diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index f2d6b6b..3059cdc 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -79,6 +79,12 @@ void __stdcall __ntapi_acl_init_common_descriptor(
 		(nt_sid *)&sd->owner,
 		owner);
 
+	/* is the local system account both the owner and the group? */
+	if (!__ntapi->tt_sid_compare(owner,&sid_system))
+		if (!__ntapi->tt_sid_compare(group,&sid_system))
+				if (system_access == owner_access)
+					system_access = 0;
+
 	/* ace's */
 	ace = (nt_access_allowed_ace *)&sd->buffer;
 	ace = __acl_ace_init(ace,system_access,&sid_system,&ace_count);