A list of recommended MOSS Service Accounts

Account Type
Purpose
Account Name
MOSS Farm Account

Server Farm Account. This account needs some SQL permissions granting: dbcreator and security admin (do not grant this account SA!). If using ADACM this is the account used for creating objects in the OU specified – so you’ll need to delegate permissions on the OU to this user.

svcMOSSFarm1
MOSS App Pool Identity for the any MOSS Web App Application Pool(s). A separate process identity should be used for each content Web App (this allows for greater security and auditing). Using the site name in the naming is not advisable as although this may make troubleshooting and auditing easier it reduces security by showing the relationship between App Pools and Web Apps.

svcMOSSAppPool1
svcMOSSAppPool2
svcMOSSAppPool3

SSP Service Account SSP service account svcMOSSSSP1
SSP App Pool Identity for the SSP Web App Application Pool svcMOSSSSPAppPool1
MOSS Search Account under which the Office SharePoint Server Search runs under. svcMOSSSearch1
MOSS Content Access Account used to access content sources to be crawled and indexed. Need to grant this account permission to any NON-MOSS content sources (e.g. NTFS file share, Exchange public folder, websites etc…)Separate accounts may be configured for access to specific content sources using crawl rules. svcMOSSCrawl1
User profile & Properties Access Account Account used to access Active Directory for the Profile import svcMOSSDSA1
WSS Search Account which the Windows SharePoint Services Search service runs under. Due to the fact the Office SharePoint Server Search service is running this will only index the WSS Help files. svcMOSSWSSSearch1
WSS Content Access Account used by WSS search service to crawl content. svcMOSSWSSCrawl1
MOSS Install Account Account used to install MOSS and perform all the required configuration changes.As this account will be used to install and configure the SharePoint servers it must be granted local admin on all farms members and have permissions to the SQL instance.This account can be disabled after installation and configuration is complete (it is not advised to delete it). svcMOSSInstall1
SQL Services Used to run MS SQL Services

svcSQLSVC1
svcSQLRS1
svcSQLAS1

 

This list is copied from Matt Grove, thanks Matt.

To make the creation of these accounts easy, I have created a VBS script that does the job.

Option Explicit
' =====================================================
' Author:        Magnus Johansson
' Create date:   12.08.2009
' Description:   Creates services acounts for the MOSS VPC
' File Name:     CreateMOSSServiceAccounts.vbs
' =====================================================
Dim strComputer
' Set the local computer name
strComputer = "."
' Run the Load method
Load
Sub Load()
Dim strPassword
strPassword = "Pa$$word"
' Create the service accounts
CreateUser "svcMOSSFarm1", strPassword, "MOSS Farm Account"
CreateUser "svcMOSSAppPool1", strPassword, "MOSS App Pool 1"
CreateUser "svcMOSSAppPool2", strPassword, "MOSS App Pool 2"
CreateUser "svcMOSSAppPool3", strPassword, "MOSS App Pool 3"
CreateUser "svcMOSSSSP1", strPassword, "MOSS SSP Service Account"
CreateUser "svcMOSSSSPAppPool1", strPassword, "MOSS SSP App Pool"
CreateUser "svcMOSSSearch1", strPassword, "MOSS Search"
CreateUser "svcMOSSCrawl1", strPassword, "MOSS Content Access"
CreateUser "svcMOSSDSA1", strPassword, "User profile & Properties Access Account"
CreateUser "svcMOSSWSSSearch1", strPassword, "WSS Search"
CreateUser "svcMOSSWSSCrawl1", strPassword, "WSS Content Access"
CreateUser "svcMOSSInstall1", strPassword, "MOSS Install Account"
CreateUser "svcSQLSVC1", strPassword, "SQL Services SQL Server"
CreateUser "svcSQLRS1", strPassword, "SQL Services SQL Reporting Services"
CreateUser "svcSQLAS1", strPassword, "SQL Services SQL Analysis Services"
MsgBox "Complete!"
End Sub
' Create the local user
Sub CreateUser(userName, password, description)
Dim objComputer
Dim objUser
' Check to see if the user exists; if so, then skip
If NOT CheckIfUserExists(userName) Then
Set objComputer = GetObject("WinNT://" & strComputer & "")
Set objUser = objComputer.Create("user", userName)
objUser.SetPassword password
objUser.FullName = userName
objUser.Description = description
objUser.Put "UserFlags", 65600 ' Sets Password Never Expires to TRUE
' and sets User Can't Change Password to TRUE
objUser.SetInfo
Else
MsgBox userName & " already exists!"
End If
End Sub
' Check to see if user exists
Function CheckIfUserExists(userName)
Dim objComputer
Dim intFound
Dim User
Set objComputer = GetObject("WinNT://" & strComputer & "")
objComputer.Filter = Array("user")
intFound = 0
For Each User In objComputer
If lcase(User.Name) = lcase(userName) Then
intFound = 1
End If
Next
If intFound = 1 Then
CheckIfUserExists = True
Else
CheckIfUserExists = False
End If
End Function

 

Then, follow a guide to install a complete MOSS setup.