NTFS Permissions - SYSTEM

11

1

Are there any possible side effects to removing permissions for SYSTEM on an NTFS directory? It is a non-system (user documents) folder. I know the obvious (i.e., that SYSTEM will no longer to be able to access it, duh :-) ).

My question is, are there any common side-effects this can have? I.e., common reasons on an average Windows system, that would require the SYSTEM account to have access? I'm thinking of things like Indexing Service here (although I don't use or care about that particular service).

user73728

Posted 2011-10-07T02:29:19.340

Reputation:

Answers

7

Most Windows services are running under the SYSTEM account. Windows Search Indexer, for example, runs under Local System account. If LocalSystem account cannot access your files, they will not be indexed / found via Windows Search.

There could be other side-effects, mostly related to the fact that many services (including third-party ones) are built with the assumption that user files are accessible to the system account.

So, in theory you can remove these permissions, but in practice you need a really good reason to do so.

haimg

Posted 2011-10-07T02:29:19.340

Reputation: 19 503

4FYI: Norton Internet Security uses the SYSTEM account as well. If you use NIS, it will not be able to scan any files in folders which the Local System account cannot access. – bwDraco – 2011-10-07T04:45:17.943

general installation? depending on the OS. I am thinking nothing good could come of it, but it would be fun to try :-) – Psycogeek – 2011-10-07T08:06:00.517

1

If the directory gives access to Administrators, then it is not necessary to give access to SYSTEM. Any access token including SYSTEM will also have Administrators.

Harry Johnston

Posted 2011-10-07T02:29:19.340

Reputation: 5 054

Asked: 2011-10-07T02:29:19.340

Viewed: 12 917 times

Active: 2019-11-04T12:27:05.510