在 SharePoint Server 中初次部署管理帳戶和服務帳戶Initial deployment administrative and service accounts in SharePoint Server

摘要: 了解初始安裝 SharePoint Server 2013 和 SharePoint Server 2016 所需的管理和服務帳戶。Summary: Learn about the administrative and service accounts you need to initially install SharePoint Server 2013 and SharePoint Server 2016.

本文提供初始 SharePoint Server 部署所需之管理帳戶及服務帳戶的相關資訊。完整實作實際執行伺服器陣列的所有面向,需要有其他的帳戶與權限。This article provides information about the administrative and service accounts that you need for an initial SharePoint Server deployment. Additional accounts and permissions are required to fully implement all aspects of a production farm.

注意

如需 SharePoint Server 2016 權限的完整清單,請參閱<SharePoint Server 2016 中的帳戶權限及安全性設定>。 > 如需 SharePoint Server 2013 權限的完整清單,請參閱<SharePoint 2013 中的帳戶權限及安全性設定>。For a complete list of permissions for SharePoint Server 2016, see Account permissions and security settings in SharePoint Server 2016. > For a complete list of permissions for SharePoint Server 2013, see Account permissions and security settings in SharePoint 2013.

重要

請不要使用含有符號 $ 的服務帳戶名稱。Do not use service account names that contain the symbol $.

SharePoint Server 所需帳戶Required accounts in SharePoint Server

若要在伺服器陣列上部署 SharePoint Server,必須提供數個不同帳戶的認證。To deploy SharePoint Server on a server farm, you must provide credentials for several different accounts.

下表說明可用來安裝及設定 SharePoint Server 的帳戶。The following table describes the accounts that you can use to install and configure SharePoint Server.

帳戶Account 用途Purpose 需求Requirements
SQL Server 服務帳戶SQL Server service account
用來執行 SQL Server 的 SQL Server 服務帳戶。這是下列 SQL Server 服務的服務帳戶:The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services:
MSSQLSERVERMSSQLSERVER
SQLSERVERAGENTSQLSERVERAGENT
若未在 Windows 服務主控台中使用預設 SQL Server 執行個體,這些服務會顯示如下:If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following:
MSSQL<InstanceName>MSSQL<InstanceName>
SQLAgent<InstanceName>SQLAgent<InstanceName>
使用本機系統帳戶或網域使用者帳戶。Use either a Local System account or a domain user account.
若預計備份至外部資源或從外部資源還原,則必須將外部資源的權限授與適當的帳戶。若使用網域使用者帳戶做為 SQL Server 服務帳戶,請將權限授與網域使用者帳戶。但是,若使用網路服務或本機系統帳戶,請將外部資源的權限授與電腦帳戶 (<domain_name>\<SQL_hostname>)。If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (domain_name\SQL_hostname$).
執行個體名稱可以是任意名稱,並在安裝 SQL Server 時即已建立。The instance name is arbitrary and was created when SQL Server was installed.
安裝程式使用者帳戶Setup user account
安裝程式使用者帳戶可用以執行下列項目:The Setup user account is used to run the following:
安裝程式Setup
SharePoint 產品設定精靈SharePoint Products Configuration Wizard
網域使用者帳戶。Domain user account.
每部執行安裝程式之伺服器上的系統管理員群組成員。Member of the Administrators group on each server on which Setup is run.
SQL Server 之電腦上的 SQL Server 登入。SQL Server login on the computer that runs SQL Server.
下列 SQL Server 角色的成員:Member of the following SQL Server roles:
securityadmin 固定伺服器角色securityadmin fixed server role
dbcreator 固定伺服器角色dbcreator fixed server role
若執行影響資料庫的 Windows PowerShell Cmdlet,此帳戶必須是資料庫的 db_owner 固定資料庫角色成員。If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
伺服器陣列帳戶或資料庫存取帳戶Server farm account or database access account
伺服器陣列帳戶可用以執行下列工作:The server farm account is used to perform the following tasks:
設定及管理伺服器陣列。Configure and manage the server farm.
做為 SharePoint 管理中心網站的應用程式集區身分識別。Act as the application pool identity for the SharePoint Central Administration website.
執行 Microsoft SharePoint Foundation 工作流程計時器服務。Run the Microsoft SharePoint Foundation Workflow Timer Service.
網域使用者帳戶。Domain user account.
在加入伺服器陣列之網頁伺服器與應用程式伺服器上,會自動將額外權限授與伺服器陣列帳戶。Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm.
伺服器陣列帳戶會自動新增為執行 SQL Server 之電腦上的 SQL Server 登入。此帳戶並會新增至下列 SQL Server 安全性角色: The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles:
dbcreator 固定伺服器角色dbcreator fixed server role
securityadmin 固定伺服器角色securityadmin fixed server role
db_owner 固定資料庫角色,適用於伺服器陣列中的所有 SharePoint 資料庫db_owner fixed database role for all SharePoint databases in the server farm

注意

建議您使用最基本權限管理安裝 SharePoint Server。We recommend that you install SharePoint Server by using least-privilege administration.