diff --git a/lib/core/icingaagent/getters/Get-IcingaServiceUser.psm1 b/lib/core/icingaagent/getters/Get-IcingaServiceUser.psm1
index dd867c8..0cfa064 100644
--- a/lib/core/icingaagent/getters/Get-IcingaServiceUser.psm1
+++ b/lib/core/icingaagent/getters/Get-IcingaServiceUser.psm1
@@ -6,5 +6,11 @@ function Get-IcingaServiceUser()
     }
 
     $Services    = $Services.GetEnumerator() | Select-Object -First 1;
-    return ($Services.Value.configuration.ServiceUser).Replace('.\', '');
+    $ServiceUser = ($Services.Value.configuration.ServiceUser).Replace('.\', '');
+
+    if ($ServiceUser -eq 'LocalSystem') {
+        $ServiceUser = 'NT Authority\SYSTEM';
+    }
+
+    return $ServiceUser;
 }
diff --git a/lib/core/icingaagent/tests/Test-IcingaAcl.psm1 b/lib/core/icingaagent/tests/Test-IcingaAcl.psm1
index d352260..b69cb3c 100644
--- a/lib/core/icingaagent/tests/Test-IcingaAcl.psm1
+++ b/lib/core/icingaagent/tests/Test-IcingaAcl.psm1
@@ -9,17 +9,26 @@ function Test-IcingaAcl()
         throw 'The specified directory was not found';
     }
 
-    $FolderACL   = Get-Acl $Directory;
-    $ServiceUser = Get-IcingaServiceUser;
-    $UserFound   = $FALSE;
-    $HasAccess   = $FALSE;
+    $FolderACL      = Get-Acl $Directory;
+    $ServiceUser    = Get-IcingaServiceUser;
+    $UserFound      = $FALSE;
+    $HasAccess      = $FALSE;
+    $ServiceUserSID = Get-IcingaUserSID $ServiceUser;
+
     foreach ($user in $FolderACL.Access) {
         # Not only check here for the exact name but also for included strings like NT AU or NT-AU or even further later on
         # As the Get-Acl Cmdlet will translate usernames into the own language, resultng in 'NT AUTHORITY\NetworkService' being translated
         # to 'NT-AUTORITÄT\Netzwerkdienst' for example
-        if ($user.IdentityReference -like "*$ServiceUser" -Or ($ServiceUser -Like '*NT AU*' -And ($user.IdentityReference -Like '*NT AU*' -Or $user.IdentityReference -Like '*NT-AU*'))) {
+        $UserSID = $null;
+        try {
+            $UserSID = Get-IcingaUserSID $user.IdentityReference;
+        } catch {
+            $UserSID = $null;
+        }
+
+        if ($ServiceUserSID -eq $UserSID) {
             $UserFound = $TRUE;
-            if ($user.FileSystemRights -Like '*Modify*' -And $user.FileSystemRights -Like '*Synchronize*') {
+            if (($user.FileSystemRights -Like '*Modify*' -And $user.FileSystemRights -Like '*Synchronize*') -Or $user.FileSystemRights -like '*FullControl*') {
                 $HasAccess = $TRUE;
             }
         }
diff --git a/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1 b/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1
index 9631291..6b53163 100644
--- a/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1
+++ b/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1
@@ -9,6 +9,10 @@ function Test-IcingaAgentServicePermission()
     $SystemContent     = Get-IcingaAgentServicePermission;
     [bool]$FoundSID    = $FALSE;
 
+    if ($ServiceUser -eq 'NT Authority\SYSTEM') {
+        return $TRUE;
+    }
+
     if ([string]::IsNullOrEmpty($ServiceUser)) {
         if (-Not $Silent) {
             Write-IcingaTestOutput -Severity 'FAILED' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed';
diff --git a/lib/core/tools/Get-IcingaUserSID.psm1 b/lib/core/tools/Get-IcingaUserSID.psm1
index 422d784..1a55a54 100644
--- a/lib/core/tools/Get-IcingaUserSID.psm1
+++ b/lib/core/tools/Get-IcingaUserSID.psm1
@@ -4,6 +4,10 @@ function Get-IcingaUserSID()
         [string]$User
     );
 
+    if ($User -eq 'LocalSystem') {
+        $User = 'NT Authority\SYSTEM';
+    }
+
     [string]$Username = '';
     [string]$Domain   = '';