Privlege error trying to create symlink using python on windows 10

Asked 30/9, 2015 at 23:39 Answered 19/5, 2023 at 23:41

I am attempting to create a symlink using python on windows 10 (home version) with the foll. code:

import ctypes

kdll = ctypes.windll.LoadLibrary("kernel32.dll")
kdll.CreateSymbolicLinkW(src_dir, dst_dir, 1)

but I get the foll. error:

*** error: (1314, 'CreateSymbolicLink', 'A required privilege is not held by the client.')

How to fix this?

Baltoslavic answered 30/9, 2015 at 23:39 Comment(8)

If UAC is enabled and your user is an administrator, then you have to elevate (i.e. "run as administrator") to get the unrestricted administrator token that has SeCreateSymbolicLinkPrivilege. – Chauffer 30/9, 2015 at 23:43

thanks @eryksun, I do have admin privledges, but how do I do what you are suggesting? If you can put it as an answer, I will be happy to accept it – Baltoslavic 30/9, 2015 at 23:45

Windows-X, A will open an admin command-line window. If you run your Python program from there it should work. – Chiffonier 1/10, 2015 at 0:34

thanks @eryksun, doesn't mklink not need elevation as well? – Baltoslavic 1/10, 2015 at 1:26

I am using python 2.7 (a library needs it) – Baltoslavic 1/10, 2015 at 1:26

cmd would need to be elevated to have mklink create a symbolic link, but not a junction -- e.g. subprocess.call('mklink /J "%s" "%s"' % (link, target), shell=True). – Chauffer 1/10, 2015 at 1:57

it works!! thanks!!! plz write it as an answer so i can accept – Baltoslavic 1/10, 2015 at 2:8

By the way, you don't have to call CreateSymbolicLinkW manually - you can use os.symlink (on Python 3). – Haug 19/5, 2023 at 23:44

If UAC is enabled and your user is an administrator, then the Local Security Authority (LSA, hosted in lsass.exe) logs your user on with a restricted access token. For this token, the BUILTIN\Administrators group is used only for denying access; the integrity-level label is medium instead of high; and the privileges typically granted to an administrator have been filtered out.

To create a symbolic link, you need to create the process using your unrestricted/elevated access token (i.e. elevated from medium to high integrity level). Do this by right-clicking and selecting "Run as administrator". This elevated token will be inherited by child processes, so it suffices to run your Python script from an elevated command prompt, which you can open via the keyboard shortcut Win+X A. You can verify that the cmd shell is elevated by running whoami /priv and checking for the presence of SeCreateSymbolicLinkPrivilege. Don't be alarmed if the state is disabled. The Windows CreateSymbolicLink function automatically enables this privilege.

That said, since you're creating a directory symbolic link, then perhaps a junction will work just as well. No special privilege is required to create a junction. You can create a junction using cmd's mklink command. For example:

subprocess.check_call('mklink /J "%s" "%s"' % (link, target), shell=True)

Chauffer answered 1/10, 2015 at 2:50 Comment(0)

https://www.scivision.dev/windows-symbolic-link-permission-enable/

Open gpedit.msc
Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment → Create symbolic links

Type the user name and click “Check Names” then OK.
Reboot the computer

Melchor answered 30/12, 2020 at 8:45 Comment(0)

These days, the easiest way to make it possible to create Symbolic Links is to enable Developer Mode.

Go to Settings > System > For Developers and turn Developer Mode to on. Immediately, it should be possible to create symbolic links.

(on Windows 10, it's under Settings > Privacy & Security > For Developers).

Haug answered 19/5, 2023 at 23:41 Comment(1)

Looks like in Windows 11 this was moved to: Settings > System> For Developers – Evening 6/6 at 13:13

Recommended topics

Hot tags