Help

Is Allowed Team Identifiers necessary for System Extensions?

Go to solution
janzaldua
Contributor

Posted on ‎12-17-2022 10:23 PM

So I was getting this error constantly on every machine.

Screenshot 2022-12-17 at 10.08.24 PM.png

When I checked the Approved System Extensions, I noticed there was 'Allowed Team Identifiers' for a few Applications, one being Cisco AnyConnect.

Screenshot 2022-12-17 at 10.09.53 PM.png Screenshot 2022-12-17 at 10.10.36 PM.png

So I created a new Approved System Extensions policy and removed the 'Allowed Team Identifiers' portion for Cisco AnyConnect. As you can see in the NEW policy, the 'Allowed Team Identifiers' is gone. 

Question for clarity... I assume if the Team Identifier is already being entered within Allowed System Extension Types, it would be unnecessary to also add Allowed Team Identifiers. That option seems to be for applications that do not need System Extension or System Extension Types. Is this correct? After I removed the Allowed Team Identifiers in the NEW policy, I didn't see anymore errors... So for clarity, is Allowed Team Identifiers necessary, or can I delete that portion without causing any harm?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
sdagley
Esteemed Contributor II
In response to janzaldua

Posted on ‎12-18-2022 10:12 AM

@janzaldua You are understanding it correctly, you do not want to use both simultaneously for the same extension.

View solution in original post

Reply
3 REPLIES 3

Go to solution
janzaldua
Contributor

Posted on ‎12-17-2022 10:47 PM

Update:

I just read the documentation from here: https://developer.jamf.com/developer-guide/docs/kernel-and-system-extensions

It seems the answer is... 

Allowed Team Identifiers = Allow all System Extensions from the same Team Identifier

Allowed System Extensions = Allow explicit System Extensions by defining each one by Bundle Identifier

So it seems you would need to use one or the other. If you go with the former, you allow all System Extensions. If you go with the latter, you need to specific which System Extensions. Hence the reason for the error from JAMF if you use both simultaneously. 

Someone please confirm I am understanding this correctly, thanks! 😎

0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II
In response to janzaldua

Posted on ‎12-18-2022 10:12 AM

@janzaldua You are understanding it correctly, you do not want to use both simultaneously for the same extension.

Reply

Go to solution
janzaldua
Contributor
In response to sdagley

Posted on ‎12-18-2022 12:44 PM

Thank you!

0 Kudos
Reply