This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 12%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOR%3C/text%3E%3C/svg%3E)
Hi,
I've been trying to find out why "SeCreateSymbolicLinkPrivilege = *S-1-5-32-544" setting is still available in W2016 security baselines but not any more in W2019 security baselines, and it's also missing from the later baselines.
I mean the baselines you can download from Microsoft Security Compliance Toolkit 1.0 site at https://www.microsoft.com/en-us/download/details.aspx?id=55319
In W2016 -package this is found in
GPOs{088E04EC-440C-48CB-A8D7-A89D0162FBFB}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf
{088E04EC-440C-48CB-A8D7-A89D0162FBFB} = "SCM Windows Server 2016 - Member Server Baseline - Computer" baseline
And in W2019 policy I've tried to find it under
GPOs{C92CC433-A4EA-47B1-8B24-6FF732940E0E}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf
{C92CC433-A4EA-47B1-8B24-6FF732940E0E} = "MSFT Windows Server 2019 - Member Server" baseline
Have I understood something incorrectly? Or am I looking in wrong place? Or is there something else I've totally missed?
This setting is quite crucial, and recommended in many places. So that's why I am a bit confused.
Thanks for any comments you can give!
-Olli
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello @Olli Rajala ,
Thank you for posting here.
As you mentioned, such setting on server 2019 is not defined.
Maybe there are some differences between server 2016 and server 2019.
If you need the "SeCreateSymbolicLinkPrivilege = *S-1-5-32-544" setting on server 2019, you can defined it based on your requirements.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let su know.
Best Regards,
Daisy Zhou
Hi,
Thanks @Anonymous for your reply.
I dug deeper today, and in the process also gasp actually read the documents.... :) Announcement.docx which is included in the W2019 policy zip file says the following:
"Removed the configuration of the “Create symbolic links” user rights assignment, as it merely enforced a default, was unlikely to be modified by a misguided administrator or for malicious purposes, and needs to be changed to a different value when Hyper-V is enabled."
So, case closed. But, I learned more during the process, so not totally worthless exercise. :)
Hello @Olli Rajala ,
Thank you for your update and sharing.
I am very glad that the problem has been solved.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!
Best Regards,
Daisy Zhou