Posted on 02-08-2021 04:40 AM
Just curious to see if other admins are managing their system extensions all within a single profile. We use Symantec, CrowdStrike, and AnyConnect, which all have bundled profiles from the vendor (including the system extensions).
Just wondering if anyone is splitting out the system extensions from bundled profiles or keeping them within a profile for the specific apps/
Posted on 02-08-2021 05:14 AM
I've had most of mine split between PPPC & Kext Approvals, but some bundled together (like Sophos.) Since we have some M1 and Big Sur test units, I have started splitting the ones I had together. I'm not sure what the best practice is in regards to this, so I'm also curious.
Posted on 02-08-2021 05:22 AM
We have ours split, main reason being that we have quite different targets for the different SE's, and I don't like installing stuff that is not needed on that device. Keeping them seperate also has the advantage that I don't need to replace the profiles on all the nodes when I need to change the profile for one SE only.
Posted on 02-08-2021 06:29 AM
We've always split out. Downside is it means 60+ profiles on a machine. Upside is that if I need to change something for one vendor I do not affect a profile for another vendor. And if I need to only change a PPPC setting, I do not affect the Notification profile for the same vendor, for example.
There is no right or wrong, it's just what your preference is, honestly.
Posted on 02-08-2021 03:22 PM
Anyone know if a duplicate system extension profile can cause any issues? We currently have our system extensions all in 1 profile. Wondering if you forget to take the system extension payload out of a vendor provided profile if it would cause any havoc.
Posted on 02-09-2021 05:00 AM
As long as the settings are identical you should not have any problem with a duplicated profile. The fun starts when they diverge.