Mark, "...there are a few Windows admins (and applications) out there who remove System privileges from files. (For what reasons, I cannot imagine.)"
The problem is not that admins remove the "system" account. The problem is that admins remove the "everyone" account, which includes the "system" account and is granted "full control" by default. If you remove "everyone" you MUST ADD the LOCAL "system" account back to the ACL otherwise services that run under that account will fail on access denied errors. In an NT domain, the "system" account is not available; you must change location to the local machine SAM to see it. I'm not sure how it works in Active Directory; we had AD in the lab a couple years ago, but haven't done anything with it yet. Thanks. Tab Trepagnier TSM Administrator Laitram LLC
