Security principle "S-1-15-3-4096" is a built in account. Microsoft should give it a name, description and explain better. Obscurity is not good security.
Windows, starting with Vista, defines four integrity levels: Low (SID: S-1-16-4096), Medium (SID: S-1-16-8192), High (SID: S-1-16-12288), and System (SID: S-1-16-16384).
From my experience having security principle (S-1-16-4096) with rights to Favorites allows a low integrity process "IE" in protected mode to add favorites. (Adding the integrity principles to folders to allow access should be carefully considered.)
Otherwise you have to do one of these to add a favorite from the Internet zone:
- Launch IE as an admin
- set the site to something other than Internet zone
- turn off "Protected mode" in the Internet zone
All things I would recommend against as you loose some protections.
You can manually add the principle through file properties, use ICACLS, a VBScript or powershell.