Skip to main content
Question

Systems extensions not available to approve in Security & Privacy.

  • May 17, 2020
  • 6 replies
  • 57 views
J
Forum|alt.badge.img+2

Good Afternoon,

I was testing a new configuration profile to approve a kernel extension. I accidentally unchecked the "Allow users to approve kernel extensions" box in the profile. Once the profile was deployed to test systems, extensions that were approved requested approval again.

However, there was no way to approve them in the Security and Privacy preference panel. I checked the box and deployed the profile again, but no changes. I have restarted, no change. I have uninstall parallels and reinstalled, same issue. I did a new installation of parallels on a system and still the problem persists. This occurs on High Sierra, Mojave and Catalina

Does anyone know of possible solutions?

thanks
Jeff Polasek

      6 replies

      S
      Forum|alt.badge.img+9
      • shaquir
      • Contributor
      • May 18, 2020

      Jamf has some documentation on Whitelisting Kernel Extensions

      To view the approved ID, in terminal you can:

      sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

      Followed by:

      .headers on
SELECT * FROM kext_policy;

      Once you have the TeamID (Parallel should be 4C6364ACXT)

      Add the Team ID in a Kernel extension and scope appropriately. (I'd leave out the bundle ID, team ID is the parent process)

      S
      Forum|alt.badge.img+9
      • shaquir
      • Contributor
      • May 18, 2020

      Just came across this guide:
      https://derflounder.wordpress.com/2018/04/12/whitelisting-third-party-kernel-extensions-using-profiles/

      J
      Forum|alt.badge.img+2
      • j-polasek
      • Author
      • New Contributor
      • May 18, 2020

      Thanks for the responses. I wasn't exactly clear on the issue. Software that had been running with approved system extensions started displaying the message that the system extensions need approval, but there is no allow button in the Security & Privacy panel. I setup the profile to allow parallels

      But the extensions still do not load.

      Any Ideas?

      Thanks

      Jeff

      G
      Forum|alt.badge.img+1

      @j-polasek You need the approved kernel extentions.

      E
      Forum|alt.badge.img+1
      • eric_shrimer
      • New Contributor
      • March 11, 2021

      @GeoffWiddowson sorry to reply to such an old thread! But from my understanding, the Team ID isn't enough, you need to add the actual kernel extension bundle ID's too, or the user won't be able to allow them?

      D
      Forum|alt.badge.img+6
      • Dalmatian
      • Contributor
      • March 18, 2021

      I have the same issue here. like Box.app, Google Drive.app and Parallels Desktop.app. My user was upgrading from Catalina to BigSur, all these 3 apps were allowed and working well on Catalina, but didn't work any more on BigSur, plus there is no 'Allow' button to approve.

      This is happening on more and more laptops upgrading to BigSur. How can we reduce the impact and do it via JAMF? We can't add all apps in profiles.

        Terms & ConditionsCookie settingsAccessibility statement