I am getting the Warning: "Accounts used by application pools or service identities are in the local machine Administrators group."
Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow
malicious code to execute. The following services are currently running as accounts in the machine Administrators group: SPUserCodeV4(Windows Service)
OSearch14(Windows Service)
SPSearch4(Windows Service)
WebAnalyticsService(Windows Service)
I understand that the users running these Windows Services must not be a local administrator of the server. The user I have assigned for the aforementioned Windows Services are in the following Groups in the SharePoint Server:
IIS_IUSRS
Performance Monitor Users
WSS_ADMIN_WPG
WSS_RESTRICTED_WPG_V4
WSS_WPG
Which group must I remove the user from?
![Alice In Chains – Sap – EP [iTunes Plus M4A]](http://is1-ssl.mzstatic.com/image/thumb/Music/47/35/c7/mzi.ljwsgbez.jpg/592x592bb.webp)
![Chad Lawson – Awakening: The Stillness Within (2026) [FLAC 24bit/48kHz]](http://imghd.xyz/images/2026/05/09/x5d03jw9bi367_600.jpg)
