I take it you're still a student then. In the 25ish years I've been working in IT, I've only seen a couple networks where the user's didn't have local admin rights. Not every company has the money to pay someone to go around and update Adobe flash/reader every time it updates. The whole "don't allow software to run in the user's directory" bullshit causes tons of applications to shit itself. It's just not worth the headaches, vs the "maybe they will get a crypto virus". Sure you can set up a local admin account that the user's can use, but within a week, they'll just use that account for everything. At least this way when files on the server get encrypted, we can look at the user profiles and find the user, since it will be encrypted too. Server files get rolled back to before the trojan, and the desktop gets wiped and reimaged.
Which my adversarial-question is, why is that an advantage?
Because in this case, the host can't be compromised.