user308827 user308827 - 11 months ago 135
Python Question

Privlege error trying to create symlink using python on windows 10

I am attempting to create a symlink using python on windows 10 (home version) with the foll. code:

import ctypes

kdll = ctypes.windll.LoadLibrary("kernel32.dll")
kdll.CreateSymbolicLinkW(src_dir, dst_dir, 1)

but I get the foll. error:

*** error: (1314, 'CreateSymbolicLink', 'A required privilege is not held by the client.')

How to fix this?

Answer Source

If UAC is enabled and your user is an administrator, then the Local Security Authority (LSA, hosted in lsass.exe) logs your user on with a restricted access token. For this token, the BUILTIN\Administrators group is used only for denying access; the integrity-level label is medium instead of high; and the privileges typically granted to an administrator have been filtered out.

To create a symbolic link, you need to create the process using your unrestricted/elevated access token (i.e. elevated from medium to high integrity level). Do this by right-clicking and selecting "Run as administrator". This elevated token will be inherited by child processes, so it suffices to run your Python script from an elevated command prompt, which you can open via the keyboard shortcut Win+X A. You can verify that the cmd shell is elevated by running whoami /priv and checking for the presence of SeCreateSymbolicLinkPrivilege. Don't be alarmed if the state is disabled. The Windows CreateSymbolicLink function automatically enables this privilege.

That said, since you're creating a directory symbolic link, then perhaps a junction will work just as well. No special privilege is required to create a junction. You can create a junction using cmd's mklink command. For example:

subprocess.check_call('mklink /J "%s" "%s"' % (link, target), shell=True)