Derek Melber gives a nice rundown on securing a Windows desktop – particularly good is the piece on privilege management.
Securing your Windows desktops is not that easy, when you consider the complete list of security settings that you need to solve. In this article we are discussing two of the areas that you will need to solve: Anti-virus and privilege management. AV solutions are typically the first line of defense for an organization to protect their endpoints. AV solutions are common, trusted, and vital to protect a portion of your endpoint security issues. However, AV solutions are only as good as the latest signature file that is associated with it. AV solutions can’t find and stop new viruses, as the signature for these malicious applications are not known. Privilege management is a vital part of your endpoint security. As one of the most effective of all the endpoint security solutions, privilege management improves the overall security of your endpoint more than the other solutions being discussed. The reason is that standard users can’t cause the damage and harm that a privileged user can. Installations, malicious applications, errant configurations, etc. just don’t occur when privilege management is controlled.