So I was searching for which groups that User Access Control (UAC) removes from the default kerberos ticket. After alot of googling, and even reading the old UAC blog. So I decided to make the list myself. And not finding it I decided to build the list.
But first what is UAC?
UAC helps secure a system by removing some groups from the kerberos ticket used by Explorer.exe. When you run a program as Administrator it will run with the full kerberos ticket.
Which windows groups are removed from the default kerberos ticket?
| Removed groups | SID |
|---|---|
| Print Operators | S-1-5-32-550 |
| Administrators | S-1-5-32-544 |
| Account Operators | S-1-5-32-548 |
| Network Configuration Operators | S-1-5-32-556 |
| Pre-Windows 2000 Compatible Access | S-1-5-32-554 |
| Backup Operators | S-1-5-32-551 |
| Server Operator | S-1-5-32-549 |
| Domain Admins | S-1-5-21-domain-512 |
| Read-only Domain Controllers | S-1-5-21-domain-521 |
| Domain Controllers | S-1-5-21-domain-516 |
| Group Policy Creator Owners | S-1-5-21-domain-520 |
| Enterprise Read-only Domain Controllers | S-1-5-21-domain-498 |
| Enterprise Admins | S-1-5-21-domain-519 |
| Schema Admins | S-1-5-21-domain-518 |
| Cert Publishers | S-1-5-21-domain-517 |
| RAS and IAS Servers | S-1-5-21-domain-553 |