Help packaging Security & Privacy

daniel_kaminski
New Contributor III

Hey everyone. In the past I have baked all my settings into the base, but wanted to try my hand at a clean base OS via AutoDMG and customizing it after the fact. I'm having trouble with settings I normally set in System Preferences > Security & Privacy.

The two things I'd like to control are:
2. Allow apps downloaded from: Anywhere
3. Advanced... check 'Require an administrator password to access system-wide preferences'

Composer doesn't seem to capture what is being changed/modified when I make these changes, so I am not sure how to set these settings en mass.

1 ACCEPTED SOLUTION

thoule
Valued Contributor II

You can shut off gatekeeper with

spctl --master-disable

..That may be overkill, but that may be what you're looking for.

As for 'Require Admin', I think that needs to done via the authorization.db, but need to look it up to be sure.

View solution in original post

6 REPLIES 6

thoule
Valued Contributor II

You can shut off gatekeeper with

spctl --master-disable

..That may be overkill, but that may be what you're looking for.

As for 'Require Admin', I think that needs to done via the authorization.db, but need to look it up to be sure.

ljungholms
New Contributor

Are you talking about a configuration profile?
Security and Privacy/Allow Apps From Anywhere
Restrictions/Restrict Items in System Preferences

daniel_kaminski
New Contributor III

@thoule you were right on the money with both. I removed all the directories Composer ignores by default and voila... found both. @ljungholms thanks for chiming in; I'll check that out as an option as well.

bentoms
Release Candidate Programs Tester

@Kaminski as per @ljungholms advised. Some of these should be managed via a profile.

I say "some" as GateKeeper will reset it status after 30 Days as per this

donmontalvo
Esteemed Contributor III

@bentoms Wow, I really need to bookmark @rtrouton's blog for nightly reeding. Great find!

--
https://donmontalvo.com

Taylor_Armstron
Valued Contributor

^^ That made me laugh Don, as yours, Ben's, and Rich's blogs are all ones I read regularly :) Figured the 3 of you had known each other for a long time!