Share via

SharePoint 2013: Accounts used by application pools or service identities are in the local machine Administrators group.

  • Article

Environment

SharePoint 2013

Summary

  • We built a new SharePoint 2013 and started to configure user profile service application. Indeed yes we need to add Farm Account as local admin to start the first successful sync.

Error

  • You will see the below error which can be ignored safely until you fix the First Sync 'Accounts used by application pools or service identities are in the local machine Administrators group'.

Explanation

  • Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow malicious code to execute. The following services are currently running as accounts in the machine Administrators group: Innovation AppPool (Application Pool) SharePoint Central Administration v4 (Application Pool) SPTimerV4(Windows Service) AppFabricCachingService (Windows Service).

Solution

  • Remove the Farm Admin Account from the local administrator group.

Screen Shot


 
Re-analyze the issue. No More Alerts in SharePoint Health reports.