Symlinks still don't work reliably under Windows
Creation of symlinks under Windows is still not reliable due to, honestly, weird behavior of windows' UAC.
The system command
mklink /J seems to be interesting because it doesn't need as much elevated user permissions like
mklink /.D does (the opposite is a junction vs. a symlink)
I will gamble around with that a bit.
#2 Updated by Adrian Föder about 8 years ago
basically, this entry: http://social.msdn.microsoft.com/Forums/en/os_fileservices/thread/e967ab01-3136-4fda-9677-e5ecaaa2f694 explains why this is.
The problem, mainly, is; even with the Security Policy for creating symbolic links is granted to not only Administrators; that it doesn't work if the intended User is itself a member of the Administrator group.
After giving “Everyone” the privilege “Create symbolic link”, please reboot (or log off) and log in as a standard user, a user who is NOT a member of group “Administrators”. You should be able to create a symbolic link using mklink command in a directory where user has write permissions.
The reason a member of “Administrators” cannot create symbolic link is because “Create symbolic link” privilege is removed from the filtered token since user is a member of “Administrators” group. Section “Access Token Changes” of article at link http://msdn.microsoft.com/en-us/library/bb530410.aspx describes in more details on how filtered token is created.
#3 Updated by Adrian Föder about 8 years ago
In short, a "primitive" user would be able to create Symlinks (with the mentioned secpol.msc setting done), while an Administrator won't (if he's not in Elevated state).
So, setting the Apache service to be run under a deriving user may work; additionally (this is to be checked), it's likely that the default account (which is SYSTEM) has sufficient rights to create symlinks.
exec() requests then also would be run under SYSTEM user, hence Symlink creation would work.
So the prescribed configuration could be...¶
- open the local policy editor
- locate Security Settings > Local Policies > User Rights Management > Create symbolic links
German: Sicherheitseinstellungen > Lokale Richtlinien > Zuweisen von Benutzerrechten > Erstellen symbolischer Verknüpfungen
- Add the
SYSTEMgroup (or whatever the Apache service is run under, per default it's
- Keep in mind that, if you are logged in as Administrator and want to call FLOW3 via the console, you must run the Command Line Prompt elevated (i.e. "Run as Administrator).