WS2008 R2 SP1 domain, servers and clients.
I'm attempting to give a Security Group the "Create Symbolic Link" user right via Group Policy. Local Security Policy MMC shows the Policy is being applied, but when I log on as a member of the Group that was granted this right and issue this command--
MKLINK /D <LinkPath> <TargetPath>
--I get "Access is denied", and when I issue this command--
WHOAMI /PRIV
--I get this:
Privilege Name Description State ============================= ============================== ======== SeChangeNotifyPrivilege Bypass traverse checking Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
The user account is NOT a member of Administrators. However, I can successfully create the symlink issuing the same command on the same computer from an elevated command prompt with an Administrator account, so I believe it comes down to the SeCreateSymbolicLinkPrivelege being "Disabled" in WHOAMI despite the GUI's assurances to the contrary.
<LinkPath> and <TargetPath> are both remote folders; R2R is enabled, as evidenced by the admin account's ability to create the symlink.
The computer has been restarted after the user rights Group Policy was applied.
I have also tried adding the test account itself to the GPO and restarting the computer; no change.
User account has Full Control in <LinkPath> and Modify in <TargetPath>.
How can I REALLY enable SeCreateSymbolicLinkPrivelege?
TIA