Jamf Nation Community

Don't use managed preferences, dead tech. Either script it using the defaults command to write to the plist or build a custom payload Configuration Profile. If you have payed for support with NoMAD (even lowest level) Joel will help you develop a Config Profile for your specific deployment.

As an example of what a script would like for it though...

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sudo -u $user defaults write com.trusourcelabs.NoMAD ADDomain -string "SERVER.COMPANY.COM"
sudo -u $user defaults write com.trusourcelabs.NoMAD GetHelpOptions -string "mailto:help@company.com"
sudo -u $user defaults write com.trusourcelabs.NoMAD GetHelpType -string URL
sudo -u $user defaults write com.trusourcelabs.NoMAD HideGetSoftware 1
sudo -u $user defaults write com.trusourcelabs.NoMAD HidePrefs 1
sudo -u $user defaults write com.trusourcelabs.NoMAD HideQuit 1
sudo -u $user defaults write com.trusourcelabs.NoMAD LocalPasswordSync 1
sudo -u $user defaults write com.trusourcelabs.NoMAD LocalPasswordSyncDontSyncLocalUsers -array admin support
sudo -u $user defaults write com.trusourcelabs.NoMAD MenuGetSoftware -string "Self Service"
sudo -u $user defaults write com.trusourcelabs.NoMAD MenuHomeDirectory -string "Home Drive"
sudo -u $user defaults write com.trusourcelabs.NoMAD MessagePasswordChangePolicy -string "Please ensure your password is not one you've used previously and is a minimum of 8 characters including at least 3 of the following: upper case letter, lower case letter, number or symbol. Your password may not contain your username or any other common words."
sudo -u $user defaults write com.trusourcelabs.NoMAD PersistExpiration 1
sudo -u $user defaults write com.trusourcelabs.NoMAD TitleSignIn -string "Please Enter Your Comapny Credentials"
sudo -u $user defaults write com.trusourcelabs.NoMAD ShowHome 1
sudo -u $user defaults write com.trusourcelabs.NoMAD SignInWindowOnLaunch 1
sudo -u $user defaults write com.trusourcelabs.NoMAD UPCAlert 1 
sudo -u $user defaults write com.trusourcelabs.NoMAD UseKeychain 1

The other option is delivering it by a custom config profile

Create a copy of this file and name it something like nomad.plist
[https://gist.github.com/rderewianko/e6690fcb9d05b11b9de1daadd9e0b66d ](Gist)

Edit it in your fav editor
Create a new configuration profile within casper, Go to Custom Settings
Use the preference domain of com.trusourcelabs.NoMAD and upload the file above
Push to a test machine and test.

Creating a plist file and deploying it with a Custom Settings config profile is the best way to do it.

This page gives you an example plist file in plain text, while this page lists out all of the various preferences and what they do.

+1 for custom configuration profile; I'm using this method successfully for NoMAD.

Imported xml file named com.trusourcelabs.NoMAD.plist into the custom configuration payload.

Example contents:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>ADDomain</key> <string>(removed).com</string> <key>ConfigureChrome</key> <string>1</string> <key>GetHelpOptions</key> <string>https://(removed).com</string> <key>GetHelpType</key> <string>URL</string> <key>KerberosRealm</key> <string>(removed).COM</string> <key>LocalPasswordSync</key> <string>1</string> <key>MessagePasswordChangePolicy</key> <string>Your password must be at least 12 characters long and contain 3 out of the 4 following: lower case, upper case, numbers and symbols.</string> <key>PersistExpiration</key> <string>1</string> <key>ShowHome</key> <true/> <key>SignInWindowOnLaunch</key> <string>1</string> <key>UseKeychain</key> <true/> <key>HideRenew</key> <true/> <key>MenuGetSoftware</key> <string>Self Service</string>

</dict>
</plist>

Are these config profiles user level or computer level profiles?

User level profiles only work if you're bound to a directory. (Network accounts)

These would be computer level profiles.

@rderewianko have you ever seen where NoMAD ignores the config profile? I followed what you said, and when I opened NoMAD, it still asked me to fill in everything even though my profile had loaded already

Upload your plist... might be some issues with that.

Let’s take a look...

