PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Security: Create symbolic links user right must only be assigned to the Administrators group

f0f5d080-6277-4c94-bd8e-1984e17fd492

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

Accounts with the "Create symbolic links" user right can create pointers to other objects, which could expose the system to attack.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ User Rights Assignment
|_ Create symbolic links to include only the following accounts or groups:
- Administrators

Systems that have the Hyper-V role will also have "Virtual Machines" given this user right. If this needs to be added manually, enter it as "NT Virtual Machine\Virtual Machines".

STIG: Server
2025: https://system32.eventsentry.com/stig/viewer/V-278249
2022: https://system32.eventsentry.com/stig/viewer/V-254499
2019: https://system32.eventsentry.com/stig/viewer/V-205756
2016: https://system32.eventsentry.com/stig/viewer/V-225078

Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253489
W10: https://system32.eventsentry.com/stig/viewer/V-220966

NIST 800-53 : AC-3, AC-6, CM-6
NIST 800-171: 3.1.1, 3.1.2, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.1, AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 7.2.1
HIPAA SR : ยง164.312(a)(1)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server stig-medium-desktop nist800-171-server nist800-171-desktop nist800-53-desktop nist800-53-server pci-dss-v4-desktop pci-dss-v4-server hipaa-desktop hipaa-server cmmc2-l2-desktop cmmc2-l2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.