Policy

Selectively allow the evaluation of a symbolic link

Microsoft Windows

Back to FilesystemBack to main
Selectively allow the evaluation of a symbolic link
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > Filesystem
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: Local Link to a Local Target Local Link to a Remote Target Remote Link to Remote Target Remote Link to Local Target For further information please refer to the Windows Help section NOTE: If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated.

Internal name
SymlinkEvaluation
Policy ID
0eb7b41a1e0f
Elements
4

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymLinkState
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymLinkState
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Local Link to Local Target
ID SymLinkClassL2L
boolean
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkLocalToLocalEvaluation
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Local Link to a Remote Target
ID SymLinkClassL2R
boolean
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkLocalToRemoteEvaluation
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Remote Link to Remote Target
ID SymLinkClassR2R
boolean
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkRemoteToRemoteEvaluation
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Remote Link to Local Target
ID SymLinkClassR2L
boolean
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkRemoteToLocalEvaluation
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Local Link to Local Target
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkLocalToLocalEvaluation
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Local Link to a Remote Target
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkLocalToRemoteEvaluation
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Remote Link to Remote Target
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkRemoteToRemoteEvaluation
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Remote Link to Local Target
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows\Filesystems\NTFS
Value name
SymlinkRemoteToLocalEvaluation
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0