When you install SharePoint, the user ID that was logged on when you perform the install becomes the SharePoint Farm Administrator. While this may be good in the short-term, what happens when you want to create additional Farm Administrators? One might think that just adding a user to the Farm Administrators group in Central Administration would be it. Well, while that's a correct step, it's not the only correct step. There are a number of steps to create a new, full-fledged Farm Administrator. Below are the steps that must be done to create new ones.
1. Create your new account to be used as a new Farm Administrator
- Either though Active Directory or on the local machine if this is a Workgroup setup
2. Make this user a Local Administrator on the SharePoint machine
3. Log onto the Database machine, fire up SQL Server Management Studio and create a new login for the new user, giving them the DBCREATOR and SECURITYADMIN Server Roles
4. Open up Central Administration and navigate to the Operations Page
5. In the Security Configuration section click the Update farm administrator's group link
6. From the action bar click New -> Add Users
7. In the Add Users page add the account of the created user and then make sure you're adding them to the Farm Administrators SharePoint Group...click <OK>
8. Next we need to add this user as one of the Site Collection Administrators for the CA Site. So from any of the CA pages navigate to Site Actions -> Site Settings
9. In the Site Settings page, in the Users and Permissions section, click the Site Collection Administrators link
10. In the Site Collection Administrators field enter the account of the user and then click <OK>.
Next we need to set up the user with access to all of the relevant SSPs on this Farm, so these next few steps are done for each SSP Administration Site. Note that this is a MOSS step as just a WSS implementation doesn't have a Shared Services Provider.
11. We need to add the new user as a Site Collection Administrator to the SSP Site (much like we previously did for the Central Administration Site). Navigate through Site Actions -> Site Settings, select the Site Collection Administrators link and then add the new user there.
12. Now we need to set up the relevant permissions for this new user, so, from the SSP Home Page in the User Profiles and My Sites section click the Personalization services permissions link
13. In the action bar click the Add Users/Groups link
14. In the Add Users/Groups page add the new user's account and give them all the permissions (check all the boxes) then click <Save>
15. Navigate back to the SSP Home Page and in the Business Data Catalog section click the Business Data Catalog permissions link
16. In the action bar click the Add Users/Groups link
17. In the Add Users/Groups page add the new user's account and give them all the permissions (check all the boxes) then click <Save>
At this point you have set up a new user that now is a full-fledged Farm Administrator. Note that you didn't have to give them SSP access if you didn't want to. If your security/administration requires different people for those roles you could set up different users for each.
As a side note, it seems like the above process would be a good candidate for a custom STSADM command. That'll be my next task. I'll post that when I get it done.
Enjoy! - M