Why can't normal users on Windows create symbolic links?

Symlinks are actually less dangerous than hardlinks, true. I don't think the issue here is security but administrative efficiency. I think Microsoft made the right decision as it will drive sysadmin nuts when users start to create symlinks everywhere without knowing what they are doing.

In Mac OS, shortcuts are symlinks. So conceptually it's less confusing, since it's been like that since the beginning. And for Linux fans, you don't need to be told what are symlinks. ;-)

But it's not true for Windows. Imagine explaining to the average user the difference between a good old Windows shortcut, a symlink and directory junction/hardlink and you'll soon realize that giving such power to the masses will be opening a huge can of wriggly tech support worms.

That's my two cents.

GeneQ

Posted 2009-07-22T11:26:13.857

Reputation: 4 581

2I consider myself a power user, yet until this question, I thought junctions ARE symlinks! (any link for the difference between them and symlinks?) – hasen – 2009-07-24T06:22:32.927

hasen j: Junction points are effectively the same as symlinks but they only work for directories. Until Vista there was no way to symlink individual files. Although the new symlinks also work for directories: http://hypftier.de/dump/link.txt

– Joey – 2009-07-24T20:42:01.737

1I think this answer is nonsense. By introducing this arbitrary restriction, Microsoft has essentially introduced a feature that could be immensely useful (there is a reason why symlinks have existed on UNIX/Linux just about forever) but now can't really be used for much. Well done, Microsoft; I expected nothing less from you. >8^( – antred – 2016-12-01T13:40:07.490

@surfasb I have written plenty of programs that traverse directory trees, and protection against circular links is fairly trivial to implement by simply keeping a list of directories you've already been to. – antred – 2016-12-01T13:41:54.873

@antred not only does that slow down the search (you even said "list" rather than "hash table" => quadratic complexity). There are other implications, too. Like whether you should copy the data or the link when copying ( http://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.html lists at least 4 possible strategies). Or whether symlinked data should be included when reporting used space.

– ivan_pozdeev – 2018-02-12T12:40:09.933

The biggest danger is that creating an infinite loop. Users would have to restrict themselves to creating a link to a parent node, which would cause a program that is traversing subdirectories to go in circles. – surfasb – 2011-07-06T18:25:30.640

4and that's why windows ain't for SUPERusers :-) – Sander Versluys – 2009-07-22T12:30:42.400

29Actually, finding the mklink command is probably something the average user won't ever do. So the only kind of "link" a normal user will ever face is Ye Olde Shell Link. So for the great majority of users there wouldn't be a need of explaining symlinks vs. shell links vs. reparse points as there is (rightfully so, probably) no easily accessible method of creating other kinds of links. Still, that doesn't really explain why normal users can create hardlinks and junction points but no symlinks. I'd really like to, sometimes. – Joey – 2009-07-22T12:48:43.640

Good point Johannes. – GeneQ – 2009-07-22T12:53:57.527

Since this is wiki, let's make this the super answer. – random – 2009-07-22T13:22:21.993

Why can't normal users on Windows create symbolic links?

Answers