How to enable cleanmgr Windows Cleaning Program on Windows 2008

cleanmgr – windows cleaning tools

This is not avaialbe by default and on Windows 2008 R2 64bit en can be enabled by copying this files



then Windows start menu -> cleanmgr should appear.

You can also enable Store Clean and reset base up but this requires reboot. Once completed you won’t be able to remove any installed updates.


OpenVZ basic commands info for SysAdmins

This will be updated when needed by me at some point.

The web GUI is normally available on HOST_IP:3000

To check a list of vm on the host run

  • vzlist

To check if you are hitting any memory allocation run (last column should be ‘0’)

  • vzctl exec 302 cat /proc/user_beancounters (where 302 is a CID of host)

To set memory allocation run

vzctl set 301 –vmguarpages 1024M –save

or set the following

1024MB Guaranteed, 2048MB Burstable
vzctl set 301 –vmguarpages 1024M –save
vzctl set 301 –oomguarpages 1024M –save
vzctl set 301 –privvmpages 1024M:2048M –save

information about the type of memory can be found on this page and explain what a vmguarpages is.


Most useful OpenSSL commands taken from various places

OpenSSL site:

Free book about SSL

Generate a certificate request

openssl req -new -newkey rsa:1024 -nodes -keyout key.pem -out req.pem
  • req activates the part of openssl that deals with certificate requests signing
  • -new generate a new request
  • -newkey generate a new private key
  • rsa:1024 1024 is the bit length of the private key. Alternative you can use 2048 and 512, for larger or smaller keys but, please note that the strength of the key should match the type of service your certificate authority is providing to you.
  • -nodes no des, stores the private key without protecting it with a passphrase. While this is not considered to be best practice, many people do not set a passphrase or later remove it, since services with pass phrase protected keys can not be auto-restarted without typing in the passphrase
  • -keyout key.pem store the private key in a file called key.pem
  • -out req.pem store the certificate request in a file called req.pem

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Generate a self-signed key

openssl req -x509 -days 365 -nodes -newkey rsa:2048 \ -keyout key.pem -out cert.pem

Testing SSL servers

openssl s_client -connect -showcerts

View PEM encoded certificate 

openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout

Add Key and to certificate to import into Windows Machine and export as pem for HaProxy

 openssl pkcs12 -export -clcerts -inkey myKefFile.pem -in MyCertFile.cer -out MyPKCS12.p12 -name "My Certificate"

then import into Windows using mmc console
then export as pfx including the key
and change to a pem to use with HaProxy for example

openssl pkcs12 -in MyExportedCertWithKey.pfx -out SSLwithKeyToUseForHaProxy.pem -nodes


How to find out disabled/inactive users in active directory

Log in into your DC then execute PowerShell and run the following the following commands

Load the AD powershell

Once loaded run the following command

Following domain has been used in this example

PS S:\> Search-ADAccount -AccountDisabled -SearchBase “DC=yourdomain,DC=int” | FT Name,LastLogonDate,ObjectClass –A

It will display a list of disabled accounts in Active Directory.

This will display all disabled users in active directory which might be absolute and removed. Obviously always check before any removal process that these can be removed!

Once all the disabled users are removed you can search for inactive users.

Change the date so it’s 1 year difference from the current date.

Search-ADAccount -AccountInactive -Datetime 01/04/2015 -SearchBase “DC=yourdomain,DC=int” | FT Name,LastLogonDate,ObjectClass –A

Once you got a list revise the user and disable them first before any removal.

Hope this helps someone.

Many thanks for reading and comments always welcome.