Whitelist Kernel Extensions in Mojave

I am trying to whitelist two kernel extensions as part of a MDS deployment. I know the command (spctl kext-consent add <Team-id>) has to be run from Recovery, but it doesn’t work when running MDS scripts. It works fine after MDS finishes and I reboot into recovery.

What’s the best way to do this with MDS? I’m trying to avoid having all of our users manually allow extensions.

Make sure that the scripts with spctl is run “when running workflow”:


1 Like

Thanks, that did the trick!

1 Like