How to cleanly stop Explorer.exe on Windows Vista
This is the first time I have blogged here about something other than running with least privilege. It's about a neat trick, though, that can be useful for some people.
If you need to shut down the main Explorer process, you could just kill it from Task Manager or Process Explorer. But undesirable and unpredictable things can happen when you abruptly kill any process, particularly one as central as Explorer.
In Windows XP, you can get Explorer to exit cleanly by getting to the shutdown dialog (e.g., Start / Turn Off Computer, or Start/Shutdown), then hold down the Ctrl+Alt+Shift keys and click the "Cancel" button. (Ref: JeffDav's blog.)
In Windows Vista with its standard Start Menu, click on the Start button. Hold down Ctrl+Shift and right-click on any empty area of the menu or on the power/lock buttons at the bottom of the right half of the menu. One of the context menu choices is "Exit Explorer". Choose this and the main Explorer process will cleanly shut itself down. (Thanks to Mike Sheldon and Raymond Chen for this tip.)
If you are using the "Classic Start Menu" option in Vista, the XP Ctrl+Alt+Shift+Cancel method still works.
OK, so chances are right now you're looking at nothing but wallpaper and the Sidebar and wondering, "What do I do now?" There's no Start menu anymore, and Win+R doesn't display the Run dialog. Answer: press Ctrl+Shift+Esc. This starts Task Manager. In Task Manager, choose "File / New Task (Run)", type "Explorer" and click OK. The shell will come back to life.
Note that on both Windows XP and Windows Vista, only the "main" Explorer process exits – that is, the process that manages the Start menu, taskbar, and desktop. With default settings, all Explorer folder windows are managed by that process as well, and so they will close too. However, if you have configured Explorer to "launch folder windows in a separate process", then those folder windows will not close when you apply this trick. Furthermore, when I tried this on Windows XP, I needed to manually close all those folder windows before running a new instance of Explorer would display the taskbar, etc., instead of just displaying yet another folder window.
Why is this hidden nugget even there? Its purpose is to help developers and testers who work on shell extensions to be able to stop and restart Explorer quickly and cleanly without having to log out.
Obviously, though, this trick can also be used to launch Explorer elevated. If you've exited the shell process and start Explorer from an elevated context, the entire desktop shell will run elevated. I cannot say this without adding caveats. If you do this, everything you start from this point on will run elevated. Shell extensions will run elevated, including the ones with serious security flaws. If you shut down Explorer again, any child processes that were launched will continue to run elevated, including browsers, IM clients, etc., with all the risk that incurs. IE Protected Mode does not operate when IE is running elevated. Less important but also significant is that any processes running at Medium IL will not be able to interact with the elevated shell – for example, to display taskbar notification icons. In general, because Explorer was neither designed for nor tested with this kind of elevated execution, you should not assume that anything will work correctly, including something as fundamental as user logoff. If you really need an elevated Explorer window on Vista, you can try the unsupported trick I described in this post instead of elevating the entire shell.
