Aqui está um resumo das coisas do XP (geralmente ainda corretas para novas edições):
Administrators
Adding users to the Users group is the most secure option, because the default permissions allotted to this group do not allow members to modify operating system settings or other user's data. However, user level permissions often do not allow the user to successfully run legacy applications. The members of the Users group are only guaranteed to be able to run programs that have been certified for Windows. For more information on the Certified for Windows Program, see the Microsoft Web site. As a result, only trusted personnel should be members of this group.
Ideally, administrative access should only be used to:
Install the operating system and components (such as hardware drivers, system services, and so on).
Install Service Packs and Windows Packs.
Upgrade the operating system.
Repair the operating system.
Configure critical operating system parameters (such as password policy, access control, audit policy, kernel mode driver configuration, and so on).
Take ownership of files that have become inaccessible.
Manage the security and auditing logs.
Back up and restore the system.
Users
The Users group is the most secure, because the default permissions allotted to this group do not allow members to modify operating system settings or other users' data.
The Users group provides the most secure environment in which to run programs. On a volume formatted with NTFS, the default security settings on a newly installed system (but not on an upgraded system) are designed to prevent members of this group from compromising the integrity of the operating system and installed programs. Users cannot modify systemwide registry settings, operating system files, or program files. Users can shut down workstations, but not servers. Users can create local groups, but can manage only the local groups that they created. They can run certified Windows 2000 or Windows XP Professional programs that have been installed or deployed by administrators. Users have Full Control over all of their own data files (%userprofile%) and their own portion of the registry (HKEY_CURRENT_USER).
Emphasis Added
@ A resposta do TheUser1024 é muito boa.
Note que existem outros tipos de contas de usuário disponíveis também. Source