Beginning with Windows Vista, NTFS gained the ability to represent symbolic links to files (as opposed to directory junctions). Also cmd gained the mklink command.
However, non-administrative users can't create symbolic links by default. Why may that be so?
I mean, what kind of damage could a user do with symlinks he/she can't do with hardlinks or directory junctions (both of which can be created without administrative privileges without problems)?
Symlinks are actually less dangerous than hardlinks, true. I don't think the issue here is security, but administrative efficiency. I think Microsoft made the right decision as it will drive system administrators nuts when users start to create symlinks everywhere without knowing what they are doing.
In Mac OS, shortcuts are symlinks. So conceptually it's less confusing, since it's been like that since the beginning. And for Linux fans, you don't need to be told what symlinks are. ;-)
But it's not true for Windows. Imagine explaining to the average user the difference between a good old Windows shortcut, a symlink and directory junction/hardlink, and you'll soon realize that giving such power to the masses will be opening a huge can of wriggly tech support worms.
I know this is an ancient question, but it deserves an updated answer.
Microsoft's documentation says "Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them."
That sounds like a pretty good reason not to allow 'normal' Windows users to create them.
