Wednesday, July 30, 2014

The symbolic link cannot be followed

When you setup symbolic links on a server that point to another server, you will by default run into the inability for a client computer to follow the links with the following error:


The symbolic link cannot be followed because its type is disabled.






This is because the ability to traverse from one remote system to another across the symbolic link is disabled by default. You can see what is disabled and what is enabled on a computer by running the fsutil command:

>fsutil behavior query eymlinkevaluation
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.


You have two methods to enable this - enable it locally on each machine, or enable it via Group Policy.

Local

The downsides to enabling it locally are obvious, but sometimes you just need it on one stubborn computer *right now* and can't wait for GP. To enable Remote to Remote symbolic links, run the following command:
fsutil behavior set symlinkevaluation R2R:1

Similarly, you can change the settings for Local to Local (L2L), Local to Remote (L2R), and Remote to Local (R2L) by using 1 for enabled and 0 for disabled.

Group Policy

To enable (or disable) Remote to Remote symbolic links in Group Policy, create a new GPO Policy (or edit a current one), and edit it. Navigate to:
Computer Configuration -> Administrative Templates -> System -> Filesystem
You can then set the settings how you want in Selectively allow the evaluation of a symbolic link



Once you've created your new GPO, test it and validate that it is successfully applied using gpresult /R and rsop.

No comments:

Post a Comment