How to Run OSX on Gnome Boxes (KVM)

Install:

First, create an empty hard drive image:

qemu-img create -f qcow2 OSX.img 64G

Copy the BIOS enoch_rev2848_boot on the same folder where you created the HD.

Change QEMU parameters adding the OSK key on “-device isa-applesmc,osk=”add your osk1 and osk2” (The AppleSMC device needs a valid OSK key to function).
Change also the path of MacHDD and MacDVD.

Install OSX running QEMU:

qemu-system-x86_64 -enable-kvm -m 8192 -cpu Penryn,vendor=GenuineIntel \
-machine pc-q35-2.4 \
-smp 4,cores=2 \
-usb -device usb-kbd -device usb-mouse \
-device isa-applesmc,osk="add your osk1 and osk2" \
-kernel ./enoch_rev2848_boot \
-smbios type=2 \
-device ide-drive,bus=ide.2,drive=MacHDD \
-drive id=MacHDD,if=none,file=./OSX.img \
-monitor stdio \
-device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16 \
-spice port=5930,disable-ticketing
-device ide-drive,bus=ide.0,drive=MacDVD \
-drive id=MacDVD,if=none,snapshot=on,file=./'MacOSX_Mavericks.iso'

Warning: Mouse is not working fine. Be patient, we will install the driver at the end!

When you have the OSX installed and running, create the libvirt xml file called OSX.xml. Remember again to change path and OSK string.

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>OSX</name>
  <title>OSX</title>
  <description># echo 1 &gt; /sys/module/kvm/parameters/ignore_msrs</description>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc-q35-2.4'>hvm</type>
    <kernel>/home/public/VMs/OSX/enoch_rev2848_boot</kernel>
  </os>
  <features>
    <acpi/>
    <kvm>
      <hidden state='on'/>
    </kvm>
  </features>
  <cpu mode='custom' match='exact'>
    <model fallback='allow'>Penryn</model>
  </cpu>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='home/public/VMs/OSX/OSX.img'/>
      <target dev='sda' bus='sata'/>
      <boot order='1'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <interface type='bridge'>
      <source bridge='virbr0'/>
      <target dev='tap0'/>
      <model type='e1000-82545em'/>
<address type='pci' domain='0x0000' bus='0x02' slot='0x02' function='0x0'/>
    </interface>
    <input type='mouse' bus='usb'/>
    <input type='keyboard' bus='usb'/>
    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
      		<listen type='address' address='127.0.0.1'/>
      <clipboard copypaste='yes'/>
    </graphics>
    <sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x03' function='0x0'/>
    </sound>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='none'/>
  </devices>
  <qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='isa-applesmc,osk=add your OSK1 and OSK2'/>
    <qemu:arg value='-smbios'/>
    <qemu:arg value='type=2'/>
    <qemu:arg value='-k'/>
    <qemu:arg value='en-us'/>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='Penryn,vendor=GenuineIntel'/>
  </qemu:commandline>
</domain>

Import VM to Gnome Boxes:

virsh create OSX.xml

Configure:

You can now run your OSX from Gnome Boxes and install QemuUSBTablet for mouse and VoodooHDA for audio.

After installed QemuUSBTablet, change VM setting like this:

    <input type='tablet' bus='usb'/>

 

Inside the VM create a file named org.chameleon.boot.plist with the chameleon conf.:

sudo pico /Extra/org.chameleon.boot.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Timeout</key>
<string>5</string>
<key>Graphics Mode</key>
<string>1280x1024x32</string>
<key>EthernetBuiltIn</key>
<string>Yes</string>
<key>PCIRootUID</key>
<string>1</string>
</dict>

If APP store is not working and you are able to browse on internet, probably the reason is that your ethernet device is not called “en0”.

Delete all network devices you have:

OSX_NetworkPanel

then delete these files:

cd /Library/Preferences/SystemConfiguration/
sudo rm preferences.plist
sudo rm NetworkInterfaces.plist

reboot and check if your ethernet device is now “en0”:

OSX_ifconfig

Via: https://github.com/kholia/OSX-KVM
https://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/
https://blog.ostanin.org/2014/02/11/playing-with-mac-os-x-on-kvm/

ERROR: dcdiag warning on userAccountControl

On a new build-up DC, running dcdiag I found this problem:

Starting test: MachineAccount
Warning:  Attribute userAccountControl of myDC is:
0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGAT ION )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
This may be affecting replication?

Using ADUC with “Advanced Features” enabled, on “Attributes Editor” you can change userAccountControl for your DC’s Computer Object

UserAccountControl values:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

Via: https://support.microsoft.com/en-us/help/305144/how-to-use-the-useraccountcontrol-flags-to-manipulate-user-account-properties

How to connect Remotely to SQL Express using SSMS

If you have SQL Sever Browser stopped (as generally is using SQL Express), to connect remotely using “Microsoft SQL Server Management Studio” you should specify the port on server/instance string.

First check if SQL Server Browser is stopped with “SQL Server Configuration Manager”

SQL_ServiceConf

Then check the TCP Port of your SQL Express Instance (in this case is a Dynamic Port):

SQL_TCP_DynamicPort

Then you can connect to your SQL Express instance specifying as “Server Name” this string (pay attention to the comma after SQL instance name):

SQLServer\Instance,TCPPort

 

SSMS_sqlexpress_Login

How to Find which DC is pruning your printer queues

When you publishing printer queues on Active Directory, by default the printer spooler save the shared printers info as object inside the printserver computer object.

