I have a fellow IT Systems Administrator who insists on logging on as the local admin instead of domain admin whenever he works on someones PC.
His reasoning is because if there is malware or a virus, the domain admin account as more access throughout the domain and it could easily affect other PC's because the domain admin account has control over the whole domain versus the local admin account only having access to the PC itself.
A virus or malware is going to affect the machine itself and anything on the network regardless if they are logged on as a domain admin or local admin.
Am I correct or does his theory hold true?
Thanks
Mike