The symbolic link cannot be followed

When you setup symbolic links on a server that point to another server, you will by default run into the inability for a client computer to follow the links with the following error:


The symbolic link cannot be followed because its type is disabled.

This is because the ability to traverse from one remote system to another across the symbolic link is disabled by default. You can see what is disabled and what is enabled on a computer by running the fsutil command:

>fsutil behavior query eymlinkevaluation
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.

You have two methods to enable this - enable it locally on each machine, or enable it via Group Policy.

Local

The downsides to enabling it locally are obvious, but sometimes you just need it on one stubborn computer *right now* and can't wait for GP. To enable Remote to Remote symbolic links, run the following command:
fsutil behavior set symlinkevaluation R2R:1

Similarly, you can change the settings for Local to Local (L2L), Local to Remote (L2R), and Remote to Local (R2L) by using 1 for enabled and 0 for disabled.

Group Policy

To enable (or disable) Remote to Remote symbolic links in Group Policy, create a new GPO Policy (or edit a current one), and edit it. Navigate to:
Computer Configuration -> Administrative Templates -> System -> Filesystem
You can then set the settings how you want in Selectively allow the evaluation of a symbolic link

Once you've created your new GPO, test it and validate that it is successfully applied using gpresult /R and rsop.

How to use Group Policy to allow the users to chose any screensaver except (None)

I just found one of the most beautiful Group Policies that I've ever come across:

How to use Group Policy to allow the users to chose any screensaver except (None)

This post is from Group Policy Central, and is 4 years old, but I've verified that it works properly with Windows 7 and 8, and is just a beautifully done Group Policy. Thanks Kevin for creating it and thank Alan for sharing.

The below is excerpts from the posting:

Step 1. Edit a Group Policy Object (GPO) that is targeted to the users accounts you wan to apply this policy
Step 2. Navigate to User Configuration > Preferences > Windows Settings > Registry then from the menu click on Action > New > Registry Item

Step 3. Select “Update” from the Action then type “Control Panel\Desktop” in the Key Path: text field then type “SCRNSAVE.EXE”  in the Value Name text field and “C:\Windows\System32\scrnsave.scr” in the Value data: text field.

Step 4. Click on the Common tab and then tick “Item-level targeting” and then click the “Targeting…” button.

Now we will target the screen saver to apply only when the “HKCU\Control Panel\Desktop\SCRNSAVE.EXE” registry key does NOT exist as this means the screen saver has been configured to “(None)”.
Step 5. Click on “New Item” then the “Registry Match” option.

Step 6. Select the “Value exists” Match type” then type “Control Panel\Desktop” in the key path field and then type “SCRNSAVE.EXE” in the value name field

Step 7. Click back on the targeting setting in the top pane and press “F8” which changes the option to “does not exist” then click OK and OK.

This policy will now apply the blank screen saver on the next group policy refresh to all targeted users whenever they select the “(None)”.

Installing Exchange Server 2010 SP3 Rollup 6

To get the permissions correct for installing Rollups on Exchange 2010 SP3, you will need to either disable UAC (not recommended) or you will need to launch the Rollup installer from an elevated command prompt (Right click and Run as Administrator) with the following command:
msiexec /update Exchange2010-KB2936871-x64-en.msp

This will allow the rollup to install properly. Other words, it will Roll Back and say that it Ended Prematurely.

Another note on Rollup 6 for SP3 is that it takes (at least in my environment) an extremely long time to generate native images for .NET assemblies. One of my servers took 45 minutes for this process. Wait it out and you'll be able to get it installed, just plan your windows accordingly.

------
Dustin Shaw
VCP