Running Windows Under Non-Admin Accounts
Having your users log into windows under a non-admin account has always been a big challenge for us, the system administrators. Even if there are some security benefits in having people use restricted accounts, the problems caused by this are often bad enough to discourage most organization to include this security measure into their IT policy. Fortunately, there are a few workarounds to help you if you definitely need to do this. Mitch Tulloch, a popular author of several IT books, wrote an excellent article about this matter. If you have been giving some thoughts about removing all rights from your users accounts, I suggest that you read this article.
"Least privilege is more than a security principle, it’s also a lifesaver as far as the day-to-day job of administrators is concerned. Reason is, users are curious creatures and tend to push the envelope of what company policies allow and forbid them to do. Give a user local administrator privileges on their computer and they’re likely to try all sorts of things like installing additional software, changing configuration settings, and even poking around the registry to see if they can “tune” their machine to make it run better. From an administrator’s point of view however, this can be disastrous since the wrong tweak might break some application or even render their machine unusable."