What makes matters worse is that there really is no equivalent of sudo in Windows, and the CLI utilities are very limited in nature. If one wants to install new software, there's no prompt to authenticate with your password -- if you are an admin, the system only presents you with a yes/no dialog box. The only way to secure a Windows environment and make it somewhat like a *nix system is by setting the hidden Administrator account password, and using a standard user account for daily tasks. If you need to install new software, you can authenticate with the admin password.
It's not a perfect solution, but unless Microsoft realizes how easy it is for malware to propagate in NT, this is the only option.