Directory ownership in Jenkins workspace

We have a setup with Jenkins master running on Linux, and a number of build agents running on Windows.
The windows service running Jenkins runs as a specific user account in our Microsoft AD.
The project directories created by Jenkins under the workspace directory used to be owned by that specific user, but since a year or so the directories now belong to the PC local Administrators.
This is particularly annoying when debugging on the build agent as Git does not even allow us to work inside these directories until ownership has been taken over by logged on user (same as runs the service):
How do I get back to a scenario where directories are owned by the same user that runs the service?

i don’t know windows very well, but is it in one of the protected directories, windows changed how c:\program files works and stuff.

The jenkins process doesn’t suddenly start using a different user. Did you confirm that the agent is not running as adminstrator now? Maybe someone reinstalled the agent incorrectly while upgrading.

Additionally can you make a new pipeline

node('windows') {
  bat('whoami')
}

and see what it says?

The whoami returns ‘domain\swbuilduser’ as it should.
Jenkins is installed in C:\Jenkins and workspace is in C:\Jenkins\workspace.
When remoting the machine as domain\swbuilduser and creating directories inside workspace, they belong to domain\swbuilduser as you’d expect.
Can it relate to how Java is installed on the agent (I know zero about Java)?

i know little about windows, my guess is still some sort of security thing, i defer to @slide_o_mix

How are you connecting to your Windows agents? Are you using SSH or some other mechanism? Are you running the agent as a service?