Share via

How to programmatically add "Authenticated Users" to "Create symbolic links" in Local Group Policy?

Kevin Mackey 20 Reputation points
2023-08-30T02:16:53.2333333+00:00

I would like to programmatically add "Authenticated Users" to "Create symbolic links" as can be done in Local Group Policy Editor in Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

I found IGroupPolicyObject interface (https://learn.microsoft.com/en-us/windows/win32/api/gpedit/nn-gpedit-igrouppolicyobject), but I'm not sure if this will work for me, and I can't find good example code. Some on StackOverflow seem to deal with the User Configuration, and not the Computer Configuration.

Windows development Windows API - Win32
Windows for business Windows Client for IT Pros User experience Other
Accepted answer
  1. Jeanine Zhang-MSFT 11,356 Reputation points Microsoft External Staff
    2023-08-30T03:04:14.8533333+00:00

    Hello,

    Welcome to Microsoft Q&A!

    You could try to use LsaAddAccountRights to assign one or more privileges to an account. Refer to the Doc:Authenticated Users. Authenticated User is always SID: S-1-5-11. The constant of Create symbolic links is SeCreateSymbolicLinkPrivilege.

    For more details, I suggest you could refer to the Doc: Assigning Privileges to an Account

    Thank you.

    Jeanine

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.