diff --git a/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl
new file mode 100644
index 0000000..9fe3564
--- /dev/null
+++ b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl
@@ -0,0 +1,24 @@
+namespace "*" {
+  policy       = "write"
+  capabilities = ["alloc-node-exec"]
+}
+
+agent {
+  policy = "write"
+}
+
+operator {
+  policy = "write"
+}
+
+quota {
+  policy = "write"
+}
+
+node {
+  policy = "write"
+}
+
+host_volume "*" {
+  policy = "write"
+}
diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb
index e32dd26..73c6c3d 100644
--- a/cookbooks/nomad/setup.rb
+++ b/cookbooks/nomad/setup.rb
@@ -24,6 +24,12 @@ if node['nomad']['manager']
   end
 
   directory '/etc/nomad.d/policies' do
+    owner 'nomad'
+    group 'nomad'
+    mode '755'
+  end
+
+  remote_file '/etc/nomad.d/policies/anonymous.hcl' do
     owner 'nomad'
     group 'nomad'
     mode '644'