allow third party apps to launch

New Contributor

How can I allow MS word, or any third-party app, to launch if have set "which apps are allowed to launch" in the restrictions option of a configuration profile? Note that Word is in Applications and not in a sub-folder.


New Contributor III

In your configuration profile, there should be a section for security and privacy. In the latest version of JAMF, you expand that menu and click on general, that is where you can modify the MacGatekeeper settings. You have to slide the switch to turn it on and then select what level of Gatekeeper you want to have. App Store only, the App Store and identified developers, or Anywhere.

You could also set up a script to run that will disable MacGatekeeper on all of your devices if you don't want to use a configuration profile. I have mine set to run once a day in case some macOS update turns MacGatekeeper back on.

#This script will change the Gatekeeper setting to allow applications downloaded from anywhere.

/usr/sbin/spctl --master-disable

Thanks for the reply. Your solution doesn't quite address our needs. We need to set up some Mac books for students to use to write their exam(s). We want the environment to be tightly restricted.  What we are trying to do is restrict all apps except MS Word. This was possible with a previous version of Office since all of the office apps were located in a folder inside Applications. And we were able to allow apps within the folder to launch. Now the Office apps are in Applications we can't do that unless we want to allow all apps in the Applications folder, which kind of defeats the purpose, or move Word into its own folder on all of our laptops, which we'd rather not do.

So my original question might have been better phrased as. Can I restrict all apps (not allow them to launch) except MS Word?

Sorry for not responding for a while. I was on vacation from work. With how the OS works you are asking if you can lock them down to the point of almost being unusable. I don't think macOS has the ability to lock a device to a specific application like the iPads do. Even in the application restrictions under configuration profiles, the only apps that are listed are the MacOS apps. You would have to be using the Restricted software section and manually adding each application that you want to block for those specific devices.