Post SharePoint 2013 Configuration PowerShell Script

Post SharePoint 2013 Configuration PowerShell Script

Whenever I deploy SharePoint 2013, I always use a dedicated service account for any service I configure or start. The idea is that you have each service account configured with minimum privileges granted for its purpose only and such setup will help you understand where your SharePoint environment fails in case of any error. I use the below PowerShell script more than anything every time I configure SharePoint 2013. This script will allow you to grant required database access to your web application content database(s). If you have more service applications or if you have more web applications, you will need to make slight modifications to the script. With no further introduction, I will share my script.


$urls = "http://intranet.honggyem.com","http://mysite.honggyem.com"
$superuser = "honggyem\spsuperuser"
$superreader = "honggyem\spsuperreader"
$intranetapppoolid = "honggyem\spwebapp1"
$mysiteapppoolid = "honggyem\spwebapp2"
$performancepointaccount = "honggyem\spppoint"
$accessserviceaccount = "honggyem\spaccess"
$excelserviceaccount = "honggyem\spexcel"
$visioserviceaccount = "honggyem\spvisio"
$bcsserviceaccount = "honggyem\spbcs"
$appmgmtserviceaccount = "honggyem\spappmgmt"
$workmgmtserviceaccount = "honggyem\spworkmgmt"
$count = 1
(Measure-Command {
 foreach ($url in $urls) {
  $w = Get-SPWebApplication -Identity $url
  $w.Properties["portalsuperuseraccount"] = $superuser
  $w.Properties["portalsuperreaderaccount"] = $superreader
  $w.Update()
  write-host $count "- SP Web Application Name:" $w.Name
  write-host "......Superuser account:" $w.Properties["portalsuperuseraccount"]
  write-host "......Superreader account:" $w.Properties["portalsuperreaderaccount"]

  $w.GrantAccessToProcessIdentity($intranetapppoolid)
  write-host "......Intranet Application Pool Identity account:" $intranetapppoolid

  $w.GrantAccessToProcessIdentity($mysiteapppoolid)
  write-host "......My Site Application Pool Identity account:" $mysiteapppoolid
  $w.GrantAccessToProcessIdentity($performancepointaccount)
  write-host "......PerformancePoint Service account:" $performancepointaccount
  $w.GrantAccessToProcessIdentity($accessserviceaccount)
  write-host "......Access Service account:" $accessserviceaccount
  $w.GrantAccessToProcessIdentity($excelserviceaccount)
  write-host "......Excel Service account:" $excelserviceaccount
  $w.GrantAccessToProcessIdentity($visioserviceaccount)
  write-host "......Visio Service account:" $visioserviceaccount
  $w.GrantAccessToProcessIdentity($bcsserviceaccount)
  write-host "......Business Connectivity Service account:" $bcsserviceaccount
  $w.GrantAccessToProcessIdentity($appmgmtserviceaccount)
  write-host "......App Management Service account:" $appmgmtserviceaccount
  $w.GrantAccessToProcessIdentity($workmgmtserviceaccount)
  write-host "......Work Management Service account:" $workmgmtserviceaccount
  $count++
  }
 }
)

Save the above as a .ps1 file such as GrantAccessToProcessIdentityForServiceAppsForSP2013.ps1 for your convenience. When you execute, make sure you are:

1. a farm administrator
2. a sysadmin in SharePoint DB server
3. logged into a SharePoint server and open the SharePoint PowerShell with "Run As Administrator"

Comment if you have any question or would like to know anything more in detail.