我正在尝试弄清楚如何授予自己在缺少 gpedit.msc 的 Windows 8.1(不是 Windows 8.1 Pro)上以非管理员身份创建符号链接的权限。我该怎么做?
答案1
如果您未加入域,则可以使用secpol.msc。
- 按Start
- 类型安全警察管理系统
- 按Enter
- 计算机配置→Windows设置→安全设置→本地策略→用户权限分配→创建符号链接
答案2
基于Dmytro Bondarchuk 的建议(表示为尼基塔·玛利亚文在
这个超级用户的回答),看来我们可以使用secedit使用PowerShell原生命令给用户添加符号链接权限。
function Add-SymLinkPermissions {
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)]
[string]
$UserAccount = $env:USERNAME
)
Write-Host 'Checking SymLink permissions...'
$sidstr = $null
if ( "$accountToAdd" -eq 'Everyone' ) {
$sidstr = 'S-1-1-0'
}
else {
try {
$NtPrincipal = New-Object System.Security.Principal.NTAccount "$UserAccount"
$sid = $NtPrincipal.Translate([System.Security.Principal.SecurityIdentifier])
$sidstr = $sid.Value.ToString()
}
catch {
$sidstr = $null
}
}
Write-Host "Account: $($UserAccount)" -ForegroundColor DarkCyan
if ( [string]::IsNullOrEmpty($sidstr) ) {
throw [System.ArgumentException]::new('UserAccount', 'UserAccount is not valid')
}
Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan
$tmp = [System.IO.Path]::GetTempFileName()
Write-Host 'Export current Local Security Policy' -ForegroundColor DarkCyan
secedit.exe /export /cfg "$($tmp)"
$c = Get-Content -Path $tmp
$currentSetting = ''
foreach ($s in $c) {
if ( $s -like 'SECreateSymbolicLinkPrivilege*') {
$x = $s.split('=', [System.StringSplitOptions]::RemoveEmptyEntries)
$currentSetting = $x[1].Trim()
}
}
if ( $currentSetting -notlike "*$($sidstr)*" ) {
Write-Host 'Need to add permissions to SymLink' -ForegroundColor Yellow
Write-Host 'Modify Setting "Create SymLink"' -ForegroundColor DarkCyan
if ( [string]::IsNullOrEmpty($currentSetting) ) {
$currentSetting = "*$($sidstr)"
}
else {
$currentSetting = "*$($sidstr),$($currentSetting)"
}
Write-Host "$currentSetting"
$outfile = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO`$"
Revision=1
[Privilege Rights]
SECreateSymbolicLinkPrivilege = $currentSetting
"@
$tmp2 = [System.IO.Path]::GetTempFileName()
Write-Host 'Import new settings to Local Security Policy' -ForegroundColor DarkCyan
$outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
Push-Location (Split-Path $tmp2)
try {
secedit.exe /configure /db 'secedit.sdb' /cfg "$($tmp2)" /areas USER_RIGHTS
}
finally {
Pop-Location
}
}
else {
Write-Host 'NO ACTIONS REQUIRED! Account already in "Create SymLink"' -ForegroundColor DarkCyan
Write-Host "Account $UserAccount already has permissions to SymLink" -ForegroundColor Green
return $true
}
}
我把相关部分收集到这个
要旨。
<# Grant SymLink rights PowerShell function from Gist #>
iex (New-Object -TypeName System.Net.WebClient).DownloadString('https://gist.githubusercontent.com/mavaddat/68c1084c5ae12f2288442e9286d51802/raw/65374381b3dbbfadaea3b358a642a262c773eb59/grantSymLinkRights.ps1')
<# Add symlink Rights (requires admin UAC) #>
Add-SymLinkPermissions -UserAccount $env:USERNAME
结果:
Checking SymLink permissions...
Account: ██████████
Account SID: S-█-█-██-██████████-██████████-█████████-██████
Export current Local Security Policy
The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.
Need to add permissions to SymLink
Modify Setting "Create SymLink"
*S-█-█-██-██████████-██████████-█████████-██████,*S-█-█-██-███
Import new settings to Local Security Policy
The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.
答案3
解决方案
Polsedit 是一款用于修改用户策略(如本地或远程系统上的用户帐户权限和用户特权)的实用程序。当您出于某种原因无法运行管理
secpol.msc单元时(例如 XP Home 和 Vista Home 根本没有),此功能非常有用secpol.msc。来源:南方软件产品
下载波兹编辑,并将其档案提取到某处。
启动 32 位或 64 位版本,具体取决于您的操作系统位数.该程序需要管理员权限。
右键单击创建符号链接政策(列表按字母顺序排列),然后选择特性从上下文菜单中。
点击添加用户或组按钮,选择目标账户,然后点击好的。
对任何其他所需用户或组重复步骤 4。单击关闭按钮,然后退出程序。更改将在所选帐户下次登录时生效。