When providing guidance to customers about SharePoint Service accounts (lots of posts out there already, so I’m keeping this short), we end up submitting a recommend service account list (they don’t always go for them, but we do our best at trying to do the right thing).
Anyways, SharePoint Service accounts ideally will have several characteristics (beyond strong passwords, changing them regularly, etc. which are good policies) including:
- Passwords greater than 14 characters – yep, I’m a meanie
- Username length (not the UPN but the NTPre-Windows 2000 username) should be readable under 20 characters. In other words, if you submit a long username to your IT Department and they paste it in the field, a shorter username is going to get created (and often we find, it isn’t effectively communicated to us)
The following worksheet was created to help manage this. And you are welcome to it (get it here).
Enhancements you might want to make:
- I left this thing pretty plain. But you could look at implementing some conditional formatting to point out weaker passwords or account names that exceed 20 characters (edit, I’ve done the latter)