Limiting user privileges means limiting who can do what on a machine to what is needed to perform their role, and particularly restricting administrator privileges. It is one of the ASD’s Top 4 mitigation strategies. This may reduce the impact of an attack. An infection while operating in administrator mode, for example, easily gives the attacker our ‘keys to the kingdom’. There is also the matter of insider threat.