How to programmatically add "Authenticated Users" to "Create symbolic links" in Local Group Policy?

Kevin Mackey 20 Reputation points

I would like to programmatically add "Authenticated Users" to "Create symbolic links" as can be done in Local Group Policy Editor in Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

I found IGroupPolicyObject interface (, but I'm not sure if this will work for me, and I can't find good example code. Some on StackOverflow seem to deal with the User Configuration, and not the Computer Configuration.

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
3,078 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,228 questions
{count} votes

Accepted answer
  1. Jeanine Zhang-MSFT 7,036 Reputation points Microsoft Vendor


    Welcome to Microsoft Q&A!

    You could try to use LsaAddAccountRights to assign one or more privileges to an account. Refer to the Doc:Authenticated Users. Authenticated User is always SID: S-1-5-11. The constant of Create symbolic links is SeCreateSymbolicLinkPrivilege.

    For more details, I suggest you could refer to the Doc: Assigning Privileges to an Account

    Thank you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful