Block Symlink and Junction creation for a Directory

codeuncode

1/20/23, 5:23 AM

I want block the creation of Symbolic Link and Junction for a particular windows directory due to security reason. So is it possible to do this and if yes, what windows API should I use?

I went through lots of article and blogs but couldn't find any solution.

0 + 0

windows

Score:1

Server

Doug

1/20/23, 6:09 AM

Create symbolic links is a user privilege, not a file system permission. As such it cannot be controlled for a particular windows directory as you wish. It can only be permitted or denied at a user/group level. By default it is enabled only for the local Administrators group.[1]

You would want to use the Local Security Authority (LSA) functions to work with SeCreateSymbolicLinkPrivilege privilege.

Microsoft Privileges

A system administrator can use administrative tools, such as User Manager, to add or remove privileges for user and group accounts. Administrators can programmatically use the Local Security Authority (LSA) functions to work with privileges. The LsaAddAccountRights and LsaRemoveAccountRights functions add or remove privileges from an account. The LsaEnumerateAccountRights function enumerates the privileges held by a specified account. The LsaEnumerateAccountsWithUserRight function enumerates the accounts that hold a specified privilege.

Privilege Constants

Constant/value	Description
SE_CREATE_SYMBOLIC_LINK_NAME	Required to create a symbolic link.
TEXT("SeCreateSymbolicLinkPrivilege")	User Right: Create symbolic links.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Block Symlink and Junction creation for a Directory

TH: บล็อกการสร้าง Symlink และ Junction สำหรับไดเร็กทอรี

RO: Blocați crearea de linkuri simbolice și de joncțiune pentru un director

RU: Блокировка создания символической ссылки и соединения для каталога

VI: Chặn tạo Symlink và Junction cho một Thư mục

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.