Comments
Anonymous
July 20, 2007
Thanks you,thats is cool. Maybe i can escape for explorer.exe If you know a program for xp proAnonymous
July 20, 2007
I was looking for this Yesterday and I googled and I googled and I could not find the answer. Thank you so much!Anonymous
August 06, 2007
search in regedit explorer.exe exact string you can see some value key ex.c:windowsesplore 1dl% (or similar) you change value and delete strange string "1dl%"(or similar, i don'remember exact string) after you change this value key press f3 and it found other value key ex.c:windowsesplore 1dl% (or similar)you change value and delete strange string "1dl%"(or similar, repeat i don'remember exact string)when the search is finish reeboot system. FINISH [Aaron Margosis] Deleting random "strange strings" from the registry sounds like incredibly bad advice to me. What are you trying to accomplish?Anonymous
August 06, 2007
[Aaron Margosis] I'm not american i speak english not very well! but i know when desktop and taskbar don't run you can repair this pc from regedit.exe. You can lanch regedit Through taskmanager (file - new task - regedit). after you serch in regedit the word explorer.exe. The registry search found some key with the word explorer.exe near this word is added a strange string (ex. %SystemRoot%Explorer.exe /idlist,%I,%L) one of this key is changed and explorer don't function if yuo cancel "idlist,%I,%L" after reboot explorer will be reset. you can backup your registry firt and try this metod (tested under xp)Anonymous
August 07, 2007
this is sort of unrelated to your orig post but have you checked out suDown? and how does it compare to your MakeMeAdmin scripts for XP? http://sudown.sourceforge.net/Anonymous
August 26, 2007
The comment has been removedAnonymous
September 15, 2007
Hi Aaron, Nice tip on Explorer.exe. Thank you.Anonymous
November 20, 2007
The comment has been removedAnonymous
December 30, 2007
Your fix seems to have worked Aaron. Good job!Anonymous
March 13, 2008
Давным-давно, до выхода Vista, разработчикам Shell Extensions иногда необходимо было выгрузить Explorer...Anonymous
March 20, 2008
The comment has been removedAnonymous
April 20, 2008
I wonder where your problem with the shell extensions is. The Explorer shell itself already is trivially vulnerable, so there's no reduction in security. [Aaron Margosis] In the context of this post... there is a difference between security vuln running as a standard user vs. running as admin...Anonymous
August 05, 2008
Aaron, I have tried this and I do get the shell to open as an admin acct but I still cannot open network shares that require elevated access. Any thoughts?Anonymous
August 29, 2008
aaron...i have had a lot of experience & exasperation with xp...new toshiba w/vista home premium preloaded...3+ months now & am still encountering problems w/vista...latest was following an auto download from windows, & got in a never-ending loop saying it was in stage 3 of update & don't turn off the computer...subsequent to system restart my icons etc. went missing...previously i was able to use trayicons.reg to recapture...not this time....after several days & many attempts i finally reached success with your solution...can't thank you enough man...why is it that explorer gets so lost ???...by the way, before trying your solution i created a new user & the new user had icons that i as admin could not turn on !!!...thanks again!!!Anonymous
November 16, 2008
Please help! I'm running Windows Vista Home Premium, on a Compaq Presario F500 laptop, with an AMD Sempron 3400+ processor. Only had it a couple of weeks. I'm a complete n00b. When I try to move files or delete to recycle bin, all the windows (usually "Calculating time remaining") freeze and wont disappear on their own. The task is complete, but I still I have to open Task Manager and end the task manually. This happens every time. I have tried defrag, scanning and disk cleaners, all to no avail. There is an easy fix to this, I expect, but as a n00b, I'm not that techy yet. Any, simple to understand, advice would be appreciated. Cheers.Anonymous
September 04, 2009
Unfortunately Windows 7 seems to have changed the rules a bit. Nothing I have found and tried so far seems to get Windows Explorer to run with administrator rights turned on. Has anyone figured out a way to get Windows Explorer in Windows 7 to run with admin rights? Thanks!Anonymous
October 30, 2009
This doesn't work in windows 7. It starts the explorer process under the logged-in user (ie: non-elevated). Like the person above me, I can't for the life of me get an elevated explorer window (and we all know how useful that is in ACTUALLY administering a users machine) without focing the user to log off and logging in as an administrative account. Is it just me or is this going backwards and counter to the whole ethos of least privleges?Anonymous
May 13, 2010
Other nice trick: explorer.exe /separate This will start explorer.exe as SEPARATE process (separate from the shell i.e. just as file manager). And elevation is simple (without logout/logon): runas /user:domainNameuserName "explorer.exe /separate" [Aaron Margosis] I wish people would actually test their brilliant ideas before they post them to my blog, or perhaps read my previous posts that cover these issues. Someone's going to read what "iPath" wrote and think it actually works.Anonymous
May 16, 2010
Correction: the trick with "explorer.exe /separate" actually works ONLY on Windows XP/Windows Server 2003 Thanks for your corrective commentAnonymous
June 30, 2010
The comment has been removed