Yosemite and disabling gatekeeper using a profile

BGR
New Contributor

We use a profile to disable gatekeeper. This was working fine in Mavericks, but machines upgrading to Yosemite now find the value reset to "Mac App Store and identified developers". I see the profile for both versions has a com.apple.systempolicy.control payload set with AllowIdentifiedDevelopers=1 and EnableAssessment=0, but I'm not sure if EnableAssessment=0 means disable it. Even if it does Yosemite seems to be ignoring it.

Has anyone else run across this and figured out a solution? What should be set in a profile to disable Gatekeeper?

2 REPLIES 2

jcurrin
New Contributor III

Gatekeeper is reenabled after 30 days if it hasn't been overridden. Have a policy every ~7 days so that when the user checks in it just runs:

/usr/sbin/spctl --master-disable

This command is the same as previous OS's but from our testing, its still valid.

bentoms
Release Candidate Programs Tester

Just wanted to link in the other thread from the double post: https://jamfnation.jamfsoftware.com/discussion.html?id=12501