Comment by trod1234

Personally, I'm not seeing how this can possibly have any risk-reduction from a professional standpoint.

You rely upon the permissions model not being broken, but once you have a local login, even with limited perms...a large attack surface is suddenly opened, and the nature of attack surface is the odds immediately go up that there is some piece of code running locally that will allow local priv escalation.

Its relatively simple a lot of times to either escalate local privileges, or trick a green admin to escalate privileges for the attacker (i.e. bind-mount namespaces/ebpf).

If you aren't doing a one-way offline backup, it carries the same risks as replication and all the ransomware related risks through rolling/resource exhaustion.