0 comments on "Openfiles Windows XP Professional Command"

Openfiles Windows XP Professional Command

First of all, there are a few tools that I’ve used in the past to show me files that certain processes have opened up.  One such tool is Process Monitor by SysInternals.  Windows XP Professional comes with a command-line tool called openfiles.
What is openfiles?
Enables an administrator to list or disconnect files and folders that have been opened on a system.
By default (I think) it’s doesn’t track open files so you will need to enable it by issuing the following command (this does add some performance overhead):

openfiles /local on

After you issue that command you are required to reboot and once you’re back in windows, execute the command without any flags:

openfiles

You’ll have an output similar (well, depending on the processes you have open) to what I have here:

ID    Process Name         Open File (Pathexecutable)
===== ==================== ==================================================
12    explorer.exe         C:\Documents and Settings\Rich
72    explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
120   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
152   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
156   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
168   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
204   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
368   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
372   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
560   explorer.exe         C:\Documents and Settings\Rich\Desktop
568   explorer.exe         C:\..6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
584   explorer.exe         C:\Documents and Settings\All Users\Desktop
592   explorer.exe         C:\..Application Data\Microsoft\CD Burning
748   explorer.exe         C:\..6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
Files Opened Remotely via local share points:
---------------------------------------------
INFO: No shared open files found.

You can learn more about it by issuing openfiles /? and openfiles /disconnect /?
For now, I’m still a fan of Process Monitor but this is nice when I’m in a hurry and for some reason don’t have my flash drive that has Process Monitor on it.

Leave a Reply

Your email address will not be published. Required fields are marked *