We're looking at using NoLoAD on lab-based and cart-based shared Macs for students, removing the buggy AD binding in place now. We would likely NOT use NoMAD on these. What's the best way to approach this? Locally installed, NoLoAD required a sudo command to run a .bash file from a particular folder on the .zip (evaluate-mechanisms). How do you trigger that on a static group of computers in Jamf? Also, I want to set preferences for a custom BackgroundImage and LoginLogo. If I push these images to a directory in /Library, how do I set the local plist for NoLoAD to point to these images? Much appreciated!
Are you using Jamf Pro to push the software to those devices?
You can download the NoLoAD packages and push those out. The authchanger package will run the sudo command for you.
The way I push it out and put my Logos in the proper location (which I sadly can't remember the location.) Then push the NoLoAD package followed by the authchanger package. I do this upon enrollment so when a device is DEP setup the first policy that is run is NoLoAD. You have a few options of how to trigger the install. You could "reimage" using DEP and having Jamf drop the policy on enrollment of the device. Otherwise you can have it go out on recurring check in and have it only run once on the device.
For setting preferences I suggest using the configuration profiles built into Jamf (even though I'm still just using a defaults command.)
# Write default AD domain
defaults write /Library/Preferences/menu.nomad.login.ad.plist ADDomain "$AD_domain"
defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImage "$BackgroundImage"
defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginLogo "$LoginLogo"
defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginScreen "$LoginScreen"
# Backup existing security authdb settings
security authorizationdb read system.login.console > /private/tmp/evaluate-mechanisms/console.bak
# Write NoMADLoginAD security authdb mechanisms
security authorizationdb write system.login.console < /private/tmp/evaluate-mechanisms/console-ad
# Find loginwindow processes and kill if any exist
if pgrep loginwindow; then
killall -HUP loginwindow
We're using this process, and it worked before. But Big Sur on and M1 machine seems to ignore our NoLoad install. Does anyone have experience installing NoLoad successfully onto a Big Sur M1 Mac?