What are the five built in groups in Windows Server 2008?

Here is the list of well known security identifiers.

These following groups are present on the local computer and are typically used for administering your system.

• SID: S-1-5-32-544 – Name: Administrators – Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group.
• SID: S-1-5-32-548 – Name: Account Operators – Description: A built-in group that exists only on domain controllers. By default, the group has no members. By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and computers in all containers and organizational units of Active Directory except the Builtin container and the Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.
• SID: S-1-5-32-549 – Name: Server Operators – Description: A built-in group that exists only on domain controllers. By default, the group has no members. Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.
• SID: S-1-5-32-550 – Name: Print Operators – Description: A built-in group that exists only on domain controllers. By default, the only member is the Domain Users group. Print Operators can manage printers and document queues.
• SID: S-1-5-32-551 – Name: Backup Operators – Description: A built-in group. By default, the group has no members. Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to the computer and shut it down.

In a domain environment these groups are present, and are used for administrative purposes.

• SID: S-1-5-21domain-512 – Name: Domain Admins – Description: A global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created by any member of the group.
• SID: S-1-5-21root domain-518 – Name: Schema Admins – Description: A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make schema changes in Active Directory. By default, the only member of the group is the Administrator account for the forest root domain.
  • SID: S-1-5-21root domain-519 – Name: Enterprise Admins – Description: A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make forest-wide changes in Active Directory, such as adding child domains. By default, the only member of the group is the Administrator account for the forest root domain.
  • SID: S-1-5-21domain-520 – Name: Group Policy Creator Owners – Description: A global group that is authorized to create new Group Policy objects in Active Directory. By default, the only member of the group is Administrator.