Right now I cannot open the ports needed for Configuration profiles and it will be some time before I am able to do so.
Does anyone know of another way to disable the ability to override gatekeeper? I looked at the manpage for spctl and didn't see anything indicating a way to do it there.
You don't need to open any ports. You can copy Configuration Profiles locally to a machine and install them using the /usr/bin/profiles command. This is an excellent use for a payload-free package.
Hola! We've had success on 10.9 using a script with the following content:
#!/bin/sh
/usr/sbin/spctl --master-disable
You can run the spctl command as the end user as well, but will need to prepend 'sudo' for it to work.
I set up a policy to run that script at enrollment, once per machine, because setting Gatekeeper settings using a config profile seemed to override our Login Window MCX settings. Hopefully you'll have better luck on your end.
Cheers!
Do you want to disable Gatekeeper? Or do you want Gatekeeper running and remove the ability of your users to control-click and override Gatekeeper's blocking of a particular file?
Oops, sorry, looks like I misread your question. You're looking to disable the ability to override Gatekeeper, right?
My earlier post was just a way to allow apps from anywhere...
fyi, if you use a configuration profile from a current profilemanager there is an option to allow user to change their password box, and it never allows the user to change the password whether checked or unchecked, i submitted it as a bug to Apple. @Dickson you can create profiles deploy them to the system at imaging time or through Casper and install them manually without APNS working,
profiles -I -F /path/to/profile.mobileconfig
Thanks for the great information everyone!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.