- Jamf Nation Community
- Products
- Jamf Pro
- Disable Mountain Lion Gatekeeper
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Disable Mountain Lion Gatekeeper
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2012 09:18 AM
Just thought I'd share my method for disabling gatekeeper:
[From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/](From http://krypted.com/mac-os-x/manage-gatekeeper-from-the-command-line-in-mountain-lion/)
I created a policy to run the following script targeted to Mountain Lion machines:
#!/bin/bash
# Disable Gatekeeper
sudo spctl --master-disable
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2012 11:38 AM
Is this the equivalent of setting the control in Security and Privacy to "Anywhere" I hope this doesn't turn the entire File Quarantine process off.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2012 11:47 AM
This is the equivalent to setting the preference to 'Anywhere' under Security and Privacy.. Which, as far I know, will allow Mountain Lion to behave like Lion as far as software installs go. I'm not sure about the file quarantine..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2012 11:52 AM
Thanks. Yeah, I saw when running that it sets the radio button to Anywhere, which is cool. I just looked at the man page for spctl (which I had never heard of before so thanks for that) and the description for --master-disable states:
Disable the assessment subsystem altogether.
So that's why I was wondering what this actually does.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2012 12:19 PM
OK I answered my on question. It doesn't disable the regular check on files/DMGs downloaded from the internet. The popup saying "App name" is an application downloaded from the Internet Are you sure you want to open it?" still appears.
So that's good. It just turns the new GateKeeper function to allow installers from Anywhere.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 11:53 AM
Any reason why you wouldn't use the a profile to set the GateKeeper to allow installers from anywhere?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 12:06 PM
Yes, if you aren't using Config Profiles. We aren't using them yet. We may start to look at them now with the release of 10.8, but up until now we haven't had the need to use them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 12:52 PM
You can mix MCX and Config profiles though right? Like just having a payload for this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-06-2012 02:24 PM
@Matt
I've heard that
IFMCX happens to work on 10.8, it's a lucky fluke. Apple is pushing the Config Profile issue as the primary (read "only") supported method for management. Good luck.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2013 11:00 AM
FYI I just ran into this - Cisco WebEx will crash under 10.8.2/10.8.3 if Gatekeeper is set to MAS only or MAS + identified developers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 09:30 AM
Thanks, this may come in handy for us soon.
