diff --git a/run b/run
index f891c8c..8fcc1e9 100755
--- a/run
+++ b/run
@@ -8,6 +8,21 @@ from subprocess import run
 SOURCE = os.environ.get("PLUGIN_SOURCE", ".")
 TARGET = os.environ['PLUGIN_TARGET']
 
+def apply_key_permissions(keyfile):
+    os.chmod(keyfile, 0o600)
+    if not os.name == "nt":
+        return
+
+    username = os.environ['USERNAME']
+    users_directory = "C:\\Users"
+    run(["Icacls", keyfile, "/c", "/t", "/Inheritance:d"])
+    run(["TakeOwn", "/F", keyfile])
+    run(["Icacls", keyfile, "/c", "/t", "/Grant:r", f"{username}:F"])
+    run(["Icacls", keyfile, "/c", "/t", "/Remove:g", "Administrator", "Authenticated Users", "BUILTIN\\Administrators", "BUILTIN", "Everyone", "System", "Users"])
+    for other_user in [user for user in os.listdir(users_directory) if not user == username]:
+        run(["Icacls", keyfile, "/c", "/t", "/Remove:g", other_user])
+    run(["Icacls", keyfile])
+
 def deploy(source, target, keyfile):
     for source_file in glob.glob(source):
         print(f">> {source_file} -> {target}")
@@ -21,7 +36,7 @@ try:
         deploy_key.write(b"\n")
         deploy_key.close()
 
-        os.chmod(deploy_key.name, 0o600)
+        apply_key_permissions(deploy_key.name)
         deploy(SOURCE, TARGET, deploy_key.name)
 finally:
     if temp_file_name is not None: