0

This was an issue I experienced a lot more often in Windows XP. I thought I would be rid of now, but I was wrong. It appears some applications, specifically ones related to services, in our case Symantec Endpoint Protection, fails to properly release handles to the registry keys. Obviously nothing new. And no, I do not use BitLocker in this instance and I am pretty sure we have not enabled tamper protection (it is not a BIOS default and we are lazy like that). It appears UPHClean might not be supported on Windows 7 at all. Is there some other way to force registry handles to get shut off?

songei2f
  • 1,934
  • 1
  • 20
  • 30

2 Answers2

4

Warning: I do not recommend doing this!

But since you asked...

Foreach($p In Get-Process) 
{ 
    $Handles = \\live.sysinternals.com\Tools\handle.exe -p $p.ProcessName -a
    ForEach($h In $Handles)
    {
        If($h.Contains(": Key"))
        {
            \\live.sysinternals.com\Tools\handle.exe -c $h.Split(':')[0].Trim() -p $p.Id
        }
    }
}

That was written in Powershell 3, but it will also work in Powershell 2, which comes baked into Windows 7 out of the box.

But please don't just copy paste my script and run it. Think about the havoc it will wreak on your system if you go willy-nilly trying to close every registry handle on the system. For instance, my first recommendation would be to scope this to only the process that is erroneously holding handles open.

Personally, I highly suspect that there is a better way of solving whatever problem you have than forcefully closing handles. And the hostile attitude that you displayed toward Windows in the comments of @MattLyons answer leads me to believe that you may be out of your element and might be misunderstanding the problem. It may be more helpful to let us know the actual problem you're having. Forcefully closing handles might not be the best way to solve it.

But I can't resist the temptation of scripting something. It's like a disease.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
1

Procexp can close handles. Use Find->Find Handle or DLL to find the one you want, click it (it will appear in a list in the bottom pane) and right click->close.

Matt Lyons-Wood
  • 133
  • 1
  • 6
  • Not sure how that will programmatically during shutdown, but thanks. A while back, I though of just using though super-badass `handle` utility to solve that problem, but how it operates requires a lot of scripting to determine the right PID's to operate on. – songei2f Feb 16 '12 at 08:28
  • Ah, _programmatically_ close the handles - thought the question seemed a little easy :) The `handle` tool would have been my next suggestion but I imagine one would indeed have to be quite the batch ninja to fix your problem in a script. – Matt Lyons-Wood Feb 17 '12 at 11:47
  • Tell me about it, hence I gave up. Users are confined by Windows, admins roll their eyes and thank God Linux is an alternative for people who need fuctional computers on their own terms. Haha. – songei2f Feb 19 '12 at 08:15