Least Privilege Security in the real world

As servers are usually considered crucial to an organization, operators are often granted limited privileges to perform a restricted set of duties. A common example of this is management of backups in remote offices. Employees responsible for backup may have limited IT knowledge, but they need to change tapes and log on to the server to check for running backup jobs. It's preferable not to assign unqualified personnel administrative privileges on a server and create an additional significant risk.

In the same way that a firewall is supplied with all inbound ports blocked (requiring an admin to specifically open individual ports for Internet traffic to traverse one of the firewall's network interfaces to the corporate intranet) modern operating systems elevate privilege only when necessary. The firewall system of all ports closed, by default where the factory configuration prevents network traffic flowing from an untrusted to trusted network, also makes the device simple to configure. Issuing a command to open one or two ports is easier than trying to shut off hundreds of ports, leaving just a few open.