Cannot allow myself create symbolic links

    General discussion

  • In the Local Security Policy there is an element
    Local Policies -> User Rights Assignment -> Create Symbolic Links
    which is supposed to list the users allowed to create symbolic links. By default only the Administrators group is present there. When I add to this list a user with restricted permissions all works fine, this user indeed gets the ability to create links (I'm checking via the mklink utility). However, for users from the Administrators group this does not work at all: when I try to create a link, I get "You do not have sufficient privilege to perform this operation" message. mklink works only from a console started with elevated privileges, while restricted users added to the list can create links without any elevation. I even tried to add the specific user from the Administrators group to the list in addition to this group, but of course it did not change anything. What should I do to allow myself create symlinks directly, without elevation?

    My OS is Vista Business SP1 32-bit (russian), UAC is turned on.
    The computer is not in domain, so there is no group policy that could override local settings.
    Tuesday, March 10, 2009 10:49 PM

All replies