2024-9-24 21:6:21 Author: derflounder.wordpress.com(查看原文) 阅读量:6 收藏
Home > Gatekeeper, Mac administration, macOS, Management Profiles > Managing Gatekeeper with configuration profiles on macOS Sequoia
Managing Gatekeeper with configuration profiles on macOS Sequoia
Now that the spctl tool can no longer separately manage Gatekeeper, management profiles are the best way to manage Gatekeeper on macOS Sequoia. For more details, please see below the jump.
On macOS Sequoia, the following management options are available (all use boolean values of true and false):
AllowIdentifiedDevelopers
- If set to true, this setting enables Gatekeeper’s Mac App Store and identified developers option.
- If set to false, this setting enables Gatekeeper’s Mac App Store option, which restricts Gatekeeper to only accepting apps from Apple’s Mac App Store.
EnableAssessment
- If set to true, this setting enables Gatekeeper to assess applications. This works in combination with the AllowIdentifiedDevelopers setting described above.
- If set to false, this setting sets Gatekeeper to accept all apps (effectively disabling Gatekeeper.)
Please see below for example profiles:
Disable Gatekeeper:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>EnableAssessment</key> | |
| <false/> | |
| <key>PayloadDisplayName</key> | |
| <string>System Policy Control #1</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.systempolicy.control.A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.systempolicy.control</string> | |
| <key>PayloadUUID</key> | |
| <string>A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Disable Gatekeeper</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.21516E89-BABE-4834-A3F4-CCA83B144124</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>21516E89-BABE-4834-A3F4-CCA83B144124</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
Enable Gatekeeper and allow Identified Developers:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>AllowIdentifiedDevelopers</key> | |
| <true/> | |
| <key>EnableAssessment</key> | |
| <true/> | |
| <key>PayloadDisplayName</key> | |
| <string>System Policy Control #1</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.systempolicy.control.A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.systempolicy.control</string> | |
| <key>PayloadUUID</key> | |
| <string>A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Enable Gatekeeper and allow Identified Developers</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.26D1851E-1929-43BA-980D-07678292B533</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>26D1851E-1929-43BA-980D-07678292B533</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
Enable Gatekeeper and not allow Identified Developers:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>AllowIdentifiedDevelopers</key> | |
| <false/> | |
| <key>EnableAssessment</key> | |
| <true/> | |
| <key>PayloadDisplayName</key> | |
| <string>System Policy Control #1</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.systempolicy.control.A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.systempolicy.control</string> | |
| <key>PayloadUUID</key> | |
| <string>A64CB883-59A7-4603-9B45-F4863ADE8E18</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Enable Gatekeeper and not allow Identified Developers</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.ECDF666F-943A-4530-8725-4D68624E687A</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>ECDF666F-943A-4530-8725-4D68624E687A</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
Both of these management options (AllowIdentifiedDevelopers and EnableAssessment) have been around for a while, but there is a new management option for macOS Sequoia. On Sequoia, Gatekeeper can now prompt the user to upload blocked malware to Apple for Apple to analyze. As part of this, Apple added the following management option:
EnableXProtectMalwareUpload
- If set to true, this setting enables Gatekeeper to prompt the user to upload blocked malware to Apple.
- If set to false, this setting prevents Gatekeeper from prompting the user to upload blocked malware to Apple.
Please see below for example profiles:
Allow XProtect Malware Upload:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>EnableXProtectMalwareUpload</key> | |
| <true/> | |
| <key>PayloadDisplayName</key> | |
| <string>System Policy Control #1</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.systempolicy.control.7C454761-633D-43A1-8007-D8F4CCE2EAD5</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.systempolicy.control</string> | |
| <key>PayloadUUID</key> | |
| <string>7C454761-633D-43A1-8007-D8F4CCE2EAD5</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Allow XProtect Malware Upload</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.51C1F0F8-1B72-4445-BEFF-8901AADE2CFC</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>51C1F0F8-1B72-4445-BEFF-8901AADE2CFC</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
Block XProtect Malware Upload:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>EnableXProtectMalwareUpload</key> | |
| <false/> | |
| <key>PayloadDisplayName</key> | |
| <string>System Policy Control #1</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.systempolicy.control.4CB2A13D-B8D2-4EA9-986E-B29A757805DA</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.systempolicy.control</string> | |
| <key>PayloadUUID</key> | |
| <string>4CB2A13D-B8D2-4EA9-986E-B29A757805DA</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Block XProtect Malware Upload</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.company.C184E62D-C41F-41CF-BA76-AE24EDC9C0D6</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>C184E62D-C41F-41CF-BA76-AE24EDC9C0D6</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
如有侵权请联系:admin#unsafe.sh