The Windows user accounts that developers use normally should be added to either the Users or Power Users Groups. Developers should also be added to the Debugging Group. Being a member of the Users group allows you to perform routine tasks including running programs and visiting Internet sites without exposing your computer to unnecessary risk.I am puzzled and disturbed why Microsoft suggests adding that account into Power Users' group given the result of a detail investigation of its exploit opportunities that concludes:
a determined member of the Power Users group can fairly easily make themselves full administrator using exploits in the operating system and ones created by third-party applications.With the availability of runas, /netonly option, there is no need for the default log in account to be a member of Power User. Therefore one should disregard the 'Power User' group in the recommendation.
The lesson is that as an IT administrator you shouldn’t fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user.