Reputation: 74654
Why is SeCreateSymbolicLinkPrivilege ignored on Windows 8?
I'd like to enable my standard user account (i.e. not elevated) to be able to call CreateSymbolicLink.
However, on Win8, even adding "Everyone" to the SeCreateSymbolicLinkPrivilege ("Create Symbolic Links" in secpol.msc) under local group policy still results in STATUS_PRIVILEGE_NOT_HELD. Why?
Upvotes: 29
Views: 9754
Answers (1)
Reputation: 74654
It is indeed UAC, as Christian suspected.
MSDN: Windows Vista Application Development Requirements for User Account Control Compatibility:
What privileges the filtered token contain are based on whether the original token contained any of the restricted RIDS listed above (ed: AKA if you're a non-elevated Admin). If any of the restricted RIDs were in the token, all of the privileges are removed except:
- SeChangeNotifyPrivilege
- SeShutdownPrivilege
- SeUndockPrivilege
- SeReserveProcessorPrivilege
- SeTimeZonePrivilege
Upvotes: 24
Related Questions
- How do I grant SeCreateSymbolicLink on Windows Vista Home edition
- Privlege error trying to create symlink using python on windows 10
- How do I overcome the "The symbolic link cannot be followed because its type is disabled." error when getting the target of a symbolic link?
- win32api - symlink creation issue with UAC enabled?
- Why are Administrator privileges required to create a symlink on Windows?
- mklink permission on windows 8
- SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE, Create SymbolicLink
- mklink access denied but explorer succeeds
- Programmatically created file doesn't always inherit the permissions of the parent folder
- Determine if Windows process has privilege to create symbolic link