From e39b3555e693414174677eb98c45da8964658d1c Mon Sep 17 00:00:00 2001
From: Chris Roberts <croberts@hashicorp.com>
Date: Tue, 12 Jun 2018 16:21:13 -0700
Subject: [PATCH] Disable inherit on key file for parent ACL rules

---
 .../hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1
index 04b1e327b..5d49a93db 100644
--- a/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1
+++ b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1
@@ -15,8 +15,10 @@ function Set-SSHKeyPermissions {
     # Create the new ACL we want to apply
     $NewAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
         $Principal, "FullControl", "None", "None", "Allow")
-    # Scrub all existing ACLs from the file
     $ACL = Get-ACL "${SSHKeyPath}"
+    # Disable inherited rules
+    $ACL.SetAccessRuleProtection($true, $false)
+    # Scrub all existing ACLs from the file
     $ACL.Access | %{$ACL.RemoveAccessRule($_)}
     # Apply the new ACL
     $ACL.SetAccessRule($NewAccessRule)