File locked on shared drive by user who no longer exists

active-directory ntfs
5,272

A network share has permissions at the share level and the file system level. You state "user2" has been gone since 2012 but then you state there is no account in AD for user2. Let's make some distinctions.

user2 is an account name, not a person. The person who used the account user2 left the company in 2012, not the account. Anyone with the proper credentials for user2 can login. You can easily get lost in AD if you're not that familiar with it.

You didn't mention the server OS or version [Ex. Server 2012 R2]. However, if you have access to the server console, you can check to see if user2 has a session open.

From an elevated command prompt: net session
You can also check to see files open: net file

Ex.

C:\Users\Administrator>net session

Computer               User name            Client Type       Opens Idle time

-------------------------------------------------------------------------------
\\192.168.0.113        LAZER                Windows 2002 S...     4 04:54:05

The command completed successfully.


C:\Users\Administrator>net file

ID         Path                                    User name            # Locks

-------------------------------------------------------------------------------
3556769893 D:\Users Shared Folders\engraver        LAZER                 0
4026532140 D:\Users Shared F...\4x2 UIL.cdr        LAZER                 0
4026532734 D:\Users Shared F...\lazer files        LAZER                 0
The command completed successfully.

If the file is locked, it will show the name of the file and the lock.

The session will tell you where the account is running from. It is always best to close an open/locked from from the app running it. If this is left over, you have other options.

From your command line: compmgmt.msc
Expand System Tools, Shared Folders, Open Files
Locate the file in the right pane, right click and select Close Open File

If the file will not close for some reason, you can always reboot the server. it will close all open files.

If after a reboot, the file reports it's locked, and it's not listed as an open file, then the app is using the file system to control locks to files.

At this point, knowing the app is going to be important. What you normally find in this case is the folder where the file is located, has a filename with a similar name but the extension is different.

Ex.
filename.ext
filename.lck

This can happen for many reasons. If an app uses the file system to lock a file for R/W mode and the file was not closed properly, then the file remains and you must manually remove the locked file. Note: This means only a particular app will be susceptible to this. Never work without a net, which means always backup files before tempting recovery.

Share:
5,272

Related videos on Youtube

rusty009
Author by

rusty009

Updated on September 18, 2022

Comments

  • rusty009
    rusty009 over 1 year

    I'm really banging my head against the wall with investigating this issue.

    We have a shared drive with a number of documents. One such document was created in 2015 and User1 attempted to access this Microsoft office file, but the user was prompted with a popup saying the file was locked by user2.

    The problem is, user2 left the company in 2012. This user no longer exists in Active Directory, neither does it look like he ever had access to this particular share.

    I'm stumped as to what has happened here and where I can begin my investigation. We do not have fileactivity logs at our disposal, but is there a way I can investigate what happened?

    There are no users with a similar surname as user2 within Active Directory either.

  • rusty009
    rusty009 over 8 years
    Thanks for this, to clarify, - the locked out message read ' Joe Blogs has locked the file', Joe Bloggs is user2, we know user2 has left the company as they are within our employee database but there is no one with a similar name to Joe Bloggs in the company and we are using windows 2008 R1 server. You raised a good point regarding the network and system permissions. I will check the sessions as well as the local users on that machine and hopefully that will point me in the right direction. Thank you!
  • Nacre
    Nacre over 8 years
    You're welcome. One more thing. Just in case the user2 account does exist, you can find out for sure. [pre] from the command line: net user [/pre] If you are on a DC (Domain Controller) you will see a list of domain users. If you are on a member server, you will need to add a parameter: net user /domain This will tell you if user2 is really there and if not, most likely the app is locking the file, not the OS.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to hide folders/subfolders from users based on permissions?
Is this a recommended/valid approach for file server permissions?
NTFS - Domain Admins don't have permissions despite being part of the Local Administrators group
What are the other alternative to test a LDAP connection on linux machine
Make sssd respect Acctive Directory nested groups
Joining an Active Directory domain using netdom
Apache Kerberos Authentication - Client didn't delegate us their credential
How do I configure a SQL Server datasource in JBoss to connect using a specific Active Directory user?
C# / ASP.NET / AD - "The specified directory service attribute or value does not exist."
How to import a groups members using 'ldifde'?