diff --git a/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1 b/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1
index 35b6809d0ee..0d808bb8c49 100644
--- a/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1
+++ b/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1
@@ -38,20 +38,14 @@ Try {
     $inheritanceEnabled = !$objACL.AreAccessRulesProtected
 
     If (($state -eq "present") -And !$inheritanceEnabled) {
-        If ($reorganize) {
-            $objACL.SetAccessRuleProtection($True, $True)
-        } Else {
-            $objACL.SetAccessRuleProtection($True, $False)
-        }
-
-        Set-ACL $path $objACL
-        Set-Attr $result "changed" $true;
-    }
-    Elseif (($state -eq "absent") -And $inheritanceEnabled) {
         # second parameter is ignored if first=$False
         $objACL.SetAccessRuleProtection($False, $False)
 
         If ($reorganize) {
+            # it wont work without intermediate save, state would be the same
+            Set-ACL $path $objACL
+            $objACL = Get-ACL $path
+
             # convert explicit ACE to inherited ACE
             ForEach($inheritedRule in $objACL.Access) {
                 If (!$inheritedRule.IsInherited) {
@@ -59,7 +53,7 @@ Try {
                 }
 
                 ForEach($explicitRrule in $objACL.Access) {
-                    If ($inheritedRule.IsInherited) {
+                    If ($explicitRrule.IsInherited) {
                         Continue
                     }
 
@@ -70,6 +64,16 @@ Try {
             }
         }
 
+        Set-ACL $path $objACL
+        Set-Attr $result "changed" $true;
+    }
+    Elseif (($state -eq "absent") -And $inheritanceEnabled) {
+        If ($reorganize) {
+            $objACL.SetAccessRuleProtection($True, $True)
+        } Else {
+            $objACL.SetAccessRuleProtection($True, $False)
+        }
+
         Set-ACL $path $objACL
         Set-Attr $result "changed" $true;
     }