Since the full list of preferences can be a bit overwhelming here’s the top preferences keys that most organizations use. While you’re more than welcome to explore and customize NoMAD as much as you desire, these first 9 preferences are the best place to start when looking at a new deployment of NoMAD. Look at the preferences page for information on how to configure these.
- ADDomain – String – This is really the only key you have to have. This determines what your AD domain is and will commonly be in the form of the DNS name of your domain, nomad.menu for example.
- KerberosRealm – String – NoMAD will automatically set this to the upper-cased version of your AD domain. However, it’s not a bad idea to set this so that NoMAD has to do less work.
- RenewTickets – Boolean – Determines if NoMAD will automatically renew Kerberos tickets. This is commonly set to “true” as there’s very little reason not to do this.
- SecondsToRenew – Integer – The ticket lifespan threshold when NoMAD will renew the ticket. This commonly set to 7200, or 2 hours. If a ticket is valid for less than 2 hours, NoMAD will renew it.
- LocalPasswordSync – Boolean – This tells NoMAD to synchronize the AD password to the local account whenever a user logs in or changes their password through NoMAD. This keeps FileVault, the user’s local account and their keychain all in sync with their AD password.
- UseKeychain – Boolean – This tells NoMAD to store the user’s AD password in their keychain. This is commonly set to “true” as a convenience for the user.
- UPCAlert – Boolean – Setting this to “true” will have NoMAD alert the user when the user’s password was changed outside of NoMAD, on another PC or via AD Users and Computers for example. This helps to keep everything in sync, especially when the Mac is bound to AD. Note: for this to be most effective on bound machines you need #5, #6 and #7 all enabled so that the user’s AD password is in their keychain.
- GetHelpType – String – The method used for the Get Help menu item. This is either Bomgar, URL or App.
- GetHelpOptions – String – URL or Path for GetHelpType (<<serial>>, <<fullname>>, <<shortname>> and <<domain>> are currently supported as substitutions)