Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In domain d, the set S of all security principal objects o that are protected is defined as follows:
(o!objectClass = group AND attribute o!groupType & GROUP_TYPE_SECURITY_ENABLED ≠ 0) OR (o!objectClass = user)
AND either
o is a member, directly or transitively, of any group in the set:
built-in well-known group with RID = DOMAIN_ALIAS_RID_ADMINS
built-in well-known group with RID = DOMAIN_ALIAS_RID_ACCOUNT_OPS
built-in well-known group with RID = DOMAIN_ALIAS_RID_SYSTEM_OPS
built-in well-known group with RID = DOMAIN_ALIAS_RID_PRINT_OPS
built-in well-known group with RID = DOMAIN_ALIAS_RID_BACKUP_OPS
built-in well-known group with RID = DOMAIN_ALIAS_RID_REPLICATOR
account domain well-known group with RID = DOMAIN_GROUP_RID_ADMINS
account domain well-known group with RID = DOMAIN_GROUP_RID_SCHEMA_ADMINS
account domain well-known group with RID = DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
OR, is one of the following well-known security principals:
of class user with RID = DOMAIN_USER_RID_ADMIN
of class user with RID = DOMAIN_USER_RID_KRBTGT
of class group with RID = DOMAIN_GROUP_RID_CONTROLLERS
of class group with RID = DOMAIN_GROUP_RID_READONLY_CONTROLLERS