We went to individual accounts when we were at a couple dozen servers. Now that we're at a couple hundred we're very happy we did. Administrative overhead is minimal, and it can help troubleshooting. We also have separate accounts for the agent, for SSRS, SSIS, etc.

It really furthers minimum permissions granted. And if a process is error'ing out, viewing the sql error log often pinpoints the issue- the exact account having problem is highlighted there, and our precise granularity of permissions points to where the account originates.

My question is, what are people's naming conventions? Generally we prefix a service account with "svc_" and the rest depends on the application, service type, and if it's dev/test/prod. For example:

svc_dw_sql_prd

would indicate the data warehouse service account for sql server in production.

This system helps administering also because they sort logically in AD, and it can be easily scripted because it's so predictable. Knowing the application abbreviation ("dw" in the example above) let's you script the service account name and makes rolling out new servers or other tasks that much easier.

That's our one example, how are others doing naming conventions?

Cheers,

Jason