I've been somewhat lax in my postings on least privilege of late, in part because I've been pretty pleased with what I've been seeing in Windows Vista for low privilege, which we call the User Access Control (UAC) feature. UAC allows you to run as either a low-privileged user or as what's called protected admin, and be prompted automatically for either credentials or consent when you need to accomplish a task requiring elevated privileges.
While it's a cool feature set, and a huge improvement over the way LUA works in XP, we've gotten a good deal of feedback that the number of prompts users are receiving are too high. The good news is that the team responsible is working on making this better. They put together a Q & A in this post to let folks know what they're doing to address the concerns they've heard.