diff --git a/cmd/syncthing/main.go b/cmd/syncthing/main.go
index 931cb2e52..d5d94bbe7 100644
--- a/cmd/syncthing/main.go
+++ b/cmd/syncthing/main.go
@@ -941,6 +941,10 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		}
 	}
 
+	if isSuperUser() {
+		l.Warnln("Syncthing should not run as a privileged or system user. Please consider using a normal user account.")
+	}
+
 	events.Default.Log(events.StartupComplete, map[string]string{
 		"myID": myID.String(),
 	})
diff --git a/cmd/syncthing/superuser_unix.go b/cmd/syncthing/superuser_unix.go
new file mode 100644
index 000000000..eb704f8f2
--- /dev/null
+++ b/cmd/syncthing/superuser_unix.go
@@ -0,0 +1,17 @@
+// Copyright (C) 2017 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+// +build !windows
+
+package main
+
+import (
+	"os"
+)
+
+func isSuperUser() bool {
+	return os.Geteuid() == 0
+}
diff --git a/cmd/syncthing/superuser_windows.go b/cmd/syncthing/superuser_windows.go
new file mode 100644
index 000000000..60d3bf9cd
--- /dev/null
+++ b/cmd/syncthing/superuser_windows.go
@@ -0,0 +1,41 @@
+// Copyright (C) 2017 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package main
+
+import "syscall"
+
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
+const securityLocalSystemRID = "S-1-5-18"
+
+func isSuperUser() bool {
+	tok, err := syscall.OpenCurrentProcessToken()
+	if err != nil {
+		l.Debugln("OpenCurrentProcessToken:", err)
+		return false
+	}
+	defer tok.Close()
+
+	user, err := tok.GetTokenUser()
+	if err != nil {
+		l.Debugln("GetTokenUser:", err)
+		return false
+	}
+
+	if user.User.Sid == nil {
+		l.Debugln("sid is nil")
+		return false
+	}
+
+	sid, err := user.User.Sid.String()
+	if err != nil {
+		l.Debugln("Sid.String():", err)
+		return false
+	}
+
+	l.Debugf("SID: %q", sid)
+	return sid == securityLocalSystemRID
+}