Launching Network System Extension from automated installation

We have network system extension which is fundamental part of our application and needs to be installed before the application can run.

In many cases we need the installation to be automated, i.e. without logged-in user (with the help of MDM solution like JAMF).

Is there a way to activate the extension fully automated without logged-in users?

I tried to call 'open -W -a /Application/<path to the extension loader>' from the package's post install script. But seems launch fails if no user is logged in.

Is there a way to activate the extension fully automated without logged-in users?

AFAIK, yes, assuming the Mac is managed.

There are two parts to this:

  • Activating the system extension

  • Configuring and enabling the NE configuration

The second part is standard MDM stuff: You push a configuration profile with the appropriate payload. For example, for a per-app VPN you’d push a com.apple.vpn.managed.applayer payload payload.

The first part is trickier, and not something I’m intimately familiar with. It’s more of an MDM question than an API question.

However, my understanding is that you must first push the app via the MDM system and then push the com.apple.system-extension-policy payload.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Launching Network System Extension from automated installation
 
 
Q