25

How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra

Posted by Jim Tanous on June 23, 2019
macos sierra gatekeeper

Gatekeeper, first introduced in OS X Mountain Lion, is a Mac security feature that helps protect your Mac from Malware and other malicious software. Gatekeeper checks to make sure the application is safe to run by checking it against the list of apps that Apple has vetted and approved for the Apple Mac Store and/or approved by Apple even if not offered through the app store. These are the three Gatekeeper options:

  • App Store
  • App Store and Identified Developers
  • Anywhere

In macOS Sierra, however, Apple made some important changes to Gatekeeper that seemingly limit the choices of power users who want to download and use the software beyond the list of apps officially approved by Apple.

But don’t worry, Gatekeeper settings can still be changed in macOS Sierra to allow you access to software that’s not officially approved by Apple. The understanding is that users who disable Gatekeeper protection do so at their own risk as you have to be an experienced Mac user to avoid Malware and other malicious software.

Adjust the Gatekeeper Settings

Traditionally, Gatekeeper offered three settings of increasing security: anywhere, App Store and identified developers, and App Store only. The first choice, as its name describes, allowed users to launch applications from any source, effectively disabling the Gatekeeper feature.

The second choice allowed users to run apps from the Mac App Store as well as from software developers who have registered with Apple and securely sign their applications. Finally, the most secure setting limited users to running apps obtained from the Mac App Store only.

While the secure options were good ideas for less experienced Mac users, power users found Gatekeeper to be too limiting and typically sought to disable it by setting it to “Anywhere.

In macOS Sierra, however, the “Anywhere” option is gone, leaving “App Store” and “App Store and identified developers” as the only two options.gatekeeper macos sierra default

Disable Gatekeeper in macOS Sierra from Terminal using a command

The Gatekeeper settings can be found in System Preferences > Security & Privacy > General. The Gatekeeper options are located beneath “All apps downloaded from:” with the choice of “Anywhere” missing. With the “Anywhere” option missing, many Mac users thought that Apple had completely taken away the “Anywhere” option.

Thankfully, Apple didn’t turn off the ability to change the Gatekeeper setting to “Anywhere” it just started requiring users to do it from the terminal with a command, which was a way for Apple to ensure that only macOS power users would likely change the Gatekeeper setting to “Anywhere.” For the most part, only macOS power users know how to use the terminal.

To disable Gatekeeper (i.e., set it to “Anywhere”) from the command line, open a new Terminal window then enter the following command:

$ sudo spctl --master-disable

Since you’re using “sudo” you’ll be prompted for your Mac’s root (admin) password. Enter your root password and the command will change the Gatekeeper setting to “Anywhere.”.

If you want to confirm that the Gatekeeper setting has been changed to “Anywhere” you can launch System Preferences and check the Gatekeeper “Allow apps downloaded from” setting. You’ll now see that “Anywhere” is the Gatekeeper setting. Click the padlock in the lower-left corner to enter your password and make changes, then select “Anywhere” from the list of Gatekeeper options. The security feature will no longer bug you about apps from unidentified developers. You’ll also notice that since you ran the command to change Gatekeeper’s “Allow Apps downloaded from” option to Anywhere that option is now listed in the interface as shown in the screenshot below.
gatekeeper macos sierra anywhere

Temporarily Bypass Gatekeeper

Despite its potentially frustrating limitations, Gatekeeper is indeed an important security feature that can prevent you from accidentally launching malicious applications. If you prefer to leave Gatekeeper enabled but still need to occasionally run an app from an unidentified developer, you can temporarily bypass Gatekeeper by opening the app from the right-click context menu.

To illustrate, when you attempt to open an app from an unidentified developer while Gatekeeper is enabled, you’ll receive the following alert telling you the app can’t be launched:
gatekeeper sierra unidentified developer
To temporarily bypass Gatekeeper, right-click (or Control-click) on the app’s icon and select Open.
gatekeeper bypass sierra
You’ll still receive an alert message, but this time it’s only a warning. Clicking Open again will launch the app.
gatekeeper bypass open

Restore Sierra Gatekeeper Settings to Default

If you’ve enabled the “Anywhere” option by using the Terminal command above and later want to reverse it, you can head back to Terminal and run this command:

$ sudo spctl --master-enable

This command reverses the spctl