I discovered through word of mouth an interesting tool to control local administrator privileges: DesktopStandard's PolicyMaker Application Security. It allows your regular users to run a particular set of applications with admin permissions, or to downgrade your admin users' privileges when they carry out sensitive tasks, i.e. browsing the web or checking e-mail.
The product used to be called NeoExec--the technology is actually licensed from NeoValens, a company managed by Marco Peretti, SecureWave's "former" founder & CEO (another great publisher of Windows security software, which is based in Luxembourg too).
Update 2006/10/27: Another one bites the dust: DesktopStandard has been acquired by Microsoft. While most products will be integrated in Microsoft's GPMC or other products, PolicyMaker Application Security will be sold as Privilege Manager by BeyondTrust. I guess Microsoft left out PolicyMaker Application Security due to licensing issues (see above), and above all, because they already have a competing product in their portfolio: Protection Manager from Winternals Software.
