Change passwords for administration accounts and service accounts (Search Server 2008)

Applies To: Microsoft Search Server 2008

 

Topic Last Modified: 2009-05-21

Note

Unless otherwise noted, the information in this article applies to both Microsoft Search Server 2008 and Microsoft Search Server 2008 Express.

Use the procedures in this task to change the passwords for services, application pool identities, and accounts used in Search Server 2008. Domain policies often require that domain account passwords be updated periodically. This change provides additional security in case a password becomes compromised. You can configure each service, application pool identity, and account of Search Server 2008 to run as domain accounts. Because domain policy might require passwords to expire regularly, you might have to change passwords for search-related user accounts for search to continue to function properly.

Important

If the service, feature, or application pool is running as a built-in account, such as Network Service, the password does not expire and therefore does not need to be updated.
The passwords will need to be updated only if they are running under a domain account and domain policies require passwords to be updated.

Passwords for the following must be updated after the passwords are changed on the domain controller:

• SQL Server (MSSQLSERVER) service

• SQL Server Agent (MSSQLSERVER) service

• SQL Server Full Text Search (MSSQLSERVER) service

  Note

  The SQL Server services listed above are installed if the installation of Search Server uses Microsoft SQL Server 2005 or Microsoft SQL Server 2008.

• SQL Server (OFFICESERVER) service

  Note

  This service is installed only if the Search Server installation uses Microsoft SQL Server 2005 Express or Microsoft SQL Server 2008 Express.

• SharePoint Central Administration v3 application pool account

• Office SharePoint Server Search service

• The content access account for the Windows SharePoint Services Search service

• The content access account for the Office SharePoint Server Search service

• Windows SharePoint Services Search service

• Shared Services Provider application pool account

• Windows SharePoint Services Timer service

• Application pool identity for Search Server 2008

  Note

  The OfficeServerApplicationPool identity runs as the Network Service account and will not to have to be changed.

Procedures to change passwords for administrative accounts and service accounts

Note

• Some of the following procedures require that a Web application service or Windows service be restarted. This might cause services or content to be momentarily unavailable to users. Each procedure listed states what must be restarted and the possible impact on users.

• Each procedure states the level of access required to perform the procedure.

• These procedures can only be performed after the password has been changed on the domain controller. The credentials entered are checked against those on the domain controller. If you enter the new password before the password has been changed on the domain controller, an error will result and the settings will not be changed.

To change the passwords, perform the following procedures:

• Change passwords for SQL Server services (Search Server 2008)

• Change passwords for Central Administration and the Timer service (Search Server 2008)

• Change passwords for the Search service accounts (Search Server 2008)

• Change the password for the content access account (Search Server 2008)

• Change the password for the Shared Services Provider (Search Server 2008)

• Change the password for an application pool identity (Search Server 2008)

Note

If Microsoft Search Server 2008 is installed in a least-privilege configuration, use one of the following methods to enable the password to be changed:

• To change the password by using the Central Administration Web site, use the Services MMC snap-in to start the Windows SharePoint Services Administration (SPAdmin) service on all computers in the farm that are running Search Server before you update the password. Stop the SPAdmin service when the password update is complete.

• To change the password by using the Stsadm command-line tool, add the server farm account (also known as the database access account) to the Administrators group on each computer that has the query server role enabled. Log on using that account, and then use the Stsadm operation to update the password. When the password update is complete, remove the database access account from the Administrators group on each computer.

See Also

Concepts

Change the default content access account (Search Server 2008)