Skip to main content
Question

Disable Mountain Lion Gatekeeper

  • July 26, 2012
  • 10 replies
  • 24 views
J
Forum|alt.badge.img+4

Just thought I'd share my method for disabling gatekeeper:

[From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/](From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/)

I created a policy to run the following script targeted to Mountain Lion machines:

#!/bin/bash

# Disable Gatekeeper
sudo spctl --master-disable

    10 replies

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • July 26, 2012

    Is this the equivalent of setting the control in Security and Privacy to "Anywhere" I hope this doesn't turn the entire File Quarantine process off.

    J
    Forum|alt.badge.img+4
    • jrtilson
    • Author
    • Contributor
    • July 26, 2012

    This is the equivalent to setting the preference to 'Anywhere' under Security and Privacy.. Which, as far I know, will allow Mountain Lion to behave like Lion as far as software installs go. I'm not sure about the file quarantine..

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • July 26, 2012

    Thanks. Yeah, I saw when running that it sets the radio button to Anywhere, which is cool. I just looked at the man page for spctl (which I had never heard of before so thanks for that) and the description for --master-disable states:

    Disable the assessment subsystem altogether.

    So that's why I was wondering what this actually does.

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • July 26, 2012

    OK I answered my on question. It doesn't disable the regular check on files/DMGs downloaded from the internet. The popup saying "App name" is an application downloaded from the Internet Are you sure you want to open it?" still appears.

    So that's good. It just turns the new GateKeeper function to allow installers from Anywhere.

    Chris_Hafner
    Forum|alt.badge.img+27
    • Chris_Hafner
    • Jamf Heroes
    • July 27, 2012

    Any reason why you wouldn't use the a profile to set the GateKeeper to allow installers from anywhere?

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • July 27, 2012

    Yes, if you aren't using Config Profiles. We aren't using them yet. We may start to look at them now with the release of 10.8, but up until now we haven't had the need to use them.

    M
    Forum|alt.badge.img+20
    • Matt11
    • Valued Contributor
    • August 1, 2012

    You can mix MCX and Config profiles though right? Like just having a payload for this?

    E
    Forum|alt.badge.img+5
    • evarona
    • Contributor
    • September 6, 2012

    @Matt
    I've heard that

    IF
    MCX happens to work on 10.8, it's a lucky fluke. Apple is pushing the Config Profile issue as the primary (read "only") supported method for management. Good luck.

    A
    • Anonymous
    • April 29, 2013

    FYI I just ran into this - Cisco WebEx will crash under 10.8.2/10.8.3 if Gatekeeper is set to MAS only or MAS + identified developers.

    M
    Forum|alt.badge.img+12
    • musat
    • Valued Contributor
    • April 30, 2013

    Thanks, this may come in handy for us soon.

    Terms & ConditionsCookie settingsAccessibility statement