Group Membership and Privileges
In order to implement the principle of least privilege, you must assign each user to a group and assign the proper privileges to the group. Many of the privileges you need to assign will be determined by the level of privileges that the user's applications require. Many old legacy applications must have direct access to hardware, so with these types of applications you must assign more privileges to users.
By doing this you are opening up access on the network, so certain, older, legacy applications running on Windows 2000 or Windows XP can actually create security issues for a network. With older legacy applications, you may have to put regular users into the Power Users group, since membership of this provides greater access to hardware devices. Recent Windows applications should keep security more intact and allow you to put regular users into the Windows Users group. This will not allow the users any more privileges than usual.
Next: Secure Local PC Systems