From 5fe8debfade598f0d3bd358bb35f7f69ba5b3664 Mon Sep 17 00:00:00 2001
From: Blake Rouse <blake.rouse@elastic.co>
Date: Wed, 1 May 2024 11:39:29 -0400
Subject: [PATCH] Add SeCreateSymbolicLinkPrivilege (#4649)

---
 internal/pkg/agent/install/user_windows.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/pkg/agent/install/user_windows.go b/internal/pkg/agent/install/user_windows.go
index ffe545899f2..357b5c0a779 100644
--- a/internal/pkg/agent/install/user_windows.go
+++ b/internal/pkg/agent/install/user_windows.go
@@ -39,6 +39,8 @@ const (
 	USER_UF_SCRIPT             = 1
 	USER_UF_NORMAL_ACCOUNT     = 512
 	USER_UF_DONT_EXPIRE_PASSWD = 65536
+
+	accountRightCreateSymbolicLink gowin32.AccountRightName = "SeCreateSymbolicLinkPrivilege"
 )
 
 // FindGID returns the group's GID on the machine.
@@ -151,6 +153,10 @@ func CreateUser(name string, _ string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to set service logon: %w", err)
 	}
+	err = sp.AddAccountRight(sid, accountRightCreateSymbolicLink)
+	if err != nil {
+		return "", fmt.Errorf("failed to add right to create symbolic link: %w", err)
+	}
 
 	return FindUID(name)
 }