With macOS 15 the System Policy Control command line tool at: /usr/sbin/spctl was updated deprecating a swath of options related to manipulating Gatekeeper databases and the assessment subsystem. Options like --global-disable, --add, --remove, etc are “no longer supported” according to the man page. Instead Apple suggests using configuration profiles to make these changes. Additionally, we’re given a few new options which can help the user modify the system policy from within the “Security & Privacy” pane of “System Settings.app”.
Finally, a few of the databases backing Gatekeeper have relocated slightly from macOS ≤14 → 15.
/usr/sbin/spctl man pagespctl options still work?Unfortunately not — instead Apple is instructing users to leverage MDM / configuration profiles instead. When attempting to to disable assessments at the command line with --global-disable we’re given the following error:
This operation is no longer supported. To disable the assessment subsystem, please use configuration profiles.
Similarly, we can try adding a new authority with the --add switch and we’ll be given a similar error message:
This operation is no longer supported. To add an authority, please use configuration profiles.
<aside> ℹ️ If this file does not exist then assessments are enabled. The plist will be created when the state changes.
</aside>
We can can use the following to validate that the system’s assessment state did not change or of course spctl -v status.
≤ macOS 14
/usr/bin/defaults read /var/db/SystemPolicy-prefs.plist enabled
≥ macOS 15
In macOS 15 the location of SystemPolicy-prefs.plist has changed