Systems extensions not available to approve in Security & Privacy.

j-polasek
New Contributor II

Good Afternoon,

I was testing a new configuration profile to approve a kernel extension. I accidentally unchecked the "Allow users to approve kernel extensions" box in the profile. Once the profile was deployed to test systems, extensions that were approved requested approval again.

a5cd3c13ca0a490b85ddc8c4d295657d

However, there was no way to approve them in the Security and Privacy preference panel. I checked the box and deployed the profile again, but no changes. I have restarted, no change. I have uninstall parallels and reinstalled, same issue. I did a new installation of parallels on a system and still the problem persists. This occurs on High Sierra, Mojave and Catalina

Does anyone know of possible solutions?

thanks
Jeff Polasek

6 REPLIES 6

shaquir
Contributor III

Jamf has some documentation on Whitelisting Kernel Extensions

To view the approved ID, in terminal you can:

sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

Followed by:

.headers on
SELECT * FROM kext_policy;

292cd6433f714072b01f34372f77b32e

Once you have the TeamID (Parallel should be 4C6364ACXT)

Add the Team ID in a Kernel extension and scope appropriately. (I'd leave out the bundle ID, team ID is the parent process)
8a6c6067b4994f538fb80154ad76bfa9

shaquir
Contributor III

j-polasek
New Contributor II

Thanks for the responses. I wasn't exactly clear on the issue. Software that had been running with approved system extensions started displaying the message that the system extensions need approval, but there is no allow button in the Security & Privacy panel. I setup the profile to allow parallels

7d18f20b26894aa1bc2d1dbdb839548d

But the extensions still do not load.

Any Ideas?

Thanks

Jeff

GeoffWiddowson
New Contributor

@j-polasek You need the approved kernel extentions. 086ec019026c437ea1e5e4bf05165b55

eric_shrimer
New Contributor

@GeoffWiddowson sorry to reply to such an old thread! But from my understanding, the Team ID isn't enough, you need to add the actual kernel extension bundle ID's too, or the user won't be able to allow them?

Dalmatian
Contributor

I have the same issue here. like Box.app, Google Drive.app and Parallels Desktop.app. My user was upgrading from Catalina to BigSur, all these 3 apps were allowed and working well on Catalina, but didn't work any more on BigSur, plus there is no 'Allow' button to approve.

This is happening on more and more laptops upgrading to BigSur. How can we reduce the impact and do it via JAMF? We can't add all apps in profiles.