The following list describes the protected groups in Windows Server 2003:
- Account Operators
- Server Operators
- Print Operators
- Backup Operators
- Domain Admins
- Schema Admins
- Enterprise Admins
- Cert Publishers
Protected groups are defined by the operating system and cannot be unprotected. Members of protected group become protected. The result of protection is that the permissions (ACLs) of members are modified so that they no longer inherit permissions from their OU but, rather, receive a copy of an ACL that is quite restrictive.
Additional information: http://support.microsoft.com/kb/817433
Recommendation: follow best practice – use a separate account for administrative tasks.