It would be great if we could just assume that companies follow that sort of policy - "unusual to give untrusted users local access accounts..."; however, you and I both know that people don't follow the "cardinal" rules. If they did, many of us would be without a job, and hackers would have a little bit more trouble hacking into systems based on mistakes made by Admins. If only...