How could inreversibly disable explorer.exe

bluedxca93 · 2025-03-13T13:19:34-0400

Hello everyone,

Explorer.exe and some of its functionality seems to be destroyed as a choice of design by microsoft and now I am looking for a way to disable it temporarily but also permanently. Moving it with midnight commander as admin works but once an update happens explorer.exe is back as default.
I’m looking for a method that allows me to move explorer.exe reversibly. But that does also move it after updates.

If anyone has experience or can point me to a reliable method, I’d greatly appreciate it. Thanks in advance for your help!
As far as i know validation os is the only system without explorer.exe but it lacks support for .net or direct3d apps, and msiexec etc . Switching back to windows 10 or using linux everytime would force me to buy a new camera, as my favorite raw processor now requires windows 11.

Kind regards bluedxca93

Tester · 2025-03-13T14:15:43-0400

Do you only want to remove the explorer for file explorer aka as a file manager? Or do you also want to remove explorer.exe from loading during startup. As so not getting a taskbar, wallpaper, no desktok icons etc etc. And if the later, what do you then use as alternative?
For file Manager should be easy, as i don't use the file explorer myself aswell.

glasskuter · 2025-03-13T14:32:43-0400

While some malware disguises itself as an explorer.exe process, (one such is in the wild right now. See article) the REAL explorer.exe is an integral part of windows and can not be removed...period.

https://cybernews.com/malware/how-to-remove-explorer-exe-virus/

Tester · 2025-03-13T14:49:17-0400

glasskuter said:
windows and can not be removed...period.

Ofcouse it can, however you would need some replacement and alternative ways to do things.

Just tested in vm, added dopus filemanger, made it start as fullscreen at userloging, added my application to application bar, deleted explorer.exe. Rebooted. After loging, dopus file manager start. Can just use my apps from dopus shortcuts. Can alt-tab between applications.

Now what the OP asked is only to make a startup script that runs at userlogon, that if explorer.exe is restored by windows update. It needs to kill explorer.exe and then just delete the file again automaticly. I guess that solves his issue?

Tester · 2025-03-13T15:37:39-0400

Wrote a powershell script, that you can schedule as a scheduled task at userlogin:

Put in folder: c:\scripts\

name script: DisableExplorer.ps1

Run manual as test from cmd:
powershell.exe -file "c:\scripts\DisableExplorer.ps1"

if it does not run manual, open powershell first:
then:

Powershell:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

Then the next times it can run without that command.

Script will take ownership of explorer.exe and rename it with date and Time. And so disabling it. Rename it back to enable it again.

Powershell:

param(
    [switch] $Verbose
)

function Invoke-DisableExplorer {
    begin {
        function Enable-Privilege {
            param(
                [ValidateSet(
                    "SeTakeOwnershipPrivilege", "SeRestorePrivilege", "SeDebugPrivilege")]
                $Privilege,
                $ProcessId = $pid,
                [Switch] $Disable
            )
            $definition = @'
using System;
using System.Runtime.InteropServices;

public class AdjPriv
{
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
    [DllImport("advapi32.dll", SetLastError = true)]
    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
    [StructLayout(LayoutKind.Sequential, Pack = 1)]
    internal struct TokPriv1Luid
    {
    public int Count;
    public long Luid;
    public int Attr;
    }
    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
    internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
    internal const int TOKEN_QUERY = 0x00000008;
    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
    public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
    {
        bool retVal;
        TokPriv1Luid tp;
        IntPtr hproc = new IntPtr(processHandle);
        IntPtr htok = IntPtr.Zero;
        retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
        if (!retVal) return false;
        tp.Count = 1;
        tp.Luid = 0;
        tp.Attr = disable ? SE_PRIVILEGE_DISABLED : SE_PRIVILEGE_ENABLED;
        retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
        if (!retVal) return false;
        retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
        return retVal;
    }
}
'@

            $processHandle = (Get-Process -id $ProcessId).Handle
            $typeexists = try { ([AdjPriv] -is [type]); $true } catch { $false }
            if ($typeexists -eq $false) {
                $type = Add-Type $definition -PassThru
            }
            $result = [AdjPriv]::EnablePrivilege($processHandle, $Privilege, $Disable)
            if (-not $result) {
                $errorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
                throw "Failed to change privilege '$Privilege'. Error code: $errorCode."
            }
        }
    }
    process {
        try {
            # Check for Admin rights
            if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
                Write-Warning "Must be run with administrator credentials"
                return
            }

            try {
                # Add SeTakeOwnershipPrivilege and SeRestorePrivilege for this process
                Enable-Privilege -Privilege SeTakeOwnershipPrivilege
                Enable-Privilege -Privilege SeRestorePrivilege
            }
            catch {
                Write-Error $_.Exception.Message
                return
            }

            # Set access rights on explorer.exe
            try {
                $NTAccount_Administrators = [System.Security.Principal.NTAccount]"Administrators"
                $explorerPath = "$env:SystemRoot\explorer.exe"
                $acl = Get-Acl -Path $explorerPath
                $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($NTAccount_Administrators, [System.Security.AccessControl.FileSystemRights]::FullControl, "Allow")
                $acl.SetAccessRule($accessRule)
                Set-Acl -Path $explorerPath -AclObject $acl
                if ($Verbose) { Write-Host "Set full control access for Administrators on '$explorerPath'." -ForegroundColor Cyan }
            }
            catch {
                Write-Warning "Failed to set access rights for explorer.exe. Error: $($_.Exception.Message)"
                return
            }

            # Kill explorer.exe
            try {
                Stop-Process -Name explorer -Force
                Start-Sleep -Seconds 2
            }
            catch {
                Write-Warning "Failed to kill explorer.exe. Error: $($_.Exception.Message)"
            }

            # Rename explorer.exe
            try {
                $timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
                $newName = "explorer.exe_$timestamp"
                $newPath = "$env:SystemRoot\$newName"
                Rename-Item -Path $explorerPath -NewName $newName -Force
                Write-Host "Renamed explorer.exe to '$newName'."
            }
            catch {
                Write-Warning "Failed to rename explorer.exe. Error: $($_.Exception.Message)"
            }
        }
        catch {
            Write-Host "An error occurred: $($_.Exception.Message)" -ForegroundColor Red
            throw $_
        }
    }

    end {}
}

Invoke-Command -ScriptBlock { Invoke-DisableExplorer }

Basic scheduled task, at user login:

arguments: -file "c:\scripts\DisableExplorer.ps1"

Let me know if you have any issues.

garlin · 2025-03-13T15:51:50-0400

If you wanted to permanently kill all instances of Explorer:

Code:

Windows Registry Editor Version 5.00

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger"=""

But that's just playing with fire. The proper way is to replace Explorer.exe with another app as your default shell.

How do I replace the system shell (explorer.exe) with another process in Windows 10?

This is for Windows 10. Is there a way to replace explorer.exe with, for example, a powershell script? I'm looking to start a custom shell application without having to have explorer.exe run in...

superuser.com

Change windows shell

I have asus Rog ally and want to get console experience like steam deck but unfortunately windows gui isn't support this at all. I don't want to see any login or desktop screen at boot. I heard tha...

superuser.com

These config changes are not affected by Windows updates.

bluedxca93 · 2025-03-13T16:36:55-0400

Hi,

I partially agree that the real explorer.exe is supposed to be a main component of windows. However the exe file itself is not needed for file system operations or open with dialogs etc. Yes it breaks the system settings user interface if you remove explorer.exe. The functionality as network, printer etc. still remains intact.

Thx a lot for the tip with the task sheduler and the renaming script. Like this i can restore it if needed. But i really have just changed the shell in registry and guess what explorer.exe came back.

Using WinX- Shell or react os explorer just hides the original explorer but it' ll came back after some time if not renamed... The shell itself is an application on top of dwm.exe .Even dwm.exe can be removed, with more impact than removing explorer.exe for 3rd party applications.

The desktop is an application in the background that displays file system icons and opens them if you click on them.

taskbar is similar to a task list provided by taskmgr or other applications.

The startmenu is basically an application that virtually merges two folders and displays the paths as menu deop downs and the .lnk files inside the folders as items.

This might sound crazy, however its basically just that...

How could inreversibly disable explorer.exe

bluedxca93

New member

My Computer

System One

Tester

Well-known member

My Computer

System One

glasskuter

aka Mama Glass

My Computers

System One System Two

Tester

Well-known member

My Computer

System One

Tester

Well-known member

My Computer

System One

garlin

Well-known member

How do I replace the system shell (explorer.exe) with another process in Windows 10?

Change windows shell

My Computer

System One

bluedxca93

New member

My Computer

System One

Similar threads

Latest Support Threads

Latest Tutorials