Since a member of the Power Users group can install and run non-certified programs, they can run a malicious program or DLL to gain administrative privileges.
The only preventions are:
- DO NOT configure any user as a member of the Power Users group.
- Only deploy certified Windows 2000 or Windows Server 2003 programs, as these DO NOT require unnecessary privileges.
See the following pages: