Installing Disk Cleanup on Windows Server 2008R2 in 2020

Firstly, some of us still have some legacy servers running. For example, there are some 2008R2 servers that we still have in our environment. As you probably already know if you’re reading this that Windows Server 2008R2 has already gone end of life. However, that doesn’t mean that any of the problems with them have gone away until you have the opportunity to upgrade. I’ll be moving a couple of databases from the 2008R2 server to a 2019 (rolled back to 2016) server. However, in the meantime there is a shortage of storage on the C:\ drive and most of it is being taken up by C:\Windows\Temp. Firstly, I would typically run the disk cleanup utility but the disk cleanup utility isn’t available by default. To configure it for use follow these steps.

Disclaimer: Since we have automated backups and fail-over the next steps can be made in production. If you’re using a physical server I recommend using the P2V (physical to virtual) software called Disk2VHD by Sysinternals to create a VM and enable Hyper-V replication between the 2 Hyper-V hosts. Also, Hyper-V as it’s free! Note: You need a domain environment. I strongly recommend against trying to run hyper-v that hasn’t been joined to a domain. I’ve tried and you would be making extra work for yourself. You can also enable clustering but that requires a shared storage medium such as a SAN. Also, enable backups as that isn’t the same as fail-over and clustering. Assuming that you would be using Hyper-V core because that’s the free one if you need GUI access just use another server with a GUI and add it to the server manager. Now you can use the GUI to control anything in compmgmt.msc for example. In this case, Windows Server Backup. I recommend connecting to the Hyper-V host itself and performing the backup from there as you can then restore based on the Virtual Machine VM) rather than each individual server. It easier on the admin and works better too.

Step 1:

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe to %systemroot%\System32 which for most of us will be C:\Windows\System32

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe %systemroot%\System32

Step 2:

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui to %systemroot%\System32\en-US where again %systemroot% is usually C:\Windows.

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui %systemroot%\System32\en-US

If you want to know what your %systemroot% is just open an elevated command prompt and type “echo %systemroot%”.

start cleanmgr.exe

If you have 2008 instead of R2 or a 32 bit system please see the official microsoft document on this procedure.


After running disk cleanup which didn’t locate the C:\Windows\Temp folder and therefore performed no cleaning which I verified with a fantastic utility for determining what is consuming your storage space is TreeSize Free. It can be downloaded here:

The next step is to perform a regular deletion process. The only files that we don’t want to delete are ones that have active file handles or file locks. Since they do have file locks you will receive an error message when trying to delete those specific ones. Just choose not to delete them when prompted.

Highlight all of the data in C:\Windows\Temp by using the keyboard shortcut “ctrl + a” and press “delete”. I would recommend sending this to the recycle bin instead of performing a permanent delete to give you recovery availability as a general good practice to do. However, you decide your risk and can choose to permanently delete the files. Since these files are temporary to begin with the expectation is that they will be deleted at some point.

You will see a prompt asking if you are sure you want to move the data to the recycle bin. Click “yes”.

When you receiving the prompt for files that are in use by active programs select the checkbox “Do this for all current items” and click on “skip”.

You will now only be left with the temporary files that are actively being used by current active programs because they have file handles on those temporary files.

Unlike newer operating systems that have the feature to perform automatic cleanup of the recycle bin 2008R2 doesn’t include this feature and will either need to be manually cleaned at a later date or a utility or script would have to be used to manage the automated clearing of the recycle bin.

For options that have been voted up on ServerFault to perform the automated cleanup you can see here:

Fixing the root cause:

Now that the issue had been resolved it was necessary to find a way to prevent it from occurring again.

I found another great article that covered this exact same issue and you can check the source here: Here are the commands that will fix the issue from occuring a second time pulled directly from the blog post. Note that if making into a script you will have to include wait times to allow the services to stop before they can be restarted and that you may also encounter file handle locks and need to script a way to deal with that situation when it may occur.

net stop wuauserv
cd %systemroot%
rename SoftwareDistribution SoftwareDistribution.old
rmdir /q /s c:\windows\temp
net stop trustedinstaller
cd c:\windows\logs\CBS
del *.cab
del *.log
rem regenerate cab files
c:\windows\system32\wuauclt.exe /detectnow
net start wuauserv
echo this is a dummy line

Delete EFI Partition with Command Line Interface

You can use powershell if you want to by using the following format to run the CLI commands

PS> cmd.exe /c "<insert command prompt command here>"

Be sure to be in an elevated command prompt

list disk
select disk <whichever one is your disk>
list partition
select partition <whichever partition number>
(Continue doing this for each partition you want to clear)
delete partition override

Microsoft Best Practice Analyzer Lies Today

I ran the BPA scan on one of my servers and it had said that SMB v1.0 should be installed since it is not in a default configuration.

Other than to support legacy hardware and on a completely disjointed VLAN from everything else should you bother to enable SMBv1.0. There have been vulnerabilities in that version of SMB for many years. Specifically, does anyone remember WannaCry? This BPA scan doesn’t seem like it’s been updated since before WannaCry and this is on a Windows Server 2019 Standard system. It make me “wanna cry”.

Just search google for “smb v1 exploit” and thousands of articles pop up.

I suppose I shouldn’t be so surprised that Microsoft has become complacent in updating their BPA software.

So, with that in mind when you run your BPA scan just remember to take it with a grain of salt as the BPA scan doesn’t know everything and that you might be better off going away from what the analyzer utility says. It’s good to give you a hint of what to check out but not a task list.

Hyper-V 2019 Core On Lenovo TS430 in 2020

Firstly, let me just say that I’ve recently encountered a disaster where a Windows Update wreaked havoc on a Hyper-V Core 2019 server. This update was intended to break compatibility with the set of CPUs that have known vulnerabilities to Spectre and Meltdown. However, we have protection against such threats using the Malwarebytes Cloud Endpoint on the Hyper-V host. Regardless, during a regular maintenance period a standard reboot was done and then this happened:

Luckily, this was restored from backups that we had.

The resolution was to re-install the Hyper-V 2019 Core and disable the automatic updates. We set it to “manual” for updates to prevent this issue in the future as we currently intend on using the TS430 for a little while despite its age.

If anyone else is having this issue wouldn’t it be nice if there was some type of pop-up before the reboot like “Are you sure you want to break the CPU compatibility by installing this update?”. At least for now manual updates is the current path for this instance and reviewing the necessary KB articles before updating.