I have two configs,

which config from a flexibility and security stand point would be better?

Authethenticating with ACS to AD

aaa authentication attempts login 2
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ none
aaa accounting system default start-stop group tacacs+
!

or

aaa authentication login default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+