diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index 455ef1f..c467f23 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -87,6 +87,12 @@ void __stdcall __ntapi_acl_init_common_descriptor(
 				if (system_access == owner_access)
 					system_access = 0;
 
+	/* is the built-in administrators group both the owner and the group? */
+	if (!__ntapi->tt_sid_compare(owner,(nt_sid *)&sid_admins))
+		if (!__ntapi->tt_sid_compare(group,(nt_sid *)&sid_admins))
+				if (admin_access == owner_access)
+					admin_access = 0;
+
 	/* ace's */
 	ace = (nt_access_allowed_ace *)&sd->buffer;
 	ace = __acl_ace_init(ace,system_access,&sid_system,ace_flags,&ace_count);