Help

Yosemite and disabling gatekeeper using a profile

BGR
New Contributor

Posted on ‎11-06-2014 02:02 PM

We use a profile to disable gatekeeper. This was working fine in Mavericks, but machines upgrading to Yosemite now find the value reset to "Mac App Store and identified developers". I see the profile for both versions has a com.apple.systempolicy.control payload set with AllowIdentifiedDevelopers=1 and EnableAssessment=0, but I'm not sure if EnableAssessment=0 means disable it. Even if it does Yosemite seems to be ignoring it.

Has anyone else run across this and figured out a solution? What should be set in a profile to disable Gatekeeper?

0 Kudos
Reply
2 REPLIES 2

jcurrin
New Contributor III

Posted on ‎11-07-2014 06:06 AM

Gatekeeper is reenabled after 30 days if it hasn't been overridden. Have a policy every ~7 days so that when the user checks in it just runs: 

/usr/sbin/spctl --master-disable

This command is the same as previous OS's but from our testing, its still valid.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎11-07-2014 08:08 AM

Just wanted to link in the other thread from the double post: https://jamfnation.jamfsoftware.com/discussion.html?id=12501

0 Kudos
Reply