+4Hello all,
Does anyone know if a configuration profile is reapplied after macOS is upgraded? I have a config profile approving a handful of KEXTs. The profile was applied while the Mac was running High Sierra. They've now upgraded to Mojave and are complaining a few apps weren't working. Turns out, the KEXTs needed to be manually approved locally.
Thanks
Best answer by wildfrog
My understanding is that config profiles only apply their magic once. If you deploy a PPPC profile to a 10.12 or 10.13 machine they won’t know what to do with it so they’ll ignore it. And when you do upgrade to Mojave, the profile won’t magically wake up and do its thing. So we only scope PPPC profiles to machines that know what to do with them (10.14 machines). Same logic is why we scope UAKEL whitelist profiles only to machines with ≥10.13.4.
Do you have a Kext config profile scoped to 10.13 and 10.14, or are you kext whitelists built into profiles for each OS? Either way, I have recon set to run at startup, so config profiles scoped to smart groups based on OS should cover it.
+4Thanks for the response, Daniel. It's currently scoped to all machines regardless of OS. Is it advisable to have a config profile scoped to 10.13+?
+11My understanding is that config profiles only apply their magic once. If you deploy a PPPC profile to a 10.12 or 10.13 machine they won’t know what to do with it so they’ll ignore it. And when you do upgrade to Mojave, the profile won’t magically wake up and do its thing. So we only scope PPPC profiles to machines that know what to do with them (10.14 machines). Same logic is why we scope UAKEL whitelist profiles only to machines with ≥10.13.4.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
