I encountered a problem when following the guide: WinPE: Create a Boot CD, DVD, ISO, or VHD
I chose to create a new .vhdx file directly under C:\ for testing in Hyper-V
Later I moved the .vhdx file to C:\Hyper-V
I actually got this dialog when moving the file, but just went ahead with Continue without considering the implications.
When I tried to attach the .vhdx to a virtual machine I got this error message:
Failed to modify device ‘Virtual Hard Disk’.
User Account does not have permission to open attachment.
I checked the file permissions and noticed:
Integrity level: High Mandatory Level
I also checked the permissions with:
C:\>icacls c:\Hyper-V\WinPE_amd64_PS.vhdx c:\Hyper-V\WinPE_amd64_PS.vhdx BUILTIN\Administrators:(I)(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Users:(I)(RX) NT AUTHORITY\Authenticated Users:(I)(M) Mandatory Label\High Mandatory Level:(I)(NW) Successfully processed 1 files; Failed processing 0 files
The high integrity level was causing the problem, but how to remove it?
The easiest solution was to lower the integrity level with:
icacls c:\Hyper-V\WinPE_amd64_PS.vhdx /setintegritylevel medium
After that the file could be attached and used.
Conclusion
If high integrity level on a file causes problems, it can be lowered with icacls.
Generally avoid creating files directly under C:\, because it can lead to problems like this.