defaults write /var/db/SystemPolicy-prefs enabled no. However, doing so is not really going to provide all the options available in the GUI. To configure the options, Apple has provided spctl, a command line tool used to manage Gatekeeper. In it’s simplest form, Gatekeeper can be enabled using the –master-enable and –master-disable options, which are pretty straight forward. Use –master-enable to enable Gatekeeper:
spctl --master-enableAnd then use –master-disable to disable Gatekeeper:
spctl --master-disableWhether Gatekeeper (assessments) is enabled or disabled can be returned using the –status option:
spctl --statusThe -a option is used to assess an application to see if it will open or not:
spctl -a /Applications/GitHub.appIf an application passes and has a rule available then you’ll get no response. If there’s no rule for the application, you’ll get a response that:
/Applications/GarageBuy.app: unknown error 99999=1869fYou add rules about apps using the –add option. Each app gets a label, defined with the –label option. For example, to add GitHub:
spctl --add --label "GitHub" /Applications/GitHub.appTo then enable access to GitHub:
spctl --enable --label "GitHub"Or disable:
spctl --disable --label "GitHub"As with most things, there’s actually a rub.
spctldoesn’t always work. I’ve had more than a few issues with getting the labels to apply just right. Sometimes the -a will report back that an app is rejected and it will still open. I think this is first gen technology and that prior to relying on it that it would be a really good idea to test very thoroughly before deploying.
krypted July 25th, 2012