Been playing around with our windows templates and noticed the account used for ssh/terminal by default isnt authority\system which is the most powerful account possible on windows.

Over in our linux templates we practice least privileges by default

I think we should evolve the templates towards creating an account that belongs to the administrator groupbut that decision should not be enforced (if people want to have a windows box without any users we should permit it).

$New-LocalUser"ghuntley"-Password$Password-FullName"Geoffrey Huntley"$Add-LocalGroupMember-Group"Administrators"-Member"ghuntley"

Opening for discussion as to steps.