We have an application that uses Windows authentication to the database. Logins are created for every new user added. External users will also be accessing this application (we have an external domain). External users will access the application through ISA via the web. I'm trying to consider all the factors (security implications/maintenance/etc) and I was hoping someone could help.
I'll give three examples:
1) When you use Windows authentication, users receive direct access to the database. When you use a service account, users have no access to the database unless they are using the application.
2) If you don't use AD groups, the logins could get cluttered with accounts (and then you have to factor in how to maintain those IDs and delete them when users don't exist anymore, etc)
3) When you move the database from one server to another, you need to create all the logins before the database is restored or else they will be orphaned.
What other implications are there or am I worrying over nothing?