issue, than a technical one IMO.