NT Service\TrustedInstaller and NT Service\System returns An object (User, Service Account, or Group) with following name cannot be found.

James Burgess 1 Reputation point
2021-12-09T23:35:39.86+00:00

Why does NT Service\TrustedInstaller and NT Service\System returns An object (User, Service Account, or Group) with following name cannot be found. NT Service\System or NT Service\TrustedInstaller does not matter which one I am trying to set folder permissions using Group Policy Management Editor? The rest of the message says Check the selected object types and locations for accuracy and ensure that you have typed the object name correctly, or remove this object from the selection.
This is on a Windows 2016 server Standard and has STIGs applied to it. I am trying to set the C:\ and C:\Windows to be compliant with a STIG. I have tried running the Group Policy Management Editor as Administrator. I am logged into the DC as a domain admin. I have tried this on both the parent and child DCs. I have read multiple post about needing to have the service account selected and what to type in for the account. No go with what I have read. I have tried the change on multiple DCs. Thank you in advance.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,922 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2021-12-09T23:53:49.017+00:00

    Might try again with just TrustedInstaller and System


  2. Limitless Technology 39,591 Reputation points
    2021-12-10T15:51:34.393+00:00

    Hi there,

    Try granting ownership to NT SERVICE\TrustedInstaller and see if this resolves your issue.

    -Right mouse button click on the file and choose Properties.
    -Click the Security tab.
    -Click the Advanced button.
    -Click the Owner tab.
    -Click the Edit button.
    -Click Other User or Group and type in NT SERVICE\TrustedInstaller.
    -Press Ok on all dialogs until all property dialogs are closed.

    Here is article as well to help you out https://learn.microsoft.com/en-gb/archive/blogs/irenak/sysk-277-how-to-bring-back-the-trustedinstaller

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--


  3. David Homer 1 Reputation point
    2023-03-24T15:58:58.8733333+00:00

    Make sure that you select the local machine (not the domain) in the "From this location" field in the account browser.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.