Yosemite and disabling gatekeeper using a profile

BGR
New Contributor

We use a profile to disable gatekeeper. This was working fine in Mavericks, but machines upgrading to Yosemite now find the value reset to "Mac App Store and identified developers". I see the profile for both versions has a com.apple.systempolicy.control payload set with AllowIdentifiedDevelopers=1 and EnableAssessment=0, but I'm not sure if EnableAssessment=0 means disable it. Even if it does Yosemite seems to be ignoring it.

Has anyone else run across this and figured out a solution? What should be set in a profile to disable Gatekeeper?

6 REPLIES 6

BGR
New Contributor

eh, double post. . .

BGR
New Contributor

I confirmed this is a Yosemite bug.

davidacland
Honored Contributor II
Honored Contributor II

The terminal command still works:

spctl --master-disable

You could just set it as a policy.

Not fixing the profile issue but achieves the same goal!

aamjohns
Contributor II

I just use a scripted policy now. Yes, I too noticed that the configuration profile settings were not working with Yosemite (or the converse, whichever it is).

I also use: spctl --master-disable

Olivier
New Contributor II

The best way you can use to reverse-engineer this, is to install and run Apple Profile Manager, configure the option there, download the profiles (.mobileconfig format) and have a look inside.

bentoms
Release Candidate Programs Tester

FWIW, the 10.9.5 update also seems to disable GateKeeper.. we run the same command as what has been linked to re-disable