A user has a program that defaults to saving files in a folder in his C: drive, so he wants to have Full Control over this drive and all of its contents. What are the TWO reasons why you won't grant him this access?

It appears that the user only requires read, write, and possibly modify access to the folder on the C: drive and does not require any further access. One of the most crucial security rules in computer systems is the principle of least privilege. It states that you should only grant a user the access they need. If users have full control over the C: drive, an attacker who gains access to their account will also have full access and will be able to do a lot of damage. Additionally, limiting them to only the folder they need limits their exposure.