system
6
I think the general thinking is that it will prevent other malicious code from taking over the server completely, if an admin accidentally runs something while performing maintenance or etc…
But I tend to agree with you, the cost / benefit for doing so is questionable since the application integrity, application data and application performance are the only things that really matter… I’ve heard a lot of “heated discussion” over this topic, everyone has an opinion, I’m not sure if you will ever see 100% consensus one way or the other.