Jamf Nation Community

Hola! We've had success on 10.9 using a script with the following content:

#!/bin/sh
/usr/sbin/spctl --master-disable

You can run the spctl command as the end user as well, but will need to prepend 'sudo' for it to work.

I set up a policy to run that script at enrollment, once per machine, because setting Gatekeeper settings using a config profile seemed to override our Login Window MCX settings. Hopefully you'll have better luck on your end.

Cheers!

@Dickson,

Do you want to disable Gatekeeper? Or do you want Gatekeeper running and remove the ability of your users to control-click and override Gatekeeper's blocking of a particular file?

Oops, sorry, looks like I misread your question. You're looking to disable the ability to override Gatekeeper, right?

My earlier post was just a way to allow apps from anywhere...

fyi, if you use a configuration profile from a current profilemanager there is an option to allow user to change their password box, and it never allows the user to change the password whether checked or unchecked, i submitted it as a bug to Apple. @Dickson you can create profiles deploy them to the system at imaging time or through Casper and install them manually without APNS working, profiles -I -F /path/to/profile.mobileconfig

Thanks for the great information everyone!