I have a share (\\DOMAINCONTROLLER\SHARE_FOLDER) that's being served over Active Directory that's being written to by a local system's account, COMPUTERNAME$. I'm trying to make the share as restrictive as possible so that only myself and the local system's account can view or read/write anything to the share.

When looking at the share in Computer Management on the domain controller, the share, under the share permissions tab, shows up as giving Everyone Full Control, Change and Read permissions. Under the security tab, the three accounts are restricted to myself, NT AUTHORITY\SYSTEM, and COMPUTERNAME$ with full controls permissions as appropriate.

When I try to log in as a user, whether it be a local administrator, or non-privileged user, etc. and try to access \\DOMAINCONTROLLER\SHARE_FOLDER, the share shows up in \\DOMAINCONTROLLER but the accounts are locked out of the folder as appropriate.

Attempting to strip the "Everyone" permission or changing the "Everyone" permission from anything other than Full Control/Change/Read permissions in Computer Management results in COMPUTERNAME$ being unable to write (and what I presume, access) to the share. I've tried to add the specific computer account user, COMPUTERNAME$ in the share permissions tab, but it does not show up as an object. Similarly, I've tried restricting the share to only give NT AUTHORITY\SYSTEM Full Control/Change/Read permissions and the COMPUTERNAME$ account still cannot access the share.

Am I stuck with the "Everyone" permission appearing under the share permissions tab or is there a way I can get more restrictive for the share whilst not preventing COMPUTERNAME$'s access?