What is the definition of a privileged user under section 2.19, and does the control really preclude the use of a web browser by server administrator accounts?
A privileged user will be any user who has been allocated powers within the system, which are significantly greater than those available to the majority of users. Such persons will include, for example, the system administrator and/or Network administrator. It is recommended that sys admin are given a normal user account to limit their time logged in as privileged user, and when using privileged accounts, take steps to reduce their vulnerability online. The PDF guidance notes refer to a couple of very good MSDN articles on this topic.