So recently I been reading about Windows privileges and all the concern about privilege escalation. Privilege escalation is a "feature" where a user/process may obtain a Windows privilege not currently held via a special request or change to an account. This is something I've looked into before, but I think its more important today then ever.
It should be well known by now the concept of Least Privilege is a key pillar in the realm of security. This means you should only have the rights to do what you need to and no more. Unfortunately we usually find 1 reason to use admin rights on computers and decide to keep things easy by always running as admin. Bad idea!
What we all should be doing is using a regular user account that has been granted the necessary privileges/permissions to use the computer as we need. So start by creating/changing an account on your computer to be a regular user. Then try to perform everything you need to as this account. When you have issues, determine what they are and grant them with as little extra rights granted.
If you use
PolicyMaker Application Security (a free install for local use) to disable all Windows privileges for iexplore.exe, you will protect your self from malware that tries to modify the system using privileges. Now, that isn't all that helpful, but you have revoked the web browsers ability to do things on your computer that it shouldn't be able to. That is the essense of Least Privilege.
So besides locking down application privileges, you can do lots of other stuff with PolicyMaker such as escalate your privileges for those apps that can't run as a regular user. This is very nice. So you can set your account as a regular user and proceed to identify those apps that have issues and place them into your local group policy to work correctly.
fyi - I did have some issues on my computer that I thought revealed an odd dependency of IE on privileges, but it appears I was wrong. I'm concerned over what I saw, but I can't explain it.