How to Create Symbolic Links to Shared Folders

How to Create Symbolic Links to Shared Folders

You can create symbolic links on the local file system to files stored on other local drives or shared folders. However, when you use the mklink command, you must always specify the absolute path to the remote target file because the mklink command by default assumes that the location is relative. For example, suppose you want to create a symbolic link named C:\Link.txt that targets a file on a shared folder at Z:\Target.txt. If you run the following commands, you will successfully create a symbolic link at 

C:\Link.txt.

C:\>Z:

Z:\>mklink C:\link.txt target.txt

However, that file will link to C:\Target.txt and not the intended Z:\Target.txt. To create a link to the Z:\Target.txt file, you need to run the following command.

C:\>mklink C:\link.txt Z:\target.txt

The mklink command also allows you to create a symbolic link targeting a Universal Naming Convention (UNC) path. For example, if you run the following command, Windows will create a symbolic link file called Link.txt that opens the Target.txt file.

Mklink link.txt \\server\folder\target.txt

If you enable remote symbolic links (discussed later in this section), they can be used to store symbolic links on shared folders and automatically redirect multiple Windows network clients to a different file on the network.

By default, you can use symbolic links only on local volumes. If you attempt to access a symbolic link located on a shared folder (regardless of the location of the target) or copy a symbolic link to a shared folder, you will receive an error. You can change this behavior by configuring the following Group Policy setting:

Computer Configuration\Administrative Templates\System\NTFS File System\Selectively Allow The Evaluation Of A SymbolicLink

When you enable this policy setting, you can select from four settings:

•             Local Link To Local Target Enabled by default, this allows local symbolic links to targets on the local file system.

•             Local Link To Remote Target Enabled by default, this allows local symbolic links to targets on shared folders.

•             Remote Link To Remote Target Disabled by default, this allows remote symbolic links to remote targets on shared folders.

•             Remote Link To Local Target Disabled by default, this allows remote symbolic links to remote targets on shared folders.

Enabling remote links can introduce security vulnerabilities. For example, a malicious user can create a symbolic link on a shared folder that references an absolute path on the local computer. When a user attempts to access the symbolic link, he will actually be accessing a different file that might contain confidential information. In this way, a sophisticated attacker might be able to trick a user into compromising the confidentiality of a file on his local computer.

By :-YOGENDRA