Our company does something similar, an additional sa like account is created. The rationale is that the sa account is well known. The password gets periodically reset and nobody knows what it is..

I would tend to say user/pass for most instances. I would consider a different one for any server that be considered special for maybe HIPAA or PCI reasons. At some point the more servers you have the harder it is and keep in mind that those servers will probably interact with other servers or file systems it makes maintenance more and more difficult..

CEWII