I expect that the security decisions were made for all of the company based on the fact that the number of people that should have local admin is a subset of the people with AD accounts. I agree that most office personnel shouldn't have local admin, but if you trust someone to write code for your production servers and to be able to execute application code on said servers then MAYBE you should trust them to not nuke their primary means of employment/productivity.
Absolutely agree. And the separation of powers at bigger institutions can make things difficult. I think for the general user at the institution admin rights should be restricted. Here, for example, I had to put in a service ticket to gain admin rights, but it is only because they know me. Security vs Productivity is just an interesting dynamic to me. Information services tends to hedge more towards security at the cost of productivity while developers tend to edge towards productivity at the cost of security, from my experience.
I do enjoy the way that Windows has evolved to handle this over the way that it used to be. Just because you have local admin doesn't mean that you run everything from that privilege. Having the prompt before you run something as admin is a real benefit.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.