Favorite Windows Tools 1 - Process Explorer

Need to know what process is mucking about with a thing you’re interested in?

Process Explorer is your friend indeed when you’re in need. I don’t know how I’ve lived this long as a dev without knowing Process Explorer.

Well, I kind of do: a lot of my work prior to my current job was largely either purely coding without much touching the dirty Windows machine guts where all this kind of stuff stews about.

Anyway: I recently ran into an issue where the production ECS hosting a production website was running out of space.

There were loads and loads of IIS log files, taking up in the neighborhood of 100 gigs. When I tried to delete some of the older logs, no matter what I did, Windows threw up a big nuh-uh.

Old Man With No Card

Change the permissions on the folder? Nope, even though I was logged in as administrator.

takeown? Fat chance.

Turn off UAC? Already off.

I wasn’t going to try to boot into safe mode on the live prod server, nor was I going to reboot to run chkdsk to check if files got corrupted somehow, let alone mess around with extending the disk space.

Well…unless things got really dire and there was no recourse other than to delve those dark paths.

No Recourse Simpsons

Enter the superhero, Process Explorer!

Why should you care about Process Explorer?

Direct from Microsoft’s mouth, “Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.”

I loaded this sweet bunch of bytes up, did a search on the directory filled with files that I could not delete, and like a sip of water in the desert, the answer was there before me: some darn tool running as a Windows service that was tracking logs and telemetry was locking all these files up for itself.

To make matters worse, this tool was not even being used. It had been decomissioned years ago.

A quick pop into Services, I zapped the offending piece of software into disabled, and was able to vent nearly 100 gigs of IIS logs into space, saving the day.

Look: there are a lot of red flags in what you’ve read. Why was there some monitoring software on there that was no longer being used? Why were there 100 gigs of IIS logs?

All good questions, but they’re beside the point of this story, which is: Process Explorer rocks, and it just might save your ass some day.

Go read about it.

And don’t forget to love it.

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer