On May 29 20:43, Chris Sutcliffe wrote: > On 29 May 2013 13:01, Corinna Vinschen wrote: > > On May 29 12:40, Chris Sutcliffe wrote: > >> On 29 May 2013 11:23, Corinna Vinschen wrote: > >> > On May 29 10:33, Chris Sutcliffe wrote: > >> >> On 29 May 2013 04:39, Corinna Vinschen wrote: > >> > Also, either way, did you logoff and logon so that the "Create symbolic > >> > links" user right can be added to your user token? Note that your token > >> > remains unchanged if you didn't exit from your session. Just changing > >> > the Policy isn't enough, the OS needs achance to create a new user token > >> > for you containing the user right. > >> > >> I've rebooted the machine since making the change and it has had no > >> affect. Is there something else I need to do? > > > > I don't know. I have to try (but not today). Did you try to add the > > "Users" group to the Local Security Policy entry instead? > > I tried adding the "Users" group and it didn't help either.
I just tested it and can confirm it. Try this: Start a login session of a normal user after adding the "Users" group to the "Create symbolic links" right. Check the privileges in the user token: $ /cygdrive/c/Windows/System32/whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled On the other hand, in the same situation the UAC-crippled admins's token does not contain the "Create symbolic links" right: $ /cygdrive/c/Windows/System32/whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled I also changed the "Create symbolic links" policy so that the "Users" group is the only group getting this right. In other words, I removed the "Administrators" group entirely, logged off, logged on, and the result was the same as above. This is a bug in UAC if you ask me. It seems to remove privileges from the UAC-crippled admin's token based on a fixed internal list, totally ignorant of changes in the security policy. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple

