Service Accounts to be used for Sharepoint 2007 (MOSS)

One of my customers happened to ask me if we have some set of service accounts to be created (minimal) for sharepoint deployment. Following are some of them:

Following are the accounts that would be required:

SPECIAL PERMISSION ACCOUNT:

(1) Setup User Account – Used for running install and to admin server (Basically this account with do things like: Installation, Service Pack Installs, Server Maintenance, Farm Configurations, etc). Also note that this domain account has to be a LOCAL ADMIN on each every box in our Sharepoint Farm.Apart from that this account will also need DBCREATOR and SECURITYADMIN Roles on the database server.

GENERAL ACCOUNTS:

(2) Server Farm Account – Central Admin App Pool Account, Timer Service Account. This account will be used during the installation when the installation would prompt for User Account.

(3) SSP App Pool Account : This is just a domain user and SharePoint would give all the required permissions to it.

(3) SSP Service Account – All SSP services and jobs. This could be the same account as the SSP APP POOL account.

(4) MOSS Search Account – Used by search service. Also become default content access account for search. This account should only have the read access to all the web-application as it needs to crawl it.

(5) WSS Search Service Account– Used by the help system crawler. We will configure this service only once a day as this is really not need for anything.

(5) WSS Search Content Account– Used to access the data by the help system crawler. Again this can be the same account as the WSS Search Service Account.

(6) Application Pool Identities– The account used to access the content databases for the web app. Also account for w3wp.exe.

So we created only above 6 service accounts which are all just domain users and only the (1) account is the local admin on all Sharepoint box and with some special Database roles assigned.