[lurker458]

local admin on windows is similar to having sudo rights on linux. It can be used to access personal files and running sessions of other users on the same machine, to install malware that will affect other users, to change drivers, to block AV or GPO policies from being applied to protect them, etc.

[delfinom]

Local admin just makes the life of IT guys more difficult. It's why we don't give it out to your typical "worker drone" employees because they'll manage to install many flash players that want to admin escalate....

[AnIdiotOnTheNet]

I've found the opposite, that for the most part people just want to be able to do their job and sometimes they need administrator rights for that, and it is incredibly annoying and frictionful if they need to contact IT every time. Since workstations are almost always 1:1, we don't consider whatever advantages local admin might provide an attacker to be worth the extra friction caused by disallowing it.