Microsoft and third-party software vendors have attempted to ease the task with some (but not complete) success. Removing regular users from the built-in Administrators group proves among the most difficult tasks a security administrator can perform. Microsoft upped the ante starting with Vista by implementing a least-privilege default process. The newness of UAC, coupled with the operational interruptions it can instigate, has caused many administrators to turn it off or seek more granular products. Some products allow administrators to granularly define what programs, processes, or users can run.”]
Source: https://www.csoonline.com/article/2627741/putting-limits-on-users–privileges.html