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>ADDomain</key>
            <string>XXXX.edu</string>
            <key>GetHelpOptions</key>
            <string>http://its.XXXX.edu/submit-a-ticket</string>
            <key>GetHelpType</key>
            <string>URL</string>
            <key>KerberosRealm</key>
            <string>XXXX.edu</string>
            <key>PasswordPolicy</key>
            <dict>
                <key>minLength</key>
                <string>8</string>
                <key>minLowerCase</key>
                <string>1</string>
                <key>minMatches</key>
                <string>3</string>
                <key>minNumber</key>
                <string>1</string>
                <key>minSymbol</key>
                <string>1</string>
                <key>minUpperCase</key>
                <string>1</string>
            </dict>
            <key>PayloadDescription</key>
            <string>Nomad Settings</string>
            <key>PayloadDisplayName</key>
            <string>NoMAD</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>com.trusourcelabs.NoMAD</string>
            <key>PayloadOrganization</key>
            <string>NoMAD</string>
            <key>PayloadType</key>
            <string>com.trusourcelabs.NoMAD</string>
            <key>PayloadUUID</key>
            <string>7D5A6BCB-1CFD-44BC-ADCF-B511A63F69E32</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ShowHome</key>
            <true/>
            <key>Template</key>
            <string>User Auth</string>
            <key>X509CA</key>
            <string>dc1.XXXX.edu</string>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>NoMAD Settings</string>
    <key>PayloadDisplayName</key>
    <string>NoMAD</string>
    <key>PayloadEnabled</key>
    <true/>
    <key>PayloadIdentifier</key>
    <string>com.trusourcelabs.NoMAD</string>
    <key>PayloadOrganization</key>
    <string>NoMAD</string>
    <key>PayloadRemovalDisallowed</key>
    <true/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>5312D107-393D-493C-A8D2-14D6E02A09672</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

@rqomsiya I blocked out the institution name here, obviously that's not what I have in the actual plist. Thanks for your help, I just can't seem to get this to work for some reason.

@beatlemike In my experience in playing around with NoMAD and profiles, I needed to deploy the Config Profile at User Level for it to work. If you're deploying the profile at Computer Level, that might be why it's not applying. If that's the case, can you try doing it at User Level to see if that makes a difference?

@mm2270 I will try, I thought about that but had come across somewhere, I can't recall now where exactly, that said you can't do NoMAD profiles at the user level. I will update on my results either way, thanks!

As far as I know they can be. Mine is deployed at User Level, and it works. But of course the local user account must be enabled for MDM for it to work. That could be a factor in your case. I'm using an AD account, so it automatically gets enabled for MDM.

@mm2270 got closer, the settings actually showed up in Managed preferences in the user folder, however, they showed up as a jumbled mess. So it has to be something with my profile.

I edited the plist in text wrangler so there shouldn't be any garbage in the file....

the settings actually showed up in Managed preferences in the user folder

I'm not sure what you mean by this. If it was a profile, what settings would show up in a user folder? Maybe I'm just not understanding, but the profile would show up in System Preferences > Profiles, not inside Managed preferences.

@mm2270 that happens, but the managed preferences added by the config profile appear under /Library/Managed Preferences and when it's a user profile, it will show in a folder with the user name inside that directory.

@beatlemike Got it. I wanted to make sure the profile was showing up as installed under Profiles. I forgot that the plists also show up there. I just checked mine and it's formatted correctly, so it does sound like there might be something wrong with your profile after all, but I don't see it. I just copied and pasted what you posted above into a .plist file and ran xmllint against it and it shows as being a proper xml file, so... hmm. Not sure what might be wrong with it offhand.

Maybe I need to make a change to NoMAD itself? So that it can used config profile managed prefs?

yeah, I can't see anything wrong with my plist. but every time I open NoMAD it asks for settings

@mm2270 Apparently Jamf is changing the plist somehow when uploaded. It works fine if I change the file extension to .mobileconfig and run it locally

@rderewianko was wrong, or at least that isn't the way you do this now. You just edit the sample mobileconfig, and sign it in Apple Configurator or something like it, then upload to Jamf. It will look like an empty profile, but it is not.

Thanks everyone!

Lot's changed in 6 months ;)

So it needs to be signed before it's uploaded to JAMF? I can't seem to get this to work at all and I don't have a way to sign the profile currently.

So this site really helped me. It shows which settings can be managed and which cannot be managed. By just making a copy of your trusourcelabs.NoMAD.plist you are trying to manage settings that you can't and it fails, I ran into the same issue. You can use defaults write command but I found it easier to deploy a custom payload with a config profile. On the link I sent they also have a sample mobile config file that you can download and edit to use with your system. Also there is a NoMAD slack channel that helped me immensely.

EDIT: Also have you ever used the custom configuration payload in configuration profiles? This is where you would upload your customized plist file to get it installed on the machine. So basically edit the file to your liking, save it with the correct nomad name which is case sensitive (ie com.trusourcelabs.NoMAD.plist) Then go to configuration profiles, custom settings, name it everything before the . plist and upload the file. If you get an error it gives you the terminal command you need to run to covert the xml file to a usable one with jamf configuration profiles. Sorry I didn't read your initial question closely enough.

@beatlemike 's post says:

You just edit the sample mobileconfig, and sign it in Apple Configurator or something like it, then upload to Jamf. It will look like an empty profile, but it is not.

That solved my problem of the profile failing to apply settings when deployed through Jamf. The profile would work if I installed it by hand. Thanks for the suggestion. I used ProfileCreator to make the profile and sign it.

I wrote that a long time ago haha I use ProfileCreator now as well, it’s awesome.