Minimize User Authorizations
User accounts on all systems -- including PCs -- should only be given the minimum authorization needed to perform the assigned duties where possible. PC user accounts for day-to-day use should not have administrator privileges. Administrator user privileges are often needed to exploit vulnerabilities to infect your system. If you loan your computer to someone else, create a new user account for that person to use. When the computer is returned to you, delete that user's account.
On multi-user systems, grant access on a need-to-know basis, and remove access and user profiles when they are no longer needed.