How to Prevent Gatekeeper Turning Back On Automatically in Mac OS X

Nov 5, 2015 - 13 Comments

Stop Gatekeeper turning itself back on again automatically in Mac OS X Gatekeeper is a security feature built into Mac OS X which helps to prevent unauthorized applications and code from executing on a Mac. Most users have encountered Gatekeeper before when they go to open an application downloaded from the internet, where you see an “App can’t be opened because it is from an unidentified developer” error message. Because Gatekeeper is a worthwhile security feature, almost all Mac users should leave it enabled, but some advanced OS X users, developers, and systems administrators may need to disable Gatekeeper. While you can do that, users will find that Gatekeeper re-enables itself after a 30 day period has lapsed, basically meaning that Gatekeeper will turn itself back on even if it has been turned off.

This is a security feature called ‘Auto Rearm’ and it’s a new addition to Gatekeeper in MacOS Sierra, OS X El Capitan and Yosemite, but with a little effort the auto-enable feature can be disabled too.

Disabling Gatekeeper Auto-Rearm Feature in Mac OS X

With a defaults command string you can prevent Gatekeeper from reactivating itself after it has been disabled for 30 days. This applies to modern versions of Mac OS X, but is really only relevant for advanced users.

Open the Terminal application (/Applications/Utilities) and enter the following defaults command string:

sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool NO

Hit return and enter the admin password as usual, this will prevent Gatekeeper from turning itself back on again after 30 days the next time you turn the feature off in the settings or from the command line.

Gatekeeper in OS X will turn itself back on automatically

Re-Enabling Gatekeeper AutoRearm with defaults in Mac OS X

To go back to the default setting and return Gatekeeper to it’s automatic reactivation abilities after 30 days, simply enter the following command string in the terminal:

sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool YES

Again hit return and enter an administrator password, Gatekeeper will turn itself back on again as intended.

Should the average user do this? No. Even for advanced users, this may be considered somewhat extreme, and perhaps a better approach may be to go about adding Gatekeeper exceptions manually for apps as needed, or just use the bypass method through System Preferences when an app is encountered by Gatekeeper.

Heads up to JonsView for discovering this defaults command.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, Security, Tips & Tricks

13 Comments

» Comments RSS Feed

  1. Wharf Xanadu says:

    So that’s why this Keeps turning on wow I did. It know

  2. Avenged110 says:

    This is how disabling security features should be. I love when Apple provides a way to disable things people don’t want, but hides the option behind a slightly more advanced wall, hopefully quelling Apple’s fears of unaware people turning off important protections. As opposed to iOS, where the only way to get around things is a jailbreak.

    • Sebby says:

      Nah, this strikes me as just another example of Apple’s hubris and overbearing paternalism. If I said “Off”, I meant “Off”. Devs should be thankful their apps are still relevant; if they weren’t, the default would be MAS-only installs by now, and they’d be singing a very, very different tune about the benefits of this particular misfeature.

  3. Gatekeeper should be left on. Period.

    • DG says:

      For you. What a ludicrous comment.

      • anon says:

        Actually, it’s helpful for everyone beacause it warns you when an app wasn’t reviewed by Apple. If it wasn’t, you can still open it with Gatekeeper on. So why turn it off unless you download a lot of non-reviewed apps? Also, keep in mind that it justs bugs you the first time you open the app.

  4. not overly impressed says:

    El Capitan + Gatekeeper = Windows Vista = Upgrade Regret

  5. not overly impressed says:

    Here is a summary of Gatekeeper in El Capitan

    1. Breaks many your USB devices – Gatekeeper prevents drivers from working. Apple’s response is to tell you to buy new USB devices or complain to developer. Developer tells you to complain to Apple.
    2. Breaks many 3rd party apps.
    3. Takes away control from the Unix shell. Just try deleting some files from the shell prompt. Even with sudo it just ignores what you tell it to do.

    Example: I took a photo with my Android phone and uploaded the JPEG file to DropBox. Gatekeeper refuses to let Photos app view the JPEG photo because “App can’t be opened because it is from an unidentified developer”. WTF????

    If I wanted to run Windows Vista I would install it. Apple should stop mommy coddling users and let power users decide if and when they want an OS nanny taking over.

    • Weird Music says:

      You can turn off SIP protection in El Capitan if you’re advanced enough to be bothered by Gatekeeper, but really most users aren’t there or won’t benefit, if anything trying to disable SIP and Gatekeeper is a bad idea for 99.9% of Mac users.

      http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/

    • anon says:

      “Takes away control from the Unix shell. Just try deleting some files from the shell prompt. Even with sudo it just ignores what you tell it to do.”

      Of course you can do what you said. They just prevent you from messing with system directories. If you don’t know what you are doing in Terminal (and you seem like you don’t), go learn more about it before trying to remove files from folders protected in El Capitan.

  6. Jon says:

    I run Mavericks (and will not upgrade until I have absolutely no choice) and Gatekeeper still mysteriously “rearms” itself periodically. This appears to not be exclusive to Yosemite or later.

  7. Dis says:

    It’s not working for me it said “not in the sudoers file. This incident will be reported.” Can you guys help me?

    • David Nix says:

      Your account must be an admin account under Users and Groups to sudo. You will be prompted for your password when you attempt to sudo and when you type it in nothing will appear to happen in the terminal box. Hit enter and it will return your bash prompt if you are successful.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Recent Posts