{
	"id": "e5530148-9935-4bda-af62-c38f9b37547c",
	"created_at": "2026-04-06T00:07:27.452087Z",
	"updated_at": "2026-04-10T13:11:50.618984Z",
	"deleted_at": null,
	"sha1_hash": "2201b6102cb62f955de882978f62f717cca770ac",
	"title": "Create symbolic links - Windows 10",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45237,
	"plain_text": "Create symbolic links - Windows 10\r\nBy vinaypamnani-msft\r\nArchived: 2026-04-05 18:29:32 UTC\r\nApplies to\r\nWindows 11\r\nWindows 10\r\nDescribes the best practices, location, values, policy management, and security considerations for the Create\r\nsymbolic links security policy setting.\r\nReference\r\nThis user right determines if users can create a symbolic link from the device they're logged on to.\r\nA symbolic link is a file system object that points to another file system object that is called the target. Symbolic\r\nlinks are transparent to users. The links appear as normal files or directories, and they can be acted upon by the\r\nuser or application in exactly the same manner. Symbolic links are designed to aid in migration and application\r\ncompatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like\r\nUNIX links.\r\nWarning\r\nThis privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in\r\napplications that aren't designed to handle them.\r\nConstant: SeCreateSymbolicLinkPrivilege\r\nPossible values\r\nUser-defined list of accounts\r\nNot Defined\r\nBest practices\r\nOnly trusted users should get this user right. Symbolic links can expose security vulnerabilities in\r\napplications that aren't designed to handle them.\r\nLocation\r\nhttps://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links\r\nPage 1 of 3\n\nComputer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\r\nDefault values\r\nBy default, members of the Administrators group have this right.\r\nThe following table lists the actual and effective default policy values. Default values are also listed on the\r\npolicy’s property page.\r\nServer type or GPO Default value\r\nDefault Domain Policy Not Defined\r\nDefault Domain Controller Policy Not Defined\r\nStand-Alone Server Default Settings Not Defined\r\nDomain Controller Effective Default Settings Administrators\r\nMember Server Effective Default Settings Administrators\r\nClient Computer Effective Default Settings Administrators\r\nPolicy management\r\nThis section describes different features and tools available to help you manage this policy.\r\nA restart of the device isn't required for this policy setting to be effective.\r\nAny change to the user rights assignment for an account becomes effective the next time the owner of the account\r\nlogs on.\r\nGroup Policy\r\nSettings are applied in the following order through a Group Policy Object (GPO), which will overwrite settings on\r\nthe local computer at the next Group Policy update:\r\nLocal policy settings\r\nSite policy settings\r\nDomain policy settings\r\nOU policy settings\r\nWhen a local setting is greyed out, it indicates that a GPO currently controls that setting.\r\nCommand-line tools\r\nThis setting can be used in conjunction with a symbolic link file system setting that can be manipulated with the\r\ncommand-line tool to control the kinds of symlinks that are allowed on the device. For more info, type fsutil\r\nhttps://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links\r\nPage 2 of 3\n\nbehavior set symlinkevaluation /? at the command prompt.\r\nSecurity considerations\r\nThis section describes how an attacker might exploit a feature or its configuration, how to implement the\r\ncountermeasure, and the possible negative consequences of countermeasure implementation.\r\nVulnerability\r\nUsers who have the Create symbolic links user right could inadvertently or maliciously expose your system to\r\nsymbolic link attacks. Symbolic link attacks can be used to change the permissions on a file, to corrupt data, to\r\ndestroy data, or as a DoS attack.\r\nCountermeasure\r\nDon't assign the Create symbolic links user right to standard users. Restrict this right to trusted administrators.\r\nYou can use the fsutil command to establish a symbolic link file system setting that controls the kind of symbolic\r\nlinks that can be created on a computer.\r\nPotential impact\r\nNone. Not defined is the default configuration.\r\nUser Rights Assignment\r\nSource: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links\r\nhttps://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links"
	],
	"report_names": [
		"create-symbolic-links"
	],
	"threat_actors": [],
	"ts_created_at": 1775434047,
	"ts_updated_at": 1775826710,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2201b6102cb62f955de882978f62f717cca770ac.pdf",
		"text": "https://archive.orkl.eu/2201b6102cb62f955de882978f62f717cca770ac.txt",
		"img": "https://archive.orkl.eu/2201b6102cb62f955de882978f62f717cca770ac.jpg"
	}
}