diff --git a/configs/windows/Agent/nanoserver/NanoServer2022.Dockerfile b/configs/windows/Agent/nanoserver/NanoServer2022.Dockerfile
index fb707acb..5451a32e 100644
--- a/configs/windows/Agent/nanoserver/NanoServer2022.Dockerfile
+++ b/configs/windows/Agent/nanoserver/NanoServer2022.Dockerfile
@@ -95,6 +95,9 @@ ENV CONFIG_FILE="C:\BuildAgent\conf\buildAgent.properties" \
 # In order to set system PATH, ContainerAdministrator must be used
 USER ContainerAdministrator
 RUN setx /M PATH "%PATH%;%JAVA_HOME%\bin;C:\Program Files\Git\cmd;C:\Program Files\dotnet"
+# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
 USER ContainerUser
 
 # Trigger first run experience by running arbitrary cmd to populate local package cache
diff --git a/configs/windows/Agent/windowsservercore/WindowsServerCore2022.Dockerfile b/configs/windows/Agent/windowsservercore/WindowsServerCore2022.Dockerfile
index 5e0b301f..568d6ce3 100644
--- a/configs/windows/Agent/windowsservercore/WindowsServerCore2022.Dockerfile
+++ b/configs/windows/Agent/windowsservercore/WindowsServerCore2022.Dockerfile
@@ -105,4 +105,7 @@ ENV CONFIG_FILE="C:\BuildAgent\conf\buildAgent.properties" \
 
 USER ContainerAdministrator
 RUN setx /M PATH ('{0};{1}\bin;C:\Program Files\Git\cmd;C:\Program Files\Mercurial' -f $env:PATH, $env:JAVA_HOME)
-USER ContainerUser
\ No newline at end of file
+# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
+USER ContainerUser
diff --git a/context/generated/windows/Agent/nanoserver/2022/Dockerfile b/context/generated/windows/Agent/nanoserver/2022/Dockerfile
index 28bfc1bc..a1e8ee08 100644
--- a/context/generated/windows/Agent/nanoserver/2022/Dockerfile
+++ b/context/generated/windows/Agent/nanoserver/2022/Dockerfile
@@ -85,6 +85,9 @@ ENV CONFIG_FILE="C:\BuildAgent\conf\buildAgent.properties" \
 # In order to set system PATH, ContainerAdministrator must be used
 USER ContainerAdministrator
 RUN setx /M PATH "%PATH%;%JAVA_HOME%\bin;C:\Program Files\Git\cmd;C:\Program Files\dotnet"
+# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
 USER ContainerUser
 
 # Trigger first run experience by running arbitrary cmd to populate local package cache
diff --git a/context/generated/windows/Agent/windowsservercore/2022/Dockerfile b/context/generated/windows/Agent/windowsservercore/2022/Dockerfile
index 616b2ff2..a646ed89 100644
--- a/context/generated/windows/Agent/windowsservercore/2022/Dockerfile
+++ b/context/generated/windows/Agent/windowsservercore/2022/Dockerfile
@@ -100,4 +100,7 @@ ENV CONFIG_FILE="C:\BuildAgent\conf\buildAgent.properties" \
 
 USER ContainerAdministrator
 RUN setx /M PATH ('{0};{1}\bin;C:\Program Files\Git\cmd;C:\Program Files\Mercurial' -f $env:PATH, $env:JAVA_HOME)
+# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
+RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
 USER ContainerUser