How to cleanly stop Explorer.exe on Windows Vista


This is the first time I have blogged here about something other than running with least privilege. It’s about a neat trick, though, that can be useful for some people.


If you need to shut down the main Explorer process, you could just kill it from Task Manager or Process Explorer. But undesirable and unpredictable things can happen when you abruptly kill any process, particularly one as central as Explorer.


In Windows XP, you can get Explorer to exit cleanly by getting to the shutdown dialog (e.g., Start / Turn Off Computer, or Start/Shutdown), then hold down the Ctrl+Alt+Shift keys and click the “Cancel” button. (Ref: JeffDav’s blog.)


In Windows Vista with its standard Start Menu, click on the Start button. Hold down Ctrl+Shift and right-click on any empty area of the menu or on the power/lock buttons at the bottom of the right half of the menu. One of the context menu choices is “Exit Explorer”. Choose this and the main Explorer process will cleanly shut itself down. (Thanks to Mike Sheldon and Raymond Chen for this tip.)


If you are using the “Classic Start Menu” option in Vista, the XP Ctrl+Alt+Shift+Cancel method still works.


OK, so chances are right now you’re looking at nothing but wallpaper and the Sidebar and wondering, “What do I do now?” There’s no Start menu anymore, and Win+R doesn’t display the Run dialog. Answer: press Ctrl+Shift+Esc. This starts Task Manager. In Task Manager, choose “File / New Task (Run)”, type “Explorer” and click OK. The shell will come back to life.


Note that on both Windows XP and Windows Vista, only the “main” Explorer process exits – that is, the process that manages the Start menu, taskbar, and desktop. With default settings, all Explorer folder windows are managed by that process as well, and so they will close too. However, if you have configured Explorer to “launch folder windows in a separate process”, then those folder windows will not close when you apply this trick. Furthermore, when I tried this on Windows XP, I needed to manually close all those folder windows before running a new instance of Explorer would display the taskbar, etc., instead of just displaying yet another folder window.


Why is this hidden nugget even there? Its purpose is to help developers and testers who work on shell extensions to be able to stop and restart Explorer quickly and cleanly without having to log out.


Obviously, though, this trick can also be used to launch Explorer elevated. If you’ve exited the shell process and start Explorer from an elevated context, the entire desktop shell will run elevated. I cannot say this without adding caveats. If you do this, everything you start from this point on will run elevated. Shell extensions will run elevated, including the ones with serious security flaws. If you shut down Explorer again, any child processes that were launched will continue to run elevated, including browsers, IM clients, etc., with all the risk that incurs. IE Protected Mode does not operate when IE is running elevated. Less important but also significant is that any processes running at Medium IL will not be able to interact with the elevated shell – for example, to display taskbar notification icons. In general, because Explorer was neither designed for nor tested with this kind of elevated execution, you should not assume that anything will work correctly, including something as fundamental as user logoff. If you really need an elevated Explorer window on Vista, you can try the unsupported trick I described in this post instead of elevating the entire shell.

Comments (20)

  1. thor says:

    Thanks you,thats is cool.

    Maybe i can escape for explorer.exe

    If you know a program for xp pro

  2. evarlast says:

    I was looking for this Yesterday and I googled and I googled and I could not find the answer.

    Thank you so much!

  3. mike76 says:

    search in regedit explorer.exe exact string

    you can see some value key

    ex.c:windowsesplore 1dl% (or similar)

    you change value and delete strange string “1dl%”(or similar, i don’remember exact string)

    after you change this value key press f3 and it found other value key ex.c:windowsesplore 1dl% (or similar)you change value and delete strange string “1dl%”(or similar, repeat i don’remember exact string)when the search is finish reeboot system. FINISH

    [Aaron Margosis] Deleting random “strange strings” from the registry sounds like incredibly bad advice to me.  What are you trying to accomplish?

  4. mike76 says:

    [Aaron Margosis]

    I’m not american i speak english not very well!

    but i know when desktop and taskbar don’t run you can repair this pc from regedit.exe. You can lanch

    regedit Through taskmanager (file – new task – regedit). after you serch in regedit the word explorer.exe. The registry search found some key with the word explorer.exe near this word is added  

    a strange string (ex. %SystemRoot%Explorer.exe /idlist,%I,%L) one of this key is changed and explorer don’t function if yuo cancel "idlist,%I,%L" after reboot explorer will be

    reset. you can backup your registry firt and

    try this metod (tested under xp)

  5. mikew says:

    this is sort of unrelated to your orig post

    but have you checked out suDown? and how does it compare to your MakeMeAdmin scripts for XP?

    http://sudown.sourceforge.net/

  6. Vidjia says:

    Hi all,

    I am in Budapest. Two day ago, my vista was infected by a strange virus. I have no solution of this though i set up the "viewers’ outsanding trojan remover".

