Disable Mountain Lion Gatekeeper

jrtilson
New Contributor

Just thought I'd share my method for disabling gatekeeper:

[From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/](From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/)

I created a policy to run the following script targeted to Mountain Lion machines:

#!/bin/bash

# Disable Gatekeeper
sudo spctl --master-disable
10 REPLIES 10

mm2270
Legendary Contributor III

Is this the equivalent of setting the control in Security and Privacy to "Anywhere" I hope this doesn't turn the entire File Quarantine process off.

jrtilson
New Contributor

This is the equivalent to setting the preference to 'Anywhere' under Security and Privacy.. Which, as far I know, will allow Mountain Lion to behave like Lion as far as software installs go. I'm not sure about the file quarantine..

mm2270
Legendary Contributor III

Thanks. Yeah, I saw when running that it sets the radio button to Anywhere, which is cool. I just looked at the man page for spctl (which I had never heard of before so thanks for that) and the description for --master-disable states:

Disable the assessment subsystem altogether.

So that's why I was wondering what this actually does.

mm2270
Legendary Contributor III

OK I answered my on question. It doesn't disable the regular check on files/DMGs downloaded from the internet. The popup saying "App name" is an application downloaded from the Internet Are you sure you want to open it?" still appears.

So that's good. It just turns the new GateKeeper function to allow installers from Anywhere.

Chris_Hafner
Valued Contributor II

Any reason why you wouldn't use the a profile to set the GateKeeper to allow installers from anywhere?

mm2270
Legendary Contributor III

Yes, if you aren't using Config Profiles. We aren't using them yet. We may start to look at them now with the release of 10.8, but up until now we haven't had the need to use them.

Matt
Valued Contributor

You can mix MCX and Config profiles though right? Like just having a payload for this?

evarona
New Contributor II

@Matt
I've heard that

IF
MCX happens to work on 10.8, it's a lucky fluke. Apple is pushing the Config Profile issue as the primary (read "only") supported method for management. Good luck.

Not applicable

FYI I just ran into this - Cisco WebEx will crash under 10.8.2/10.8.3 if Gatekeeper is set to MAS only or MAS + identified developers.

musat
Contributor III

Thanks, this may come in handy for us soon.