0x00000020 ERROR_SHARING_VIOLATION — Windows Error Code

Q: What does the Windows error code 0x00000020 mean?

It is the Win32 / NTSTATUS code ERROR_SHARING_VIOLATION (decimal 32). The process cannot access the file because it is being used by another process.

Q: How do I decode 0x00000020 in PowerShell?

Run [ComponentModel.Win32Exception]::new(32).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Q: Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Description

ERROR_SHARING_VIOLATION (hex code 0x00000020, decimal 32) is a Windows warning-level error code in the Common System Errors family. Microsoft surfaces this code through the Win32 API, the Common Language Runtime, the kernel, the event log, PowerShell, command-line tools (sfc, dism, gpupdate, sc), and Windows-side applications such as Outlook, Teams, Office, and System Center.

The process cannot access the file because it is being used by another process.

This page documents what triggers 0x00000020, the most common scenarios where it appears, the likely root causes, and a step-by-step troubleshooting workflow you can run against affected endpoints. It is intended for system administrators, MSP technicians, helpdesk engineers, and anyone diagnosing Windows behavior in a managed environment.

In-depth explanation

This is a warning-severity code. The operation did not necessarily fail; Windows may have completed it with side effects, conflicts, or a state that requires user attention. It is normally safe to retry, but should still be logged so repeated occurrences can be triaged.

It belongs to the standard Win32 error space (winerror.h) and is one of the most frequently observed codes across all Windows tooling.

The code can be looked up programmatically in PowerShell with [ComponentModel.Win32Exception]::new(32).Message (for Win32 / NTSTATUS codes that map cleanly), or with net helpmsg 32 for the legacy decimal range. For HRESULT-style codes, decode the facility and code with err.exe from the SDK or via the WinDbg !error command.

Common causes

Insufficient permissions — the calling process does not have the required access rights.
Incorrect path or filename — the target does not exist or is misspelled.
Antivirus or EDR locking the file or denying the operation.
Group Policy or Software Restriction blocking the action.
Disk full, quota exceeded, or volume offline.

Troubleshooting steps

Re-run the failing operation from an elevated shell to rule out a UAC / permissions issue.
Verify the target path or object exists and is reachable: Test-Path, icacls, Get-Acl.
Temporarily disable the antivirus / EDR and retry — if it succeeds, add an exclusion or whitelist the binary.
Check the Application and System event logs (eventvwr.msc) around the timestamp of the failure for related entries.
Run sfc /scannow followed by DISM /Online /Cleanup-Image /RestoreHealth to repair system files if the error persists.

Decode in PowerShell

# Decode 0x00000020 (32) in PowerShell
[ComponentModel.Win32Exception]::new(32).Message

# Or via WinDbg / err.exe (Windows SDK)
# err 0x00000020

# Or net helpmsg (legacy decimal range only)
# net helpmsg 32

Frequently asked questions

What does the Windows error code 0x00000020 mean?

It is the Win32 / NTSTATUS code ERROR_SHARING_VIOLATION (decimal 32). The process cannot access the file because it is being used by another process.

How do I decode 0x00000020 in PowerShell?

Run [ComponentModel.Win32Exception]::new(32).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.

Where does Windows typically log this error?

It depends on the originating subsystem (Windows Update → %WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.

Is this code recoverable?

Yes — this code is informational or warning-level. The operation can normally be retried after addressing the condition described in the summary.

Should I open a Microsoft support case for this?

Open a case if the error reproduces after applying the troubleshooting steps, particularly if it blocks production workloads, occurs across multiple endpoints, or is associated with a security boundary (BitLocker recovery, Kerberos failure, DCOM hardening, SmartScreen / WDAC). Have a fresh CBS log, minidump, or Get-WinEvent export ready before opening the case.