    The problem is that the there is an information pop up showing that the "Window exploer doesn’t work", then another pop up shows "Window Exploer restarting", then 5 seconds later, they show up again, again, indefinitely. Every time, they show up, i can not go to window explorer or work any other progam.

    Please help me. My assignment will be due this Wednesday.

    vidjia

  7. Gurijala says:

    Hi Aaron,

    Nice tip on Explorer.exe.

    Thank you.

  8. saj says:

    unfortunately: my vista business pro crashes so all the taskbar goes messed up, and: no chance to kill explorer process (no such process) and unable to run it again as in task man all the menu is unavailable…

  9. Kevin says:

    Your fix seems to have worked Aaron. Good job!

  10. Tr-Tr-Mitya says:

    Давным-давно, до выхода Vista, разработчикам Shell Extensions иногда необходимо было выгрузить Explorer…

  11. Vlitist says:

    Do you happen to have the rundll command to achieve this? I’d like to script it because tskill and pskill only kill explorer for a second and then it auto restarts.

  12. anonymous says:

    I wonder where your problem with the shell extensions is. The Explorer shell itself already is trivially vulnerable, so there’s no reduction in security.

    [Aaron Margosis]  In the context of this post… there is a difference between security vuln running as a standard user vs. running as admin…

  13. Brian says:

    Aaron, I have tried this and I do get the shell to open as an admin acct but I still cannot open network shares that require elevated access. Any thoughts?

  14. mike g says:

    aaron…i have had a lot of experience & exasperation with xp…new toshiba w/vista home premium preloaded…3+ months now & am still encountering problems w/vista…latest was following an auto download from windows, & got in a never-ending loop saying it was in stage 3 of update & don’t turn off the computer…subsequent to system restart my icons etc. went missing…previously i was able to use trayicons.reg to recapture…not this time….after several days & many attempts i finally reached success with your solution…can’t thank you enough man…why is it that explorer gets so lost ???…by the way, before trying your solution i created a new user & the new user had icons that i as admin could not turn on !!!…thanks again!!!

  15. bells says:

    Please help!

    I’m running Windows Vista Home Premium, on a Compaq Presario F500 laptop, with an AMD Sempron 3400+ processor. Only had it a couple of weeks. I’m a complete n00b.

    When I try to move files or delete to recycle bin, all the windows (usually "Calculating time remaining") freeze and wont disappear on their own. The task is complete, but I still I have to open Task Manager and end the task manually. This happens every time.

    I have tried defrag, scanning and disk cleaners, all to no avail.

    There is an easy fix to this, I expect, but as a n00b, I’m not that techy yet.

    Any, simple to understand, advice would be appreciated.

    Cheers.

  16. Bob L says:

    Unfortunately Windows 7 seems to have changed the rules a bit.  Nothing I have found and tried so far seems to get Windows Explorer to run with administrator rights turned on.

    Has anyone figured out a way to get Windows Explorer in Windows 7 to run with admin rights?

    Thanks!

  17. Joe Federer says:

    This doesn’t work in windows 7. It starts the explorer process under the logged-in user (ie: non-elevated).

    Like the person above me, I can’t for the life of me get an elevated explorer window (and we all know how useful that is in ACTUALLY administering a users machine) without focing the user to log off and logging in as an administrative account.

    Is it just me or is this going backwards and counter to the whole ethos of least privleges?

  18. iPath says:

    Other nice trick: explorer.exe /separate

    This will start explorer.exe as SEPARATE  process (separate from the shell i.e. just as  file manager).

    And elevation is simple (without logout/logon):

    runas /user:domainNameuserName “explorer.exe /separate”

    [Aaron Margosis]  I wish people would actually test their brilliant ideas before they post them to my blog, or perhaps read my previous posts that cover these issues.  Someone’s going to read what “iPath” wrote and think it actually works.

  19. iPath says:

    Correction: the trick with "explorer.exe /separate" actually works ONLY on Windows XP/Windows Server 2003

    Thanks for your corrective comment

  20. George says:

    Hey man. Thanks so much. My volume icon had disappeared. When I went to turn the icon on in the Taskbar properties menu, the "volume" box was grayed out. After using this method, the check box was accessible (no longer grayed) again. Big help.