Yosemite and disabling gatekeeper using a profile

New Contributor

We use a profile to disable gatekeeper. This was working fine in Mavericks, but machines upgrading to Yosemite now find the value reset to "Mac App Store and identified developers". I see the profile for both versions has a com.apple.systempolicy.control payload set with AllowIdentifiedDevelopers=1 and EnableAssessment=0, but I'm not sure if EnableAssessment=0 means disable it. Even if it does Yosemite seems to be ignoring it.

Has anyone else run across this and figured out a solution? What should be set in a profile to disable Gatekeeper?


New Contributor III

Gatekeeper is reenabled after 30 days if it hasn't been overridden. Have a policy every ~7 days so that when the user checks in it just runs:

/usr/sbin/spctl --master-disable

This command is the same as previous OS's but from our testing, its still valid.

Esteemed Contributor
Esteemed Contributor

Just wanted to link in the other thread from the double post: https://jamfnation.jamfsoftware.com/discussion.html?id=12501