Creating symbolic links in PHP/IIS 8 when using the new Application Pool Identity feature

Question

I'm running IIS 8, Server 2012. I have a web application where the programmers want to create symbolic links. Here is some sample code:

$target = 'symlink.php';
$link = 'symlink-link.php';

symlink($target, $link);
echo readlink($link);

I get the following error:

PHP Warning:  symlink(): Cannot create symlink, error code(1314) in E:\...\test.php on line 7

I've granted the "IIS APPPOOL\apppooluser" NTFS modify permissions. I've granted the user rights assignment to the same user of 'Create symbolic Links'.

I cannot get this application to create links. Any suggestions? Is it impossible using IIS APP POOLs?

Answer 1

Try the answer as written in a comment on php.net

On IIS (Internet Information Services), you need to set permissions to allow the creation of symbolic links.

Go to Local Security Policy -> Local Policies -> User Rights Assignment and right click on Create symbolic links -> Properties -> Add User or Group and add the "IUSR" user, which should be the user associated with IIS. A restart may be required.

If this doesn't work, go to IIS Manager -> Authentication -> select Anonymous Authentication -> Edit and enter your current logged in user, which should be an administrator. Hit OK and now the symlink() function in php should work fine.

Answer 2

I was able to get symlinks to work by going under the site, clicking authentication->Anonymous Authentication->Specific User and having the site run under a real windows account. The account had NTFS permissions and user rights assignment to create links but was not an administrator.

The application pool can still run under application pool identity.

However, as I understand it, using the application pool identities are supposed to be the safer way to go. I still wonder if there is a way to make symlinks work while using the app pool identity.