The Privilege Management policies include folder includes the following policy typesbuilt-in policies:
Limit Internet Browser and Mail Clients Process Rights - This policy implements the fundamental security principle of least privilege by restricting the process rights for standard Internet browsers and mail clients. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
...
Limit Process Rights for Unclassified Applications Discovered in the Last Week - This policy implements the fundamental security principle of least privilege by restricting the process rights fro to an application. Unnecessarily running applications with using administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within an application. This policy affects applications that have been discovered locally in the last week.
User Requested Elevation Justification Policy - This policy allows users to request applications to run with Administrative Rights if they users provide a justification.