在 SharePoint Sever 中启动部署管理和服务帐户Initial deployment administrative and service accounts in SharePoint Server

适用范围: yes2013 yes2016 yes2019 无SharePoint OnlineAPPLIES TO: yes2013 yes2016 yes2019 noSharePoint Online

本文提供有关 SharePoint Server 初始部署所需的管理帐户和服务帐户的信息。若要实现生产服务器场的所有方面,还需要额外的帐户和权限。This article provides information about the administrative and service accounts that you need for an initial SharePoint Server deployment. Additional accounts and permissions are required to fully implement all aspects of a production farm.

备注

有关 SharePoint Server 2016 和2019权限的完整列表,请参阅Sharepoint server 2016 和2019中的帐户权限和安全设置For a complete list of permissions for SharePoint Servers 2016 and 2019, see Account permissions and security settings in SharePoint Servers 2016 and 2019. > 有关 SharePoint Server 2013 权限的完整列表,请参阅 SharePoint 2013 中的帐户权限和安全设置> For a complete list of permissions for SharePoint Server 2013, see Account permissions and security settings in SharePoint 2013.

重要

请勿使用包含符号 $ 的服务帐户名称,但在使用 SQL Server 的组托管服务帐户时除外。Do not use service account names that contain the symbol $ with the exception of using a Group Managed Service Account for SQL Server.

SharePoint Server 中所需的帐户Required accounts in SharePoint Server

若要在服务器场中部署 SharePoint Server,必须提供若干不同帐户的凭据。To deploy SharePoint Server on a server farm, you must provide credentials for several different accounts.

下表介绍了用于安装和配置 SharePoint Server 的帐户。The following table describes the accounts that you can use to install and configure SharePoint Server.

帐户Account 用途Purpose 要求Requirements
SQL Server 服务帐户SQL Server service account
SQL Server 服务帐户用于运行 SQL Server。它是以下 SQL Server 服务的服务帐户:The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services:
MSSQLSERVERMSSQLSERVER
SQLSERVERAGENTSQLSERVERAGENT
如果不使用默认 SQL Server 实例,则在 Windows 服务控制台中,这些服务将如下所示:If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following:
MSSQL<InstanceName>MSSQL<InstanceName>
SQLAgent<InstanceName>SQLAgent<InstanceName>
可以使用域用户帐户,也可以是首选的组托管服务帐户Use either a domain user account or preferably, a Group Managed Service Account.
如果计划备份到外部资源或从外部资源还原,则必须向适当的帐户授予对外部资源的权限。If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. 如果对 SQL Server 服务帐户使用域用户帐户或组托管服务帐户,则向该域用户帐户授予权限。If you use a domain user account or Group Managed Service Account for the SQL Server service account, grant permissions to that domain user account. 但是,如果使用 Network Service 帐户或本地系统帐户,则向计算机帐户 (<domain_name>\<SQL_hostname>) 授予对外部资源的权限。However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (<domain_name>\<SQL_hostname>).
实例名称是一个任意名称,并且是在安装 SQL Server 时创建的。The instance name is arbitrary and was created when SQL Server was installed.
服务器场管理员用户帐户Farm administrator user account
服务器场管理员用户帐户是分配给 SharePoint 管理员的唯一可识别帐户。The farm administrator user account is a uniquely identifiable account assigned to a SharePoint administrator. 它用于运行以下内容:It is used to run the following:
安装Setup
SharePoint 产品配置向导SharePoint Products Configuration Wizard
域用户帐户。Domain user account.
服务器场中每个 SharePoint 服务器上 Administrators 组的成员。Member of the Administrators group on each SharePoint server in the farm.
以下 SQL Server 角色的成员(可选): sysadmin固定服务器角色。Member of the following SQL Server role (optional): sysadmin fixed server role.
如果您运行的是影响数据库的 Windows PowerShell cmdlet,则此帐户必须是该数据库的db_owner固定数据库角色的成员,或者是 SQL 中sysadmin固定服务器角色的成员。If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database or a member of the sysadmin fixed server role on SQL.
服务器场服务帐户Farm service account
服务器场服务帐户用于执行以下任务:The farm service account is used to perform the following tasks:
充当 SharePoint 管理中心网站的应用程序池标识。Act as the application pool identity for the SharePoint Central Administration website.
运行 Microsoft SharePoint Foundation 工作流定时服务。Run the Microsoft SharePoint Foundation Workflow Timer Service.
域用户帐户。Domain user account.
在加入到服务器场中的 Web 服务器和应用程序服务器上,会自动为服务器场帐户授予其他权限。Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm.
服务器场帐户将作为 SQL Server 登录名自动添加到运行 SQL Server 的计算机上。该帐户将添加到以下 SQL Server 安全角色中:The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles:
* dbcreator固定服务器角色* dbcreator fixed server role
* securityadmin固定服务器角色* securityadmin fixed server role
* 为服务器场中的所有 SharePoint 数据库db_owner固定数据库角色* db_owner fixed database role for all SharePoint databases in the server farm
管理员不应以交互方式使用此帐户。This account should not be used interactively by an administrator.

备注

建议使用最小特权管理来安装 SharePoint Server。We recommend that you install SharePoint Server by using least-privilege administration.