diff --git a/constructor/nsis/main.nsi.tmpl b/constructor/nsis/main.nsi.tmpl
index 6ff4ecdc..0d08e60b 100644
--- a/constructor/nsis/main.nsi.tmpl
+++ b/constructor/nsis/main.nsi.tmpl
@@ -1372,11 +1372,11 @@ Section "Install"
 
     # To address CVE-2022-26526.
     # Revoke the write permission on directory "$INSTDIR" for Users if this is
-    # being run with administrative privileges. Users are:
+    # an all-users installation. Users are:
     #   AU - authenticated users
     #   BU - built-in (local) users
     #   DU - domain users
-    ${If} ${UAC_IsAdmin}
+    ${If} $InstMode == ${ALL_USERS}
         ${Print} "Setting installation directory permissions..."
         AccessControl::DisableFileInheritance "$INSTDIR"
         AccessControl::RevokeOnFile "$INSTDIR" "(AU)" "GenericWrite"
diff --git a/news/873-justme-permission-bug b/news/873-justme-permission-bug
new file mode 100644
index 00000000..a31b5d2e
--- /dev/null
+++ b/news/873-justme-permission-bug
@@ -0,0 +1,19 @@
+### Enhancements
+
+* <news item>
+
+### Bug fixes
+
+* Restrict Windows directory permission based on installation mode, not privilege level. (#872 via #873)
+
+### Deprecations
+
+* <news item>
+
+### Docs
+
+* <news item>
+
+### Other
+
+* <news item>