Change the Application Pool Identity for SharePoint Central Administration (SCA)
Repeat these steps on each server which hosts the SharePoint Central Administration web application. If the web front-end (WFE) and application (APP) server roles are served by separate machines, SCA should be enabled on one APP server (or more) and stopped and/or removed from the WFE servers. This allows control over access to the SCA. The SCA service account should not be the same as that used for the SharePoint application pool so even if one is compromised, the other remains secure.
- Open a command prompt.
- Run: stsadm -o updatefarmcredentials -userlogin domain\username -password password
- Be patient. This may take a few minutes to run.
- To restart the application pool, either open IIS and recycle the application pool, or open a command prompt and type iisreset -noforce
- Open SharePoint Central Administration in a browser to confirm that the change was successful.
The above steps create an Administration Application Pool Credential Deployment timer job. You can see this in the Timer Job Definitions page. The job is complete when it no longer appears in the list of definitions (refresh the browser, this isn't automatic).