Actually, you can't move the Terminal app unless you ARE in admin mode. The applications folder is protected from all modification by users who are not admin level users. If you attempt to move a file it will only copy, not move. You cannot add a file to Applications or delete or rename anything in it. If you want to add an app, the system will create an Applications folder in your home user folder and add the app there... which will be unavailable to any other user on that system.
My point is that for general computer YOU should be operating as a limited user without admin privileges (you can still do some admin things if you validate them by providing your admin user name and password). This is the most secure way to operate OSX.
Right now, I am using a "standard" limited account...it does not have administrator privileges... but that is transparent to me unless I attempt to install a program or modify system settings. Any apps that attempt to modify the Applications folder or change any system settings will pop up a validation requester. Some activities won't even do that... to do them you have to actually log on as an administrator account.
I use this limited account NOT because I don't trust me... but because, someday, there may be an exploit that might be able to actually penetrate Mac security but if I am not an administrator, there is a much higher bar to leap to do any damage. While protecting the system files and apps, I can still modify the look and feel of my Mac experience as much as I want (if the admin - me - allows it)... but any changes affect only THIS Account.
Changing YOUR current Administrator Account to a STANDARD (limited) Account
For those who may not know how to change your current account to a "limited" account and keep your current documents and settings, but still have the ability to administer the computer, here is how it is done:
Enter System Preferences under the Blue Apple and select "Accounts". If it is locked, unlock it by clicking on the padlock on the bottom right and providing your admin user name and password. Then click on the "+" button in the Accounts window. This will create a new user. Give it a name (Admin will do but it is a bit obvious) and then create a HARDENED password for it... use the password tool (click on the key button) and keep trying passwords that use numbers, upper and lower case, and symbols until you get the bar a nice bright green (red is bad). Make sure it is one you WILL not forget. Then click on the button that says "Allow user to administer this computer."Now, log off your current administrator account you've been living in...
Then log back in using your new administrator account. It won't be pretty... just the basic beginning OSX screen and Dock... no pictures, nothing customized... but then you won't be living here. Go to System Preferences again and unlock it if necessary with your new account name and password. Select your old Account and UNCHECK the "Allow Account to administer this computer."
I would set the log-in Options (bottom of the Accounts Window) to allow fast user switching.
Then LOCK the Accounts preference pane.
Log off your new Administrator Account and log back in to your normal account... which will now be a limited account with all your settings and permissions (somewhat limited) and documents untouched.
Use the Administrator Account for software updates and installing new apps you want all users to have access to and to add or modify users... everything else works fine in the limited account you are used to.
Note that there is one more level in OSX above Administrator... called Root. Root is deactivated by default. Root level access is the level most Windows users live in by default... and why it is so easy to damage a Windows installation if Malware gets access to the Windows user's access level. Root can do everything including modifying or deleting the OS.
bump for later read