Policy
Selectively allow the evaluation of a symbolic link
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: Local Link to a Local Target Local Link to a Remote Target Remote Link to Remote Target Remote Link to Local Target For further information please refer to the Windows Help section NOTE: If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS\SymLinkState | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Local Link to Local Target ID SymLinkClassL2L | boolean | HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS\SymlinkLocalToLocalEvaluation Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Local Link to a Remote Target ID SymLinkClassL2R | boolean | HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS\SymlinkLocalToRemoteEvaluation Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Remote Link to Remote Target ID SymLinkClassR2R | boolean | HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS\SymlinkRemoteToRemoteEvaluation Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Remote Link to Local Target ID SymLinkClassR2L | boolean | HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS\SymlinkRemoteToLocalEvaluation Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Other policies in this category
Explore related policies at the same level.
- ComputerDev drive filter attach policyAt least Windows 11 Version 22H2
- ComputerDisable delete notifications on all volumesAt least Windows Server 2008 R2 or Windows 7
- ComputerEnable / disable CLFS logfile authenticationAt least Windows Server 2016, Windows 10 Version 1607
- ComputerEnable dev driveAt least Windows 11 Version 22H2
- ComputerEnable Win32 long pathsAt least Windows Server 2016, Windows 10