Is there a way to see what was the last batch (something.bat) run on windows? I was in a folder which contains lots of batches, as I was opening them one by one by right clicking and selecting notepad++. I have a feeling that I could have clicked 'run as administrator' instead of clicking 'open with notepad++'. I am not sure though, therefore I was thinking if there is a way to see what bat file was last run on windows (and when). it is windows 2008 server. thanks for your help.
Windows – How to see what last batch was run on windows
batchbatch-filewindows
Related Solutions
I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.
To find a specific file, use the menu option Find->Find Handle or DLL... Type in part of the path to the file. The list of processes will appear below.
If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.
Examples
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\"(finds all files opened from drivee:\"c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"
Related Topic
- Windows – see Folder Permissions on Windows in a Tree View
- How a batch file runs on a remote machine started by PSEXEC
- How to schedule batch file to run on the desktop in win 2008 R2
- Windows Batch File – How to Sleep in a Batch File
- Can’t run batch files from server, Users do not have permission to access file
- Run an executable on a remote computer with a batch file
Best Answer
Windows doesn't have a simple log for started processes. One thing that comes close is the Registry key
UserAssist:It has entries for certain executed processes, the most interesting subkey is:
However those entries are ROT13 encoded. You could copy the value name and decode it manually. Instead you can use a tool that de-mystifies those entries, Didier Stevens' UserAssist
If you have a need for knowing about executed processes, you have at least two options to enable some logging. Of course this work only for future process starts:
Enable Windows Auditing
Use SysMon from SysInternals
The second one is easier to setup and most likely used less resources. However it only logs the start of a new process. This works fine if you double-click or
opena batch file in Explorer but wont log a batch execution if started from within cmd.exe