Windows 7 - icacls - takeown - security - permissions - overview/general

OK. I'm beat on this one.

I played with a WindowsImageBackup folder a while back on my E partition. I have since taken 4-5 good Windows 7 System Images. I'm comparing ICACLS output from one of those WIB folder trees (G drive) to the one on my E partition. I can not figure out how to actually "mirror" the security information.

Attached are:

icaclsg.txt (this is an undisturbed WIB folder EXCEPT for a recursive TAKEOWN /Recursive to ADMIN)

icaclse.txt (this is the one I'm trying to make look like the G WIB)

I understand the OI, CI, IO, F, and I stuff. But I can NOT seem to make NT AUTHORITY/SYSTEM have its permissions to folder, subfolders and files (OI CI F). It will only do subfolders and files (OI CI IO F). Basically, NT/SYSTEM should look exactly like Backup and Admin (OI CI F) but the IO always gets put on SYSTEM.

Also, when I try, I always get repeating popups telling me "Access Denied" when I try to change the permissions for SYSTEM. I even tried giving Jim-GLH (F) access and owner of the WIB top folder also.

A general explanation as to how this should all be done would be appreciated. IOW, since there aren't many I - Inherited objects or folders, I assume permissions have to be set on every single entity?

Does a takeown simply give Admin (F) full control?

Another confusing thing is icacls may show 4 entries for a given file/folder yet on the SECURITY tab for that file/folder, there are 5 entries listed. Also, sometimes when playing around I see TWO Admins listed for a given file/folder or TWO Jims. How can one "sid" be listed more than once for a file/folder?