I read Lolcock’s response and that was the exact same impression I got: the question wasn’t answered
properly. “You’re trying to save a file to a protected folder” doesn’t explain anything.
If we took the same steps you did we’d all get the same error. Just checking now, security on C drive has been this way since Windows 7, and possibly even Vista but not earlier than that because what you’re seeing is an effect of a security feature that was introduced in Vista known as “mandatory integrity levels”.
C drive has a high mandatory integrity label. What this means for users is that we cannot write new files directly to the root of C drive without administrative privileges even if the permissions would allow us to do so with lower access, but the fact that that “privilege is not held” error occurs is a bit of a bug on Explorer’s part: if a higher integrity label is set up a particular way, Explorer may choke and throw that error. Unfortunately it just so happens by coincidence that C drive is set up this way.
You can view a file system object’s integrity level with Icacls.
Code:
C:\Users\Pyprohly>icacls C:\
C:\ NT AUTHORITY\Authenticated Users:(S,AD)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
BUILTIN\Users:(OI)(CI)(RX)
Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
Successfully processed 1 files; Failed processing 0 files
C:\Users\Pyprohly>
You can also set the integrity label using this tool, but it’s limited and I find Icacls a very unstable tool.
The integrity level can be removed with
Chml.
But I don’t recommend doing this on a location such as C:\.
Instead of the “Error 0x80070522: A required privilege is not held by the client” error message, this is what Explorer should have said as is the case with most other mandatory integrity label configurations.