Windows authentication seems the way to go, at least for me. But we don't allow users to access SQL-Server, only groups. And for the groups we define specific roles. These database roles define actions and objects, that they can access/perform. First step, take away all rights on the server for...