I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.
To find a specific file, use the menu option Find->Find Handle or DLL...
Type in part of the path to the file. The list of processes will appear below.
If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.
Examples
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\"
(finds all files opened from drive e:\
"
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"
You can stop the "Server" service. This is going to stop the "Netlogon" and "Computer Browser" services, too. (On a domain controller computer, stopping the "Netlogon" service can potentially cause problems with client computers being able to allow logons with domain acconts.)
If this is something you want to do long-term, you might be better off to rename the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Shares registry key to something else, create a new "Shares" key with a "Security" subkey, then briefly stop and restart the "Server" service (and dependent services). This will effectively disable all "shares" on the box.
When you're ready to bring the shares back, delete the temporary "Shares" key, rename the old one back to "Shares", and bounce the service again.
Edit:
You can definitely do this on a temporary basis and it'll be fine. Microsoft has been known to assume that this service is "always on" (have a look at http://www.markwilson.co.uk/blog/2005/10/sysprep-fails-on-windows-xp-sp2.htm
for an example of weird behaviour in one part of the product based on that assumption).
The "right way" to handle not exporting shares via SMB is probably one of the following (based on your tolerance for risk and desired to deal with potential "strangeness"):
- Don't share anything, but leave service running.
- Firewall the machine to prevent access to ports 139 and 445, but leave service running.
- Unbind "File and Print Sharing for Microsoft Networks" from the box's NIC.
- Just stop the service and hope for the best.
Best Answer
Those kinds of options on the right-click menu are assigned per file type. If you're only interested in targeting a few file types, you can remove the print command from those file types.
For example, for PDF documents, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf
and look at the default value. On my computer, the value isAcroExch.Document
. So then you would go toHKEY_LOCAL_MACHINE\SOFTWARE\Classes\AcroExch.Document\Shell
and delete the print subkey.