Gatekeeper enabled
Gatekeeper enabled
Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.
Control
Create or edit a configuration profile with the following information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>EnableAssessment</key>
<true/>
<key>PayloadDisplayName</key>
<string>System Policy Control</string>
<key>PayloadIdentifier</key>
<string>com.apple.systempolicy.control.6CA698CD-1DBB-445C-BDA3-60E35FBBF0E9</string>
<key>PayloadType</key>
<string>com.apple.systempolicy.control</string>
<key>PayloadUUID</key>
<string>6CA698CD-1DBB-445C-BDA3-60E35FBBF0E9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Enable Gatekeeper</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.enablegatekeeper.DF30A9A2-C9F9-421D-A26A-6FAA7216E72F</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>DF30A9A2-C9F9-421D-A26A-6FAA7216E72F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Create or edit the following script and configure it to run when the check fails:
#!/bin/sh
## command to enable gatekeeper
/usr/sbin/spctl --master-enable
Check
Use the policy below to verify:
SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;spctl --status | grep -q 'assessments enabled' && echo 1 || echo 0
PowerShell commands are currently work in progress, contributions welcome.
Bash commands are currently work in progress, contributions welcome.
macOS/apple
Windows
Linux
ChromeOS
Edit page
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
