How to view SMB open file handles

Case



You have an Server Message Block (SMB) file sharing infrastructure hosted in any of the following locations:



- Windows Server based file server

- Azure Files file share

- Sharepoint Online site

You need to be able to view a list of file handles of all files which are open on the server side at any given moment.



This article provides instructions on what is doable and how you can view SMB open file handles in Windows Server, Azure Files and Sharepoint Online.



Solution



Windows Server based file server

Window Server comes with MMC-based tools and Powershell modules which allow you to fully manage all aspects of a Windows file server. One such tool is File Server Resource Manager (FSRM), which can be installed as part of the Remote Server Administration Tools (RSAT) as shown in the example below.





In order to access the open file handles and user sessions of a Windows file server, you need the Computer Management tool (compmgmt.msc) or the individual MMC snap-in for "Shared Folders". This snap-in provides management for the active SMB shares, the open user sessions and the open files to the SMB server, as shown in the example below.





Given that MMC will be gradually phased out, you can alternatively use Windows Admin Center to access the "Files and File Sharing" section, a shown in the example below.





Powershell can also come to rescue with the Get-SmbOpenFile cmdlet.





The Get-SmbOpenFile cmdlet retrieves basic information about the files that are open on behalf of the clients of the Server Message Block (SMB) server, as shown in the example below.





Additional tools which you may want to consider to discover open file handles are the following (Handle and Process Explorer from Microsoft SysInternals):



- https://docs.microsoft.com/en-us/sysinternals/downloads/handle

- https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Azure Files file share

Azure Files is the SMB implementation of the Azure Storage service. Any Azure File share can be accessed as per appropriate access policies and permissions. You can utilize the conventional Windows Server based tools mentioned in the previous section to access the Azure-hosted Azure Files file share. Or alternatively you can use any of the methods below to view the open SMB file handles.



Run the Powershell module Get-AzStorageFileHandle, which is shown below.





Some typical examples of the above cmdlet are shown in the screenshot below.





You can also utilize the Microsoft Graph Rest API to get a list of open file handles in Azure Files. You can send a List Handles request by using the GET HTTP method. Details of the GET message can be found at: https://docs.microsoft.com/en-us/rest/api/storageservices/list-handles. An example GET request would look like the following:



https://myaccount.file.core.windows.net/myshare/mydirectorypath/myfileordirectory?comp=listhandles

You can further experiment with the Graph API using the Graph Explorer available at:



https://developer.microsoft.com/en-us/graph/graph-explorer



Sharepoint Online site

Sharepoint Online is a SaaS service and it hides the implementation of the Sharepoint Server in the back end to a large extent. But even in on-premises Sharepoint Server installations it is not feasible to view the list of open file handles at any given moment. This is not doable by design, since many of the file handles are opened via the Sharepoint Online clients (Onedrive or WebDAV clients) in an asynchronous manner. The only indirect ways to review file activity in Sharepoint Online sites are the following:



- View the file activity history of a Sharepoint Online document library. You can do this by opening the document library. Then open the details pane on the top right (i icon) and browse the activity section , as shown in the example below.



- Review the audit log reports of Microsoft 365 and filter out any events related to Sharepoint Online sites. For this, you need to follow instructions in the following articles:- https://support.microsoft.com/en-us/office/view-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527

- https://support.microsoft.com/en-us/office/configure-audit-data-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2#ID0EBBH=Modern


https://stefanos.cloud/kb/how-to-view-smb-open-file-handles/

Comments

Popular posts from this blog

How to perform hardware health checks in Windows

How to resolve Group Policy error codes 8007071a and 800706ba

FsLogix 2201 Public Preview release