On DC (generally the site DC of the printserver) by default is running a printers pruning; this job check if the printserver is reachable and if the printer is still shared and if not, delete the printQueue object from AD.

  • Printserver publish by default the printers only at startup (if you what to force the printer publishing just restart the printspooler service)
    This Setting is managed by “Computer Configuration / Administrative Templates / Printers / Check Published State”
  • Dc try to contact the prinserver/printer for 3 time every 8 hours. If for 3 time the prinserver/printer is not reachable then will be unpublished.
    This Setting is managed by “Computer Configuration / Administrative Templates / Printers / Allow Pruning of Published Printers”, “Directory Pruning Interval”, “Directory Pruning Retry”
“The Print Pruner is a thread that runs under the spooler context on all DCs. It
uses ADSI calls ( ADsGetObject, IID_IDirectorySearch->ExecuteSearch) to get the
list of all the printQueue servers in the AD.
To check whether the server is in same site it uses Winsock call (gethostbyname)
and other net APIs (DsAddressToSiteNames,DsGetDcSiteCoverage).
To check if the print queue\print server availability it uses OS APIs
(NetServerGetInfo, OpenPrinter,GetPrinter).
So all the work by pruner is done using ADSI, WinSock and OS functions.”

 

Can happen that for some firewall/network misconfiguration, a DC start to pruning some/every published print queues on regular basis. To find which DC is making too much cleaning, we first try to find the deleted printQueue object:

Find deleted Object

  1. Run ldp.exe as Domain Admin.
  2. On “Connection” menu click “Connect”. You can leave the server name black to connect to the DC on your site.
  3. On “Connection” menu click “Bind”
  4. On “Browse” menu click “Search”. Select the “Base DN” of the domain where you want to retrive tombstones. In “Filter” box use filter “(objectclass=printQueue)”. Under “Scope” select “Subtree”. Click “Options” and under “Search Call Type” select “Extended”. Then add “1.2.840.113556.1.4.417” on “Active Controls” using “Check in”.
    ldp_DeletedObject_PrintQueue_Conf
  5. Close “Search Options” and on “Search” dialog box, click “Run”
  6. On results, find your deleted printer and copy the CN of the deleted printQueue:

ldp_DeletedObject_PrintQueue

 

Find origin of change

Then using repadmin you can find from where this object was updated:

repadmin /showobjmeta [myDC] [CN of object]

repadmin_DeletedObject_PrintQueue

 

Via: https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/

https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/

How to Delete/Rename files with Path Too Long

The maximum length of a path according to the Windows API, is defined as 260 characters. A subset of Win32 APIs allow you to work around the MAX_PATH restriction by adding the “\?\” prefix. This support up to 32K characters in length but application support is also required (File Explorer do not support it :-))

Windows 10 AU add a “Win32 long Path Support” but not enabled by default and Powershell has finally built-in support for that.
https://blogs.msdn.microsoft.com/jeremykuhne/2016/07/30/net-4-6-2-and-long-paths-on-windows-10/

As workaround you can try to use short filename notation:

cmd /c for %A in ("C:\Documents and Settings\User\NTUSER.DAT") do @echo %~sA

or use subst to map a drive letter to a folder:

subst x: "C:\Very long directory\that exceed\length limit\"

To remove the temporary drive letter:

subst x: /d

How to create Print queue with Powershell

Due to a new printserver rollout I write a powershell script to easily install network printers on the new Windows 2012 R2 printserver.

The script can be found here: https://github.com/lscarso/Powershell/blob/b6eb1a31790774a0433765551c9aeb455cedbd76/New-ProvisioningPrinter/New-ProvisioningPrinter.ps1

If the driver is not on driver store of your printserver, you need to install it before via GUI or using pnputil and Add-PrinterDriver:

pnputil -i -a "C:\Temp\Printers\Ricoh_UniDrv_plc6\x2DSPYP.inf"
Add-PrinterDriver -name "RICOH PCL6 UniversalDriver V4.12"

To create a new Printer Port and the Printer then just run this command:

.\New-ProvisioningPrinter.ps1 -ComputerName MYPRINTSRV -PrinterName PR01 -PrinterAddress 192.168.1.1 -PrinterLocation "Italy, Milano, Reception" -PrinterComment "Asset Number: 01987" -PrinterDriver "RICOH PCL6 UniversalDriver V4.12"

Change ComputerName to your printserver, PrinterName to the name of new print queue you want to create, the PrinterAddress to the IP/HostName of network printer, PrinterDriver to the label of driver to use.

The script create the print queue PR01, shared with the same name and a printer port linked to that printer, named with the IP or HostName you specified on PrinterAddress parameter. SNMP is enabled too on “public” community.

You can also pipe a CSV file with PrinterName, PrinterAddress, PrinterLocation, PrinterComment columns to this script for bulk printers creation:

Import-Csv "C:\Data\Working\printers.csv" -delimiter ";" -Encoding UTF8 | .\New-ProvisioningPrinter.ps1 -ComputerName PRINTSRV

You have now all the printers installed to the new printserver. You need now to configure the default settings:

Set-PrintConfiguration -ComputerName MYPRINTSRV –PrinterName PR01 -PaperSize A4 -Color $False

this configure the PR01 printer with default Paper Size to A4 and to Black & White.