Find Out Who Is Leaving Files Open at Night

Our office uses EVault for nightly backups of our file servers. When reviewing EVault’s backup logs, I noticed that some files weren’t being backed up. Although the backup logs noted that these files weren’t being backed up because the files were open, the logs didn’t state which users or processes opened the files.

I knew that I could log on to the file server when a backup was being performed to try to determine which users or processes are leaving files open. However, the backups are performed at night, so I did some digging to try to find another option.

I found that Windows Server 2003 and later server OSs have a built-in command-line tool named Openfiles that you can use to display open files. (This tool is also included in Windows XP and later client OSs.) By using a batch file similar to the one I used to schedule Windows 2003’s defragmenter (see “Automate the Windows 2003 Defragmenter Without Paying Extra,” May 2007, InstantDoc ID 95487), I found that I could send the output from Openfiles to a text file to obtain a snapshot of which users and processes had files opened when a backup was performed.

The batch file, chk-open-f .bat, runs Openfiles and sends its output to a text file named Openfiles-1.txt. The Openfiles-1 .txt file contains four columns— “ID,” “Accessed By,” “Type,” and “Open File (Pathexecutable)”— filled with information that you can use to determine which users or processes have files opened. I run chk-open-f.bat every evening before EVault runs.

As Listing 1 shows, chkopen- f.bat begins by performing a backup of its own. Because I wanted to run this batch file every day, I needed a way to preserve Openfiles’ output over the course of a weekend. In other words, I needed to see the Openfiles output from Friday night, Saturday night, and Sunday night come Monday morning. So, chk-open-f.bat first backs up previous text files for up to three days, so you can have a total of four text files. (Only after the first four nights will you see all four text files.) If you want to back up more or fewer text files, you can easily edit the code. Each text file is created on the root of the file server’s E drive. You can change this location if needed by editing the path.

After backing up the text files, chk-open-f.bat deletes any existing Openfiles-1.txt file so that Openfiles-1.txt contains only the Openfiles output from the current night’s run. (Otherwise, the Openfiles output from the current night’s run would be appended to the existing data in that file.) Finally, chk-open-f.bat runs Openfiles, sending its output and a date and time stamp to Openfiles-1.txt.

To use chk-open-f.bat, customize it if needed, make it a read-only hidden file for security purposes, and place it on the root drive of the server you want to monitor for open files. Then, schedule chk-openf. bat to run. You can use Task Scheduler or the AT command to schedule chk-openf. bat. However, I don’t use Task Scheduler to run chk-open-f. bat because I’m running Openfiles on a file server, and usually no one is logged on to that server. For a scheduled task to run when no one is logged on, you need to supply a username and password that has admin rights. I’d rather not specify this information just in case someone learns how to hack into Task Scheduler to obtain admin passwords. Instead, I use the AT command in a scheduler script to run chk-open-f.bat like a service—that is, without a logon account. Plus, if you use this approach, the Openfiles process runs in the background, which prevents windows from popping up.

Listing 2 shows a sample scheduler script named Set .bat. As currently set up, Set .bat schedules chk-open-f.bat to run every night at 6 p.m. If you use this script, you’ll need to customize the days and time when you want chk-open-f.bat to run. When doing so, be careful not to change the spacing in the AT command; changing the spacing might cause chk-open-f. bat to be scheduled incorrectly. Also, make sure the path to chk-open-f.bat points to proper location. After you customize Set.bat, save it to the same location as chk-open-f.bat on the server, then execute it. You won’t need set.bat anymore, so you can delete it from the server.

I use chk-open-f.bat and set.bat on Windows 2003 servers. I haven’t tried them on any other OSs. You can download these scripts by going to www .windowsitpro.com, entering 98553 in the InstantDoc ID box, clicking Go, then clicking the Download the Code Here button.

Chk-open-f.bat is a simple but useful batch file if you’re having problems with files being left open when they shouldn’t be. Using chk-open-f .bat, I can identify which users are leaving files open at night so that I can talk with them individually about the problem. This approach is much more effective than sending all users a generic message about not leaving files open and hoping the offenders realize that the message is targetedat them.

—Daniel L. Gillard
LAN administrator
Rogers Media