I am trying to whitelist two kernel extensions as part of a MDS deployment. I know the command (spctl kext-consent add <Team-id>) has to be run from Recovery, but it doesn’t work when running MDS scripts. It works fine after MDS finishes and I reboot into recovery.
What’s the best way to do this with MDS? I’m trying to avoid having all of our users manually allow extensions.
