Undoing Kext Configuration

New Contributor

We are seeing some 10.13.6 gatekeepers not working correctly, thinking that the MDM still needs to approve the extension, and never giving a user the Allow prompt. Even though the configuration on the Mac explicitly is User Approvals Allowed says Yes. This has led me to have to create Whitelist configurations for every Kernel extension installer they might want to use.

I rolled this out to all my Mac population. Whats the best way to turn it off or undo the config? Rescope it to no one? or what?



New Contributor II

Did you ever push the profile with "Allow users to approve kernel extensions" unchecked? If so, I did this as well and finally got the fix from JAMF. If you push the policy with the checkbox unchecked and then remove the scoping to the machines, it will correct the issue. Just had to do this one 150+ machines and it seems to work for most.