A junior administrator is creating a new Windows user account for a contractor who only needs to run an internal reporting application. The contractor will not install software, modify system settings, or manage other users. Which built-in local group should the administrator assign the account to so that it follows the principle of least privilege?
Under the principle of least privilege, a user should receive only the permissions required to perform assigned work. Membership in the built-in Users group (a standard account) lets the contractor run installed software and save files but blocks software installation, system-wide configuration changes, and user-management tasks.
Administrators would give far more access than required.
Power Users no longer grant extra privileges by default, but adding the account to that legacy group is unnecessary when the Users group already meets the need.
Guests are too restricted and often disabled, preventing consistent access to the reporting tool.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
What tasks can a standard user in the Users group perform?
Open an interactive chat with Bash
Why is the Power Users group no longer recommended for use?