Issue/Question
What Profiles have been configured by ITS on my WKU-owned Mac?
Resolution
To see what profiles are assigned to a Mac:
macOS 13 Ventura
- Click (Apple menu).
- Select System Settings ... .
- Click Privacy & Security.
- Click Profiles.
macOS 12 Monterey and Prior
- Click (Apple menu).
- Select System Preferences ... .
- Click Profiles.
The default setup for WKU Employee Macs contain these Profiles:
The Sharing section allows for multiple settings that make your Mac accessible from another computer. Though convenient in a personal environment, enabling any of the features in an enterprise environment increases the risk of a malicious attack. It is an enterprise security best practice to disable these settings.
This feature allows a user the convenience of using their WKU account password for logging into their computer, or to set a separate password.
macOS Ventura introduced a feature that gives users more control over what apps load at startup. There are a few items WKU ITS requires to be loaded to ensure the computer interacts with our environment properly:
- Cisco AnyConnect Secure Mobility Client: VPN connection to WKU's network when working remotely
- Microsoft products: OneDrive for cloud storage
- Mosyle: connection to WKU's device management (MDM) provider, ensuring the computer can communicate to the MDM
- munkireport-runner: connection to WKU's Mac inventory database, ensuring the computer's hardware information is accurate and operating properly
- SAP: ensures the Privileges app can elevate a standard user to admin when requested
- Support: an app that loads at login in the Apple bar that provides computer information and links to WKU ITS services
In the event any Adobe product is installed, or gets installed, this ensures that they can access any needed files and folders to work properly.
BeyondTrust is the software leveraged for Remote Assistance when contacting WKU ITS. This setting ensures it will allow the support technician to see, share, and interact with your computer.
This ensures that the Chrome browser can access any needed files and folders to work properly.
In the event the DropBox app is installed, this ensures that it can access any needed files and folders to work properly.
This setting:
- allows apps to be installed from the Mac App Store, as well as apps downloaded from the internet--as long as the app was created by a developer verified by Apple.
- requires authentication to unlock/wake the computer.
- allows unlocking the computer with an Apple watch
- allows you to change the computer account password
- enables FileVault for disk encryption
- enabled the built-in Firewall
This customizes the Support app in the Apple bar to link to WKU ITS support.
This customizes the Login Window to display information about the computer and lets you click your computer account instead of typing in the account username.
BeyondTrust is the software leveraged for Remote Assistance when contacting WKU ITS. This setting ensures it will allow the support technician to see, share, and interact with your computer.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
BlackMagicDesign is used for video editing. This setting ensures it can access any needed files, folders, and devices to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
Zoom is the software used for virtual meetings at WKU. This setting ensures it can access any needed files, folders, and devices to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
Cisco AnyConnect is the software used for connecting to WKU's network while working remotely. This setting ensures it can access any needed files and folders to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
Cisco AnyConnect is the software used for connecting to WKU's network while working remotely. This setting ensures it can access any needed files and folders to work properly.
In the event the DropBox app is installed, this ensures that it can access any needed files and folders to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
VMware Fusion is software used for virtualizing an operating system, such as Windows or Linux, on a Mac. This ensures that it can access any needed files and folders to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
Parallels is software used for virtualizing an operating system, such as Windows or Linux, on a Mac. This ensures that it can access any needed files and folders to work properly.
KEXT stands for kernel extension and has been deprecated by Apple for security concerns and replaced with system extensions. However, for Macs not on Monterey or newer, KEXTs must still be used. Once older OSes/computers have been upgraded/replaced, this setting will be removed.
This setting makes internal, external, and connected network drives appear on the desktop by default.
Macs that have not been recently setup by WKU ITS may have different profiles, if any, than what is listed above. If you are uncertain of the authenticity of a profile or would like information on what settings it controls, please contact the
ITS Service Desk.