We're looking at using NoLoAD on lab-based and cart-based shared Macs for students, removing the buggy AD binding in place now. We would likely NOT use NoMAD on these. What's the best way to approach this? Locally installed, NoLoAD required a sudo command to run a .bash file from a particular folder on the .zip (evaluate-mechanisms). How do you trigger that on a static group of computers in Jamf? Also, I want to set preferences for a custom BackgroundImage and LoginLogo. If I push these images to a directory in /Library, how do I set the local plist for NoLoAD to point to these images? Much appreciated!
Are you using Jamf Pro to push the software to those devices?
You can download the NoLoAD packages and push those out. The authchanger package will run the sudo command for you.
The way I push it out and put my Logos in the proper location (which I sadly can't remember the location.) Then push the NoLoAD package followed by the authchanger package. I do this upon enrollment so when a device is DEP setup the first policy that is run is NoLoAD. You have a few options of how to trigger the install. You could "reimage" using DEP and having Jamf drop the policy on enrollment of the device. Otherwise you can have it go out on recurring check in and have it only run once on the device.
For setting preferences I suggest using the configuration profiles built into Jamf (even though I'm still just using a defaults command.)
#!/bin/bash AD_domain="$4" BackgroundImage="$5" LoginLogo="$6" LoginScreen="$7" # Write default AD domain defaults write /Library/Preferences/menu.nomad.login.ad.plist ADDomain "$AD_domain" defaults write /Library/Preferences/menu.nomad.login.ad.plist BackgroundImage "$BackgroundImage" defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginLogo "$LoginLogo" defaults write /Library/Preferences/menu.nomad.login.ad.plist LoginScreen "$LoginScreen" # Backup existing security authdb settings security authorizationdb read system.login.console > /private/tmp/evaluate-mechanisms/console.bak # Write NoMADLoginAD security authdb mechanisms security authorizationdb write system.login.console < /private/tmp/evaluate-mechanisms/console-ad # Find loginwindow processes and kill if any exist if pgrep loginwindow; then killall -HUP loginwindow fi exit 0