Archives for July 2016

Reverting the AdminSDHolders changes

So everyone knows what the AdminSDHolders does. Okey lets do a short version of that too.

The AdminSDHolder is what is that then.

Well windows has a few “protected” groups and users. If you are a member of one of these protected groups, Windows will do a few things every 60 minutes by default.

  • Set the AdminCount property of a user to 1
  • Disable inheritance on the user object
  • Set the rights on the user objects to a reduced set

This is an extremely simplified version. For more information please read in the Technet article AdminSDHolder.

Users and groups that by default are managed by the AdminSDHolder

Name Type
Administrator User
Account Operators Group
Administrators Group
Backup Operators Group
Cert Publishers Group
Domain Admins Group
Domain Controllers Group
Enterprise Admins Group
Krbtgt User
Print Operators Group
Read-only Domain Controllers Group
Replicator User
Schema Admins Group
Server Operators Group
[Read more…]