Skip navigation

JSI Tip 0136 - Who has What files open?

OFL is a freeware utility that will list files on the specified Server which have been opened via a network connection.

"The user running this utility must be either an Operator or an Administrator.


usage: ofl \[-cDdfhv?\] \[-s Server\] \[-u User\] \[file\]

    c  - Close each open file listed.
    D  - Display additional file information.
    d  - Detail.
    f  - Force close of all files, (no confirmation required).
    h  - Help, (this).
    ?  - Usage.
    s  - Specify a Server for which to list open files.
    u  - Specify a User for which to list open files.
    v  - Display version information.

    file -
    The open file(s) to list.

If no User is specified, then open files are listed for all users. If no
Server is specified, then open files are listed on the local Server. If
no file is specified, then all files are listed. Wildcards, "*" and "?",
may be used. Matching is not case-sensitive, but it only applies to file
names. If you specify a path as part of the file name, then you must
specify the entire path.

If the "-c" option is specified without a file name or filter, a warning
will be issued to the console and confirmation will be required, unless
the "-f", Force, option has also been specified, or standard input has
been redirected.

The "-d" option displays detailed information including the Network File
ID, the Permissions with which the file has been opened, the User Name of
the user holding the file open and the File Name. The Network File ID is
displayed in hexadecimal.

The "-D" option displays additional file information including the file's
attributes, size and last write time, as well as the same information
displayed by the "-d" option.

Usage examples:

ofl -d
ofl -D
ofl -s \\myserver
ofl -u someuser
ofl -cu somepooruser
ofl -cfu somepooruser
ofl -cfu somepooruser  \PIPE\*
ofl -cdfu somepooruser -s \\myserver



If ofl is invoked with no operands, each network opened file is listed
along with the user holding the file. For example:

rxsh ++D:\Dev\Utilities\ofl>ofl
\PIPE\merxpipe_test bill
Y:\Users\local\bin bill
"Z:\Disk1\Foo Bar Baz" bill

With the "-d", Detail, option, each network opened file is listed along
with the network file id, the access permissions for the file, the lock
count for the file, the user holding the file and the name of the file.
Finally, a summary count of the listed files is presented. For example:

rxsh ++D:\Dev\Utilities\ofl>ofl -d
       7 RW---A--    0 bill         \PIPE\merxpipe_test
       8 ---X----    0 bill         Y:\Users\local\bin
     13a ---X----    0 bill         "Z:\Disk1\Foo Bar Baz"
     1d5 R-------    0 bill         D:\Vss\Data\loggedin\bill.log

4 open files found.

The FILEID value is the Network File ID assigned to the opened file.

The Permissions for the opened file are a little odd. The Win32 API has
only three possible values defined: READ, WRITE and CREATE. However, in
examining the values returned, it appears that there are actually eight
GROUP. The meaning of some of those values is obvious, but I can only
guess at what ATRIB, PERM and GROUP mean. I expect that they indicate
permission to change the attributes of the given file, permission to
change the permissions, (i.e. the DACL), of the given file and, perhaps,
Group access to the given file, respectively. I really have no idea
about the GROUP value, though, and, again, this is only a guess; values
other than READ, WRITE and CREATE are not apparently documented. Also,
it appears to me that these permissions reflect the level of access that
was *requested* and not, necessarily, the level of access that the given
user actually has to the file.

The LOCK value is the lock count on the opened file.

The USER value is the user name holding the file open.

The FILE value is the name of the file.

With the "-D" option, additional information is displayed. The amount
of information requires two lines per file:

rxsh ++E:\Dev\Utilities\ofl>ofl -D
-------- -------- ------ ---- ---------------- ------------ ------------
174      RW---A-- ----AC    0 1994-02-12 03:19        14361 bill
175      RW---A-- ----AC    0 1994-02-09 07:59         9110 bill
176      RW---A-- ----AC    0 1994-02-19 20:10        66170 bill
177      RW---A-- ----AC    0 1991-11-16 17:38        88523 bill
178      RW---A-- ----AC    0 1990-02-23 21:45        23552 bill
    "D:\Disk1\FooBar File5.txt"

5 open files found.

The FILEID, PERM, LOCK and USER fields are exactly as displayed with
the "-d" option. Additionally:

ATTRIB displays the file's attributes: Hidden, Readonly, System,
Temporary, Archive and/or Compressed. Of course, the Compressed value
will only be set for files on an NTFS volume.

LASTWRITETIME is the last write time stamp for the file.

FILESIZE is the size of the file, in bytes. If the file is a Directory,
then this field will contain the string "\[DIR\]".

The second line of each display contains the file name. The name may
appear in quotes, if it contains blanks.

One final note: The FILEID value in the "-d" and "-D" option outputs is
a hexadecimal value.


Installation is simple; just copy the file into a directory listed in
the %Path% Environment variable. The distribution also includes debug
symbols. This file should be copied into %SystemRoot%\Symbols\Exe, in
order for ntsd, (or windbag, I guess), to find it.

Note that the .DBG symbol file is needed only if you want to run the
program under a debugger such as ntsd. The file is not needed for any
other reason than to make the internal symbols available to the debug

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.