I am attempting to create a symlink using python on windows 10 (home version) with the foll. code:
kdll = ctypes.windll.LoadLibrary("kernel32.dll")
kdll.CreateSymbolicLinkW(src_dir, dst_dir, 1)
*** error: (1314, 'CreateSymbolicLink', 'A required privilege is not held by the client.')
If UAC is enabled and your user is an administrator, then the Local Security Authority (LSA, hosted in lsass.exe) logs your user on with a restricted access token. For this token, the
BUILTIN\Administrators group is used only for denying access; the integrity-level label is medium instead of high; and the privileges typically granted to an administrator have been filtered out.
To create a symbolic link, you need to create the process using your unrestricted/elevated access token (i.e. elevated from medium to high integrity level). Do this by right-clicking and selecting "Run as administrator". This elevated token will be inherited by child processes, so it suffices to run your Python script from an elevated command prompt, which you can open via the keyboard shortcut Win+X A. You can verify that the cmd shell is elevated by running
whoami /priv and checking for the presence of
SeCreateSymbolicLinkPrivilege. Don't be alarmed if the state is disabled. The Windows
CreateSymbolicLink function automatically enables this privilege.
That said, since you're creating a directory symbolic link, then perhaps a junction will work just as well. No special privilege is required to create a junction. You can create a junction using cmd's
mklink command. For example:
subprocess.check_call('mklink /J "%s" "%s"' % (link, target), shell=True)