Accounts used by application pools or service identities are in the local machine Administrators group.

Posted: March 20, 2012 in Security warning for SPTimerService

Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow malicious code to execute.  The following services are currently running as accounts in the machine Administrators group: SharePoint – 100 (Application Pool)
SharePoint – 107 (Application Pool)
SharePoint – 197 (Application Pool)
SharePoint Central Administration v4 (Application Pool)
FIMSynchronizationService(Windows Service)
OSearch14(Windows Service)
SPTimerV4(Windows Service)
WebAnalyticsService(Windows Service)

Browse to http://…your server Name…/_admin/FarmCredentialManagement.aspx

and change the account used for the services listed in the explanation. For more information about this rule, see “”.

Failing Services SPTimerService (SPTimerV4)


Create different service accounts to run different services as listed below.


you can also

or for more details, visit



  1. Rajen says:

    the first three must be Local System?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s