Skip to content

Instantly share code, notes, and snippets.

@hoishing

hoishing/README.md

Created July 24, 2024 12:05
Show Gist options
  • Save hoishing/cadd905b095e15531467255b537f6906 to your computer and use it in GitHub Desktop.
Save hoishing/cadd905b095e15531467255b537f6906 to your computer and use it in GitHub Desktop.
Download ZIP
disable Gatekeeper with configuration profiles in macOS 15
Raw
README.md

Disable Gatekeeper with Configuration Profiles

Starting from macOS 15, sudo spctl --master-disable is no longer supported to disable Gatekeeper.

We need to disbale it with Configuration Profiles.

How

  • Create a new configuration profile, an XML file with .mobileconfig extension, refer the sample file in this gist
  • replace the UUID with your own, you can use uuidgen in terminal to generate a new one
  • 2 UUIDs are required, one for the profile and one for the payload
  • double click the .mobileconfig file to install the profile on your Mac
  • in system pereferences -> device management, click to open the profile and enable it
  • restart the Mac

You can see in Sysytem Settigns -> Security & Privacy, allow applications from Anywhere is set.

Raw
sample.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.systempolicy.control</string>
<key>PayloadUUID</key>
<string>FIRST-UUID-HERE</string>
<key>PayloadIdentifier</key>
<string>com.yourcompany.profile.systempolicy</string>
<key>PayloadDisplayName</key>
<string>System Policy Control</string>
<key>PayloadDescription</key>
<string>Configures System Policy Control settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>EnableAssessment</key>
<false />
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Disable Gatekeeper</string>
<key>PayloadIdentifier</key>
<string>com.yourcompany.profile</string>
<key>PayloadRemovalDisallowed</key>
<false />
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>SECOND-UUID-HERE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
@ilgam111
Copy link

Do I need to paste this directly into terminal exactly as is? I do not know coding but am trying to get my plugin to work that worked on my m1 mac with my new m4

Just type in terminal sudo spctl --global-disable

@RalphSutherland
Copy link

Do you need different UUIDs for each device or can the same mobile profile be used on all my devices?

@ilgam111
Copy link

Do you need different UUIDs for each device or can the same mobile profile be used on all my devices?

Nothing is needed, just enter in the terminal sudo spctl --global-disable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment