That is best practice. All users should use lowest authority possible when performing actions. This will greatly reduce the ability of malware to do damage if the session is running under lower authority credentials than administrator. I highly recommend, use and support this method. This is also known as the Principle of Least Privilege.