disable Gatekeeper with configuration profiles in macOS 15

README.md

Disable Gatekeeper with Configuration Profiles

Starting from macOS 15, sudo spctl --master-disable is no longer supported to disable Gatekeeper.

We need to disbale it with Configuration Profiles.

How

• Create a new configuration profile, an XML file with .mobileconfig extension, refer the sample file in this gist
• replace the UUID with your own, you can use uuidgen in terminal to generate a new one
• 2 UUIDs are required, one for the profile and one for the payload
• double click the .mobileconfig file to install the profile on your Mac
• in system pereferences -> device management, click to open the profile and enable it
• restart the Mac

You can see in Sysytem Settigns -> Security & Privacy, allow applications from Anywhere is set.

sample.mobileconfig

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadType</key>
        <string>com.apple.systempolicy.control</string>
        <key>PayloadUUID</key>
        <string>FIRST-UUID-HERE</string>
        <key>PayloadIdentifier</key>
        <string>com.yourcompany.profile.systempolicy</string>
        <key>PayloadDisplayName</key>
        <string>System Policy Control</string>
        <key>PayloadDescription</key>
        <string>Configures System Policy Control settings</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>EnableAssessment</key>
        <false />
      </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Disable Gatekeeper</string>
    <key>PayloadIdentifier</key>
    <string>com.yourcompany.profile</string>
    <key>PayloadRemovalDisallowed</key>
    <false />
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>SECOND-UUID-HERE</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

Ты не в состоянии отличить команду master disable от команды GLOBAL DISABLE?

They're exactly the same, and neither works.

I feel compelled to apologize to everyone who finds this thread utterly unuseful. Honestly don't know what's @ilgam111's story here.

Всё что тебе осталось - это в настройках конфиденциальности выбрать пункт "Из любых источников"

Another round of completely useless conversation

This is exactly what "not working via CLI" means, which is what I was asking about initially. It's clear you're having troubles reading plain text, but screenshots seem to work better on you for some reason, so here goes:

Now, as comforting as it is to keep proving things to random people on the Internet — especially to the ones with such impeccable attention to details as you've demonstrated above — I suggest that we steer the conversation into more constructive manner. Which is: unless you know how to disable Gatekeeper via CLI only (e.g. so that you can provision 300 hosts, say, with Ansible or ssh without having to click buttons in System Preferences), please don't bother me or anyone in this thread.

Thank you very much for your understanding.