Standard Preferences

Since the full list of preferences can be a bit overwhelming, here are the top preferences keys that most organizations use.

While you’re more than welcome to explore and customize NoMAD as much as you desire, these first eight preferences are the best place to start when looking at a new deployment of NoMAD. Detailed information on how to configure these preferences is available on theĀ preferences page.

  1. ADDomainString – This is really the only key you need to have. It determines what your AD domain is and will commonly be in the form of the DNS name of your domain, e.g.
  2. RenewTicketsBoolean – This value determines whether NoMAD will automatically renew Kerberos tickets or not. This is commonly set to “true” as there’s very little reason not to.
  3. SecondsToRenewInteger – Represents the ticket lifespan threshold when NoMAD will renew the ticket. This commonly set to 7200, or 2 hours. If a ticket is valid for less than 2 hours, NoMAD will renew it.
  4. LocalPasswordSyncBoolean – This instructs NoMAD to synchronize the AD password to the local account whenever a user logs in or changes their password through NoMAD. This keeps FileVault, the user’s local account, and their keychain all in sync with their AD password.
  5. UseKeychainBoolean – This value tells NoMAD to store the user’s AD password in their keychain. This is commonly set to “true” as a convenience for the user.
  6. UPCAlertBoolean – Setting this to “true” will have NoMAD alert the user when the user’s password was changed outside of NoMAD, such as on another PC or via AD Users and Computers. This helps to keep everything in sync, especially when the Mac is bound to AD. For this to be most effective on bound machines you need #5, #6 and #7 all enabled so that the user’s AD password is in their keychain.
  7. GetHelpTypeString – This is the method used for the Get Help menu item. It’s either Bomgar, URL or App.
  8. GetHelpOptionsString – The URL or Path for GetHelpType (<<serial>>, <<fullname>>, <<shortname>> and <<domain>> are currently supported as substitutions)