Unable to grant SeCreateSymbolicLinkPrivilege

ws2008 r2 sp1 domain, servers , clients.

i'm attempting give security group "create symbolic link" user right via group policy. local security policy mmc shows policy being applied, when log on member of group granted right , issue command--

mklink /d <linkpath> <targetpath>

--i "access denied", , when issue command--

whoami /priv

--i this:

privilege name                description                    state  ============================= ============================== ========  sechangenotifyprivilege       bypass traverse checking       enabled  seincreaseworkingsetprivilege increase process working set disabled  secreatesymboliclinkprivilege create symbolic links          disabled

the user account not member of administrators. however, can create symlink issuing same command on same computer elevated command prompt administrator account, believe comes down secreatesymboliclinkprivelege being "disabled" in whoami despite gui's assurances contrary.

<linkpath> , <targetpath> both remote folders; r2r enabled, evidenced admin account's ability create symlink.

the computer has been restarted after user rights group policy applied.

i have tried adding test account gpo , restarting computer; no change.

user account has full control in <linkpath> , modify in <targetpath>.

how can enable secreatesymboliclinkprivelege?

tia

hi,

please check if group policy applied target server , specific user.

in test, after applying group policy, create symbolic link standard user account.

from screenshot, privilege of setcreatesymboliclinkprivilege disabled still create standard users.

i tried disable group policy , message "do not have sufficient privilege perform operation".

in addition, please check if caused uac. test disable (user access control) see result.

---

technet subscriber support in forum |if have feedback on our support, please contact tnmff@microsoft.com.

Windows Server  >  File Services and Storage