locked
configuring symlink support in Win7 RRS feed

  • Question

  • Hi all,

    I'm testing symlink support on Win7. I have added the "Everyone" group to the "Create symbokic links" local policy and have also set all the fsutil symlinkevaluation settings to "enabled".

    However when I use the mklink command on a local NTFS volume, I still get access denied unless I run the command in an Administrator shell.

    Am I opening up symlink support correctly?

    thanks,

    James


    James Peach
    Monday, August 23, 2010 9:22 PM

Answers

  • Hi James:

    We have finished our investigation regarding your question about symbolic link and local policy.

     

    After giving “Everyone” the privilege “Create symbolic link”, please reboot (or log off) and log in as a standard user, a user who is NOT a member of group “Administrators”. You should be able to create a symbolic link using mklink command in a directory where user has write permissions.

     

    The reason a member of “Administrators” cannot create symbolic link is because “Create symbolic link” privilege is removed from the filtered token since user is a member of “Administrators” group. Section “Access Token Changes” of article at link http://msdn.microsoft.com/en-us/library/bb530410.aspx describes in more details on how filtered token is created.

     

    Please let me know if it answers your question. If it does, I’ll consider this issue resolved.

     


    Regards, Obaid Farooqi
    Friday, September 3, 2010 4:58 PM
  • Hi MJ, this forum is for software developers who are using the Open Protocol Specification documentation to assist them in developing systems, services, and applications that are interoperable with Windows. The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx.

    Since your post does not appear to be related to the Open Protocol Specification documentation set we would appreciate it if you could try one or both of the forums noted below instead to find the information you are looking for. Thanks!

    Windows Server TechCenter > Windows Server Forums
    http://social.technet.microsoft.com/Forums/en-US/category/windowsserver

    > File Services and Storage
    http://social.technet.microsoft.com/Forums/en-US/winserverfiles/threads

    > Group Policy
    http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads

    Bill Wesse MSFT, US-CSS DSC Protocol Team

    • Marked as answer by Bill Wesse Wednesday, December 15, 2010 2:23 PM
    Wednesday, December 15, 2010 2:23 PM

All replies

  • James,

       Thanks for your question.  One of our engineers will work with you and respond to you soon.

     


    Hongwei Sun -MSFT
    Monday, August 23, 2010 11:39 PM
  • Hi James:

    I'll be helping you with this issue. I be in touch through this thread as soon as I have an answer. If you have any clarifiction/question regarding this issue, please post to this thread.


    Regards, Obaid Farooqi
    Tuesday, August 24, 2010 9:18 PM
  • The local policy change is sufficient to make symlinks work in Windows 2008 Server SP2.
    James Peach
    Wednesday, August 25, 2010 4:42 PM
  • Hi James:

    We have finished our investigation regarding your question about symbolic link and local policy.

     

    After giving “Everyone” the privilege “Create symbolic link”, please reboot (or log off) and log in as a standard user, a user who is NOT a member of group “Administrators”. You should be able to create a symbolic link using mklink command in a directory where user has write permissions.

     

    The reason a member of “Administrators” cannot create symbolic link is because “Create symbolic link” privilege is removed from the filtered token since user is a member of “Administrators” group. Section “Access Token Changes” of article at link http://msdn.microsoft.com/en-us/library/bb530410.aspx describes in more details on how filtered token is created.

     

    Please let me know if it answers your question. If it does, I’ll consider this issue resolved.

     


    Regards, Obaid Farooqi
    Friday, September 3, 2010 4:58 PM
  • Hi James:

    Please let me if my reply resolve this issue. If I don't hear from you by Monday September 13, I'll consider the issue resolved.


    Regards, Obaid Farooqi
    Thursday, September 9, 2010 4:20 PM
  • Thanks, that makes a certain amount of sense.
    James Peach
    Tuesday, September 14, 2010 9:54 PM
  • I've successfully created a symbolic directory link from a folder in a DFS share to a SharePoint document library, and after using the FSUtil utility to enable R2R symlinks in Windows 7 it works pefectly.

    The question is this: how can I use Group Policy to allow all my PCs to follow R2R symlinks? I don't want to have to go to each machine and issue the FSUtil command.

    Any advice is much appreciated.

    Wednesday, December 15, 2010 10:12 AM
  • Hi MJ, this forum is for software developers who are using the Open Protocol Specification documentation to assist them in developing systems, services, and applications that are interoperable with Windows. The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx.

    Since your post does not appear to be related to the Open Protocol Specification documentation set we would appreciate it if you could try one or both of the forums noted below instead to find the information you are looking for. Thanks!

    Windows Server TechCenter > Windows Server Forums
    http://social.technet.microsoft.com/Forums/en-US/category/windowsserver

    > File Services and Storage
    http://social.technet.microsoft.com/Forums/en-US/winserverfiles/threads

    > Group Policy
    http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads

    Bill Wesse MSFT, US-CSS DSC Protocol Team

    • Marked as answer by Bill Wesse Wednesday, December 15, 2010 2:23 PM
    Wednesday, December 15, 2010 2:23 PM