|
|
|
|
Using MDM Configuration
Starting with macOS High Sierra 10.13.2, you can use MDM to specify a list of kernel extensions which will load without user consent. This option requires a Mac running macOS High Sierra 10.13.2 which is either enrolled in MDM via the Device Enrollment Program (DEP) or whose MDM enrollment is User Approved. For more information about User Approved Kernel Extension Loading and User Approved MDM enrollment, please see the following Apple Support article: https://support.apple.com/en-gb/HT208019
At the time of this writing, simply enrolling a Mac computer in MDM automatically disables User Approved Kernel Extension Loading. This means that Parallels Desktop will start normally on such a Mac computer. However, this will change in spring 2018 when an update to macOS is released, according to Apple. When that happens, you will need to approve Parallels Desktop kernel extensions using the Kernel Extension Policy payload described below.
To approve Parallels Desktop kernel extensions, you need to create a macOS configuration profile with the Kernel Extension Policy payload and then install it via MDM on Mac computers. The following table describes the payload keys and how to specify them to approve Parallels Desktop kernel extensions.
Key |
Type |
Value |
|
Boolean |
If set to true, users can approve additional kernel extensions not explicitly allowed by the configuration profile. |
|
Array of Strings |
Specifies team identifiers that define which validly signed kernel extensions will be allowed to load. Parallels team identifier is |
|
Dictionary |
A set of kernel extensions that will be allowed to load on a Mac computer. The dictionary maps the team ID to an array of bundle IDs. The Parallels team ID is
Note that the |
If your Mac computers are not enrolled in MDM, you can use the spctl command described in the section that follows this one.
 Top of page |
 Feedback |