Good point Michael. If you want any control over security you have to put in the administration time. While you can add groups or Domain Users to your SQL server, you still have to configure the access for them within SQL. So based on that I myself prefer to create application specific SQL accounts to further control security (rather then messing with NT authentication at all).