diff --git a/run_command.tf b/run_command.tf
index 39b35ba..530f7b7 100644
--- a/run_command.tf
+++ b/run_command.tf
@@ -7,10 +7,24 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command"
   type                         = lower(var.os_type) == "linux" ? "RunCommandLinux" : lower(var.os_type) == "windows" ? "RunCommandWindows" : null
   type_handler_version         = lower(var.os_type) == "linux" ? var.run_command_type_handler_version : var.run_command_type_handler_version_windows
   auto_upgrade_minor_version   = true
-  settings = jsonencode({
-    script = compact(tolist([file("${path.module}/${var.rc_script_file}")]))
+
+    protected_settings = lower(var.os_type) == "linux" ? jsonencode({ commandToExecute = tostring(templatefile("${path.module}/scripts/linux_run_script.sh", {
+    STORAGE_ACCOUNT_KEY = var.run_command_sa_key
+    RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
+    RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
+    ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
+    XDR_TAGS            = local.xdr_tags_list
+    })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", {
+      STORAGE_ACCOUNT_KEY = var.run_command_sa_key
+      RUN_CIS             = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false"
+      RUN_XDR_COLLECTOR   = var.run_xdr_collector ? "true" : "false"
+      RUN_XDR_AGENT       = var.run_xdr_agent ? "true" : "false"
+      ENV                 = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
+      XDR_TAGS            = local.xdr_tags_list
+    })]))
   })
 
+  tags       = var.common_tags
   depends_on = [azurerm_virtual_machine_scale_set_extension.custom_script]
 }