Windows has two methods for granting account privileges to access resources: permissions and user rights. User rights, provided by Microsoft, simplify administration tasks like system shutdown, driver loading, or security log management. They are similar to permissions but are not user-specific and can apply globally to anyone with the right to perform the task.
Sensitive user rights can sometimes allow users to gain elevated privileges on a system. For instance, a user who can install a driver for a device, such as a keyboard, could potentially install a malicious driver and gain administrative rights on the system. This introduces a security risk as an attacker could exploit this misconfiguration to compromise the system locally.
Avoid assigning sensitive privileges to non-administrative users and groups to prevent security risks in Active Directory. Do not disable User Account Control (UAC) feature in Windows.