From 81aecff301361ac21234fca88358aed1df889317 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Wed, 3 May 2023 19:51:20 -0500
Subject: [PATCH] Pass the SID instead of the group name to icacls

Group names are localized but well-known SIDs work everywhere.
---
 src_assets/windows/misc/migration/migrate-config.bat | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src_assets/windows/misc/migration/migrate-config.bat b/src_assets/windows/misc/migration/migrate-config.bat
index ee430ee1..65d00d8f 100644
--- a/src_assets/windows/misc/migration/migrate-config.bat
+++ b/src_assets/windows/misc/migration/migrate-config.bat
@@ -39,8 +39,9 @@ rem Create the credentials directory if it wasn't migrated or already existing
 if not exist "%NEW_DIR%\credentials\" mkdir "%NEW_DIR%\credentials"
 
 rem Disallow read access to the credentials directory for normal users
+rem Note: We must use the SID directly because "Administrators" is localized
 icacls "%NEW_DIR%\credentials" /inheritance:r
-icacls "%NEW_DIR%\credentials" /grant:r Administrators:(OI)(CI)(F)
+icacls "%NEW_DIR%\credentials" /grant:r *S-1-5-32-544:(OI)(CI)(F)
 
 rem Migrate the covers directory
 if exist "%OLD_DIR%\covers\" (