No, nothing unexpected will happen, since the system uses the SYSTEM
principal and you aren't planning to delete that.
However, what you are planning to do won't stop an administrator from modifying or removing the object. Administrators always have the SeTakeOwnershipPrivilege
privilege, which allows them to set the owner of any object to themselves (or a group to which they belong). The owner of an object change the access list arbitrarily, e.g. to remove a deny entry or allow oneself Full Control. Therefore, a determined admin would do something like this:
- Take ownership of the object
- Add those access rules back with Full Control
- Access or demolish the object as normal
You may need to enable View → Advanced Features in Active Directory Users and Computers before you're able to see the Security tab on AD objects.
Administrators can do anything.