The conventional wisdom is that users should get only the minimum permissions needed to get by. But walking through the SBS 2003 add user wizard, it is very easy to assign a user to a PC / wind up making them the local admin. I don't think it spells that out all that clearly when walking through the wizards. And then if you DON'T make them the local admin, the sbs_logon_script tries to run the installs and will error out that you don't have rights. for non-techie users that you don't want them having admin rights and you don't want them getting the error to get flustered / have to call the help desk, this doesn't seem to make sense.
am I doing something wrong? Are my experiences accurate?