---
title: SystemPolicyKernelExtensions
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/systempolicykernelextensions
---

# SystemPolicyKernelExtensions

The payload that configures the kernel extension policies.

## Declaration

```data
object SystemPolicyKernelExtensions
```

## Properties

AllowedKernelExtensions: The dictionary that represents a set of kernel extensions that the system always allows to load on the computer. The dictionary maps team identifiers (keys) to arrays of bundle identifiers. AllowedTeamIdentifiers: The array of team identifiers that define which validly signed kernel extensions can load. AllowNonAdminUserApprovals: If true, nonadministrative users can approve additional kernel extensions in the Security & Privacy preferences. Available: macOS 11+ AllowUserOverrides: If true, users can approve additional kernel extensions that configuration profiles don’t explicitly allow.

## Discussion

Discussion Specify com.apple.syspolicy.kernel-extension-policy as the payload type. Profile availability  |   |   |   |   |   |   |   |  Profile example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>AllowUserOverrides</key>             <false/>             <key>AllowedTeamIdentifiers</key>             <array>                 <string>ABCDE12345</string>             </array>             <key>AllowedKernelExtensions</key>             <dict>                 <key></key>                 <array>                     <string>com.example.mydriver</string>                 </array>                 <key>ABCDE12345</key>                 <array>                     <string>com.example.kext.mydriver</string>                 </array>             </dict>             <key>PayloadIdentifier</key>             <string>com.example.mysystempolicykernalextensionspayload</string>             <key>PayloadType</key>             <string>com.apple.syspolicy.kernel-extension-policy</string>             <key>PayloadUUID</key>             <string>3202f59b-3583-4e6c-82ae-776f3c815df1</string>             <key>PayloadVersion</key>             <integer>1</integer>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>System Policy Kernal Extension</string>     <key>PayloadIdentifier</key>     <string>com.example.myprofile</string>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadUUID</key>     <string>d9fa7f5b-713d-48f8-a8bd-219cf3061873</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

## Topics

### Objects

- [SystemPolicyKernelExtensions.AllowedKernelExtensions](devicemanagement/systempolicykernelextensions/allowedkernelextensions-data.dictionary.md)

## See Also

### System policy

- [SystemPolicyControl](devicemanagement/systempolicycontrol.md)
- [SystemPolicyManaged](devicemanagement/systempolicymanaged.md)
- [SystemPolicyRule](devicemanagement/systempolicyrule.md)