diff --git a/src/os/user/lookup_windows.go b/src/os/user/lookup_windows.go
index f65773ced3a36d..6b12c430a9ce22 100644
--- a/src/os/user/lookup_windows.go
+++ b/src/os/user/lookup_windows.go
@@ -84,13 +84,19 @@ func getProfilesDirectory() (string, error) {
 	}
 }
 
+// isValidUserAccountType returns true if acctType is a valid type for user accounts.
+func isValidUserAccountType(acctType uint32) bool {
+	// Some built-in system accounts are classified as well-known groups instead of users.
+	return acctType == syscall.SidTypeUser || acctType == syscall.SidTypeWellKnownGroup
+}
+
 // lookupUsernameAndDomain obtains the username and domain for usid.
 func lookupUsernameAndDomain(usid *syscall.SID) (username, domain string, e error) {
 	username, domain, t, e := usid.LookupAccount("")
 	if e != nil {
 		return "", "", e
 	}
-	if t != syscall.SidTypeUser {
+	if !isValidUserAccountType(t) {
 		return "", "", fmt.Errorf("user: should be user account type, not %d", t)
 	}
 	return username, domain, nil
@@ -324,7 +330,7 @@ func lookupUser(username string) (*User, error) {
 	if e != nil {
 		return nil, e
 	}
-	if t != syscall.SidTypeUser {
+	if !isValidUserAccountType(t) {
 		return nil, fmt.Errorf("user: should be user account type, not %d", t)
 	}
 	return newUserFromSid(sid)
diff --git a/src/os/user/lookup_windows_test.go b/src/os/user/lookup_windows_test.go
new file mode 100644
index 00000000000000..f1edd03013ae80
--- /dev/null
+++ b/src/os/user/lookup_windows_test.go
@@ -0,0 +1,17 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"testing"
+)
+
+func TestLookupLocalSystem(t *testing.T) {
+	// The string representation of the SID for `NT AUTHORITY\SYSTEM`
+	const localSystemSID = "S-1-5-18"
+	if _, err := LookupId(localSystemSID); err != nil {
+		t.Fatalf("LookupId(%q): %v", localSystemSID, err)
+	}
+}