I am attempting to create a symlink using python on windows 10 (home version) with the foll. code:
import ctypes
kdll = ctypes.windll.LoadLibrary("kernel32.dll")
kdll.CreateSymbolicLinkW(src_dir, dst_dir, 1)
but I get the foll. error:
*** error: (1314, 'CreateSymbolicLink', 'A required privilege is not held by the client.')
How to fix this?
Windows 11, 10, 8, 7, and Vista all support symbolic links — also known as symlinks — that point to a file or folder on your system. You can create them using the Command Prompt or a third-party tool called Link Shell Extension.
To create a symbolic link in Python, you can use the os module symlink() function.
If UAC is enabled and your user is an administrator, then the Local Security Authority (LSA, hosted in lsass.exe) logs your user on with a restricted access token. For this token, the BUILTIN\Administrators group is used only for denying access; the integrity-level label is medium instead of high; and the privileges typically granted to an administrator have been filtered out.
To create a symbolic link, you need to create the process using your unrestricted/elevated access token (i.e. elevated from medium to high integrity level). Do this by right-clicking and selecting "Run as administrator". This elevated token will be inherited by child processes, so it suffices to run your Python script from an elevated command prompt, which you can open via the keyboard shortcut Win+X A. You can verify that the cmd shell is elevated by running whoami /priv and checking for the presence of SeCreateSymbolicLinkPrivilege. Don't be alarmed if the state is disabled. The Windows CreateSymbolicLink function automatically enables this privilege.
That said, since you're creating a directory symbolic link, then perhaps a junction will work just as well. No special privilege is required to create a junction. You can create a junction using cmd's mklink command. For example:
subprocess.check_call('mklink /J "%s" "%s"' % (link, target), shell=True)
https://www.scivision.dev/windows-symbolic-link-permission-enable/
Open gpedit.msc
Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment → Create symbolic links
Type the user name and click “Check Names” then OK.
Reboot the computer
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With