Principle of Least Privilege
The principle of least privilege requires that a user be given no more privilege than necessary to perform his job. To do this, you must first identify what the person's exact job duties are, determine the security required to perform that job, and then provide the user with the required access. If you allow users more privilege than necessary to do their job, you are creating a security risk.
The principle of least privilege also applies to how administrators should use administrative accounts. You should always login using your own user account and then, if you need to perform an administrative task, become the administrator account by using the runas command, which allows you to enter the administrator's password and assume his access.
The runas command in Windows is similar to the su (super-user) command in Unix.
Both allow you to assume the privileges of another user. To use the runas service, the secondary logon service must be running. As well as running programs with runas at the command line, you can also use the secondary login when you are running a shortcut or graphical program.
You should never login as administrator, because someone could place a script in the administrative profile or use the account after you walk off and forget to log out.
DF9R 35:: Network Infrastructure 1: Implementation and Management (c) 2009 SQA