I once worked in an organisation which was taken over by another company, and as part of the takeover, we were all issued with new laptops.
I watched the IT guys wheel their cart around the office, replacing the old kit with new, and ticking off their checklist with each new handover.
When it came to my turn, he dutifully went though his checklist, and set me up as an admin on my new machine.
‘Wait’, I said, ‘we’re all getting admin rights on our laptops?’
‘Oh yeah’ said the IT guy, ‘it cuts down on the help desk requests if everyone can install their own stuff’.
Giving admin rights to all users leaves the company vulnerable to many security risks.
It allows a virus or attacker to spread further and do more damage to the network.
Restricting admin rights is key to limiting a cyber attack, and Microsoft have shown that up to 100% of some attacks will be prevented.
Proper planning of the business software needs, along with accepting the increased helpdesk tickets, is a small price to pay for maintaining the security of your enterprise.