the prevailing wisdom is to use a separate service account for each server with the minimum permissions required to run the service.