Posted on 10-25-2019 08:04 AM
Just a simple question on creating config profiles to approve kernel extensions. I only use the teamidentifier.
what is your opinion on creating a config profile for each kernel extension you want to approve? or creating one single config profile with all the kernel extensions you want to approve?
5 seperate confg profiles to approve each kernel extensions?
or
1 single config profile that approves all 5?
and why?
Solved! Go to Solution.
Posted on 10-25-2019 01:05 PM
I like keeping mine separate, so each kext has it's own config profile. I just feel that it would be easier to administer if i had an issue.
Posted on 10-25-2019 09:18 AM
@tcandela Yes.
Posted on 10-25-2019 10:27 AM
@diradmin whats your preference
Posted on 10-25-2019 12:19 PM
For what it's worth, I used to put these all in one configuration profile and have found that maintaining that single profile makes it harder for me to troubleshoot individual issues. I am going to attempt to separate these during an upcoming slow period. I'm interested to hear what others may be experiencing.
Posted on 10-25-2019 12:35 PM
Best practice with profiles is to keep them granular and separate. Even with PPPC and/or KEXT approval profiles its best to keep them as separate items.
I know it can be a little unnerving to see so many profiles, both in terms of your Jamf environment and on the Macs themselves, but, at least as far as the endpoints, there is no limitation I'm aware of for how many profiles a Mac can have. There may be one, but I haven't seen it yet. I tend to think of them like plist files, of which there are hundreds on every Mac, managing all kinds of things in individual apps. Keeping them separated out makes it easier to make discrete changes that don't end up affecting other settings that may be part of the same profile.
Posted on 10-25-2019 01:05 PM
I like keeping mine separate, so each kext has it's own config profile. I just feel that it would be easier to administer if i had an issue.