> > What does this exploit let you do that you couldn't already do with a local administrator account

>There are some things that users in Administrators group still can't do. Hence the need for TrustedInstaller perms.

By "this exploit" I was referring to the exploit mentioned in the article, not whatever gp did to get trustedinstaller permissions. As far as I know I don't see why you'd need access to the SAM file to give yourself trustedinstaller permissions. You can do that yourself if you're administrator.

Also, from a security point of view there isn't much that administrators can't do. You're right that they can't directly delete certain files, but they can take ownership of any file they want and adjust the ACLs to give them the required permissions. I don't think is some sort of EoP/exploit/hack, but rather protection against accidental deletions (eg. https://news.ycombinator.com/item?id=23054506)