diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 020e69277e0..828601ca782 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1083,10 +1083,25 @@ todo_wine {
     SetLastError(0xdeadbeef);
     rc = AccessCheck(sd, token, DELETE, &mapping, &priv_set, &priv_set_len, &granted, &status);
     ok(rc, "AccessCheck error %d\n", GetLastError());
-todo_wine {
     ok(status == 1, "expected 1, got %d\n", status);
     ok(granted == DELETE, "expected DELETE, got %#x\n", granted);
-}
+
+    granted = 0xdeadbeef;
+    status = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
+    rc = AccessCheck(sd, token, WRITE_OWNER, &mapping, &priv_set, &priv_set_len, &granted, &status);
+    ok(rc, "AccessCheck error %d\n", GetLastError());
+    ok(status == 1, "expected 1, got %d\n", status);
+    ok(granted == WRITE_OWNER, "expected WRITE_OWNER, got %#x\n", granted);
+
+    granted = 0xdeadbeef;
+    status = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
+    rc = AccessCheck(sd, token, SYNCHRONIZE, &mapping, &priv_set, &priv_set_len, &granted, &status);
+    ok(rc, "AccessCheck error %d\n", GetLastError());
+    ok(status == 1, "expected 1, got %d\n", status);
+    ok(granted == SYNCHRONIZE, "expected SYNCHRONIZE, got %#x\n", granted);
+
     granted = 0xdeadbeef;
     status = 0xdeadbeef;
     SetLastError(0xdeadbeef);
diff --git a/server/token.c b/server/token.c
index 30320851436..d18c454aba9 100644
--- a/server/token.c
+++ b/server/token.c
@@ -1124,7 +1124,7 @@ static unsigned int token_access_check( struct token *token,
      * determined here. */
     if (token_sid_present( token, owner, FALSE ))
     {
-        current_access |= (READ_CONTROL | WRITE_DAC);
+        current_access |= (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE);
         if (desired_access == current_access)
         {
             *granted_access = current_access;