Quantcast
Channel: File Services and Storage Forum
Viewing all articles
Browse latest Browse all 1766

Unable to grant SeCreateSymbolicLinkPrivilege

$
0
0

WS2008 R2 SP1 domain, servers and clients.

I'm attempting to give a Security Group the "Create Symbolic Link" user right via Group Policy. Local Security Policy MMC shows the Policy is being applied, but when I log on as a member of the Group that was granted this right and issue this command--

MKLINK /D <LinkPath> <TargetPath>

--I get "Access is denied", and when I issue this command--

WHOAMI /PRIV

--I get this:

Privilege Name                Description                    State
============================= ============================== ========
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links          Disabled

The user account is NOT a member of Administrators. However, I can successfully create the symlink issuing the same command on the same computer from an elevated command prompt with an Administrator account, so I believe it comes down to the SeCreateSymbolicLinkPrivelege being "Disabled" in WHOAMI despite the GUI's assurances to the contrary.

<LinkPath> and <TargetPath> are both remote folders; R2R is enabled, as evidenced by the admin account's ability to create the symlink.

The computer has been restarted after the user rights Group Policy was applied.

I have also tried adding the test account itself to the GPO and restarting the computer; no change.

User account has Full Control in <LinkPath> and Modify in <TargetPath>.

How can I REALLY enable SeCreateSymbolicLinkPrivelege?

TIA


Viewing all articles
Browse latest Browse all 1766

Trending Articles