In my first and second blog posts in this series, I explained how limiting the power of user and admin accounts by controlling permissions and GPOs reduces the usefulness of those accounts to attackers — a key step in mitigating the insider threat. Now…