SYSTEM group in Security Properties

Posted on 2006-05-11
Last Modified: 2013-12-04
I would like to find out what the SYSTEM group is for in Security Properties for files in NTFS.  Can somebody please explain or refer me to a good site?  Main question is "What happens if I remove SYSTEM from the Security tab of a file?"


Question by:grkugel
    LVL 48

    Expert Comment

    Hi grkugel,

    the system group is actually your system itself, dont remove it it should be there

    the system needs to have access to these files for use of services etc - it is normal

    Author Comment

    Hi Jay Jay,
    This is usually what I used to do - just left SYSTEM properties unchanged.  This time, however, our engineer is using some strange software which requires that its config file is accessible by that user only.  
    Through trial-and-error and by removing first "everyone", then "administrators", etc. that config file only started to work after I removed everything except for the user himself, including SYSTEM properties.  So I'm kinda curious about what might happen now with this file and with the system as a whole.
    LVL 48

    Expert Comment

    hmm very interesting scenario! if you are removing simply on one or two directories that hold no importance other than to that of the app, then i cant see a problem, however i am not 100% sure as i always leave mine as is so as not to cause problems, trial and error is the key though if using third party tools!
    LVL 5

    Accepted Solution

    Hi  grkugel

    Sounds like they have coded the application with some security in mind by ensuring no other users could read or tamper with the config file (does it happen to contain usernames / passwords?) by making the application check the ACL of the directory.

    From a technical standpoint there is no reason for the application not to work if it has the correct access regardless of whether other users have access or not...

    Certainly for application specific directories removing the system account will not cause any issues.

    The system account should in general be left for most directories though (although if you really want to secure a machine you can experiment with reducing it's permissions on some directories).



    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now