At the end of the day, you ultimately need to protect your most valuable assets – your organization's data. In escalation of privilege attacks, the compromised account or application is the vehicle that delivers the attack. This means, therefore, that your layers of defense need to be laid out so that you first prevent the compromise or at least make it very difficult. Second, you will need to implement measures to prevent the attacker from doing much with the compromised account or application.
As a security professional, you can deploy the following measures on a Windows server or workstation platform to reduce the risk and impact of privilege escalation: