We have an development team that builds applications in VB.NET 2008 and VBScript. All of these applications use SQL Server 2005 as the database. Our company is very strict about security and the normal policy is Windows Authentication for SQL Server.
Here is the question: We want to use a generic Active Directory to login to the database, how can we do this with utmost security?
The account is maintained by our team and the PCI compliant password is only known by a few key team members. With this type of control we don't have to control database access for over 1,000 users in Windows Groups. Since the application requires read/write access, we also don't have to worry about users accessing the database by other means/tools.
I really want to use this Application account. THEY really want me to manage literally 1000+ users in windows groups. I want users to be restricted in access to the database by the application. None of the users would even know what login connected to the database. THEY want me to make a case and prove it is the best way to go. Please help!