Gatekeeper Prompt

New Contributor II

Hello everyone,

When our community installs a new program (such as Google Chrome) for the first time through Self Service, gate keep prompts them to accept that they want to run it. I've been instructed to find a more "user friendly" experience for this and other applications. Does anyone have recommendations?


Contributor II

Create a policy. Files and Processes payload, Execute Command: spctl --master-disable

Contributor II

Adding on to this, spctl --master-disable will turn off gatekeeper completely, which I would recommend against, because you shouldn't trust your users to install only safe applications.
Instead you could create a postinstall script after your policy payload xattr -rd /path/to/file
Not only will this remove the "App cannot be run because the developer is unidentified" but it should also suppress the "This is an app downloaded from the internet" prompt. Additionally, if you are building packages yourself instead of distributing the DMG, you can remove the quarantine before bundling the app with the package, then when it's downloaded from Self Service, the Gatekeeper prompt should be suppressed because there is no quarantine attribute.