By default, the remote-to-local and remote-to-remote symbolic link evaluations are unavailable when trying to follow them on the remote computers running Windows Vista and above. If you want to collect state-in-time snapshots for file shares that contain these symbolic links, make sure that they are enabled on the computer that hosts Netwrix Auditor Server. Review the following for additional information:
- Refer to To enable symbolic link evaluations via command prompt for detailed instructions on how to enable symbolic links on a single computer.
- Refer to To enable symbolic link evaluations via Group Policy Management Console for detailed instructions on how to enable symbolic links for all computers in your domain.
- On the computer where Netwrix Auditor Server resides, start the Command Prompt as administrator.
Review your symbolic links configuration:
C:\>fsutil behavior query SymlinkEvaluation
The default settings shall be as follows:
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.
Enable the remote-to-local and remote-to-remote symbolic link evaluations:
C:\>fsutil behavior set SymlinkEvaluation R2R:1 R2L:1
Open the Group Policy Management console on any domain controller in the target domain: navigate to Start → Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) → Group Policy Management.
In the left pane, navigate to Forest: <forest_name> → Domains → <domain_name> → Domain Controllers. Right-click the effective domain controllers policy (by default, it is the Default Domain Controllers Policy), and select Edit from the pop-up menu.
- In the Group Policy Management Editor, navigate to Computer Configuration → Policies→ Administrative Templates: Policy definitions → System → Filesystem.
- In the Filesystem configuration, double click the Selectively allow the evaluation of a symbolic link setting.
In the dialog that opens, select Enabled and check all types of symbolic link evaluations under Options.
Navigate to Start → Run and type "cmd". Input the
gpupdate /forcecommand and press Enter. The group policy will be updated.