Does anyone know if a configuration profile is reapplied after macOS is upgraded? I have a config profile approving a handful of KEXTs. The profile was applied while the Mac was running High Sierra. They've now upgraded to Mojave and are complaining a few apps weren't working. Turns out, the KEXTs needed to be manually approved locally.
My understanding is that config profiles only apply their magic once. If you deploy a PPPC profile to a 10.12 or 10.13 machine they won’t know what to do with it so they’ll ignore it. And when you do upgrade to Mojave, the profile won’t magically wake up and do its thing. So we only scope PPPC profiles to machines that know what to do with them (10.14 machines).
Same logic is why we scope UAKEL whitelist profiles only to machines with ≥10.13.4.
Do you have a Kext config profile scoped to 10.13 and 10.14, or are you kext whitelists built into profiles for each OS? Either way, I have recon set to run at startup, so config profiles scoped to smart groups based on OS should cover it.
My understanding is that config profiles only apply their magic once. If you deploy a PPPC profile to a 10.12 or 10.13 machine they won’t know what to do with it so they’ll ignore it. And when you do upgrade to Mojave, the profile won’t magically wake up and do its thing. So we only scope PPPC profiles to machines that know what to do with them (10.14 machines).
Same logic is why we scope UAKEL whitelist profiles only to machines with ≥10.13.4.
