The farm passphrase is a new security feature in SharePoint Foundation
2010. Similar to a password, it is created as part of the initial
creation of a SharePoint farm (or as a part of upgrade). The passphrase
is created during PSConfig portion of SharePoint installation. It is
then only required for adding additional servers to the farm.
In addition to a somewhat added layer of security, the farm passphrases main function is that it is used to encrypt the credentials for the farm administrator and other “managed accounts.” Using the new managed accounts feature is optional and the details surround its use will be covered in detail in another module. Just Keep in mind that managed accounts are similar to traditional service accounts except they are managed by SharePoint. Because the credentials for these managed accounts can be encrypted by SharePoint, SharePoint also now has the capability to access account credentials and use them. For example when creating a new Web application, an administrator can select and associate a managed account to the Web application without having to know the password for that managed account. Using the encryption key created using the farm passphrase, SharePoint will be able to decrypt the credentials for any managed account. Administrators will thus potentially not have to know the passwords for any accounts managed by SharePoint, which can be a big plus in a least privileged security environment.
In addition to a somewhat added layer of security, the farm passphrases main function is that it is used to encrypt the credentials for the farm administrator and other “managed accounts.” Using the new managed accounts feature is optional and the details surround its use will be covered in detail in another module. Just Keep in mind that managed accounts are similar to traditional service accounts except they are managed by SharePoint. Because the credentials for these managed accounts can be encrypted by SharePoint, SharePoint also now has the capability to access account credentials and use them. For example when creating a new Web application, an administrator can select and associate a managed account to the Web application without having to know the password for that managed account. Using the encryption key created using the farm passphrase, SharePoint will be able to decrypt the credentials for any managed account. Administrators will thus potentially not have to know the passwords for any accounts managed by SharePoint, which can be a big plus in a least privileged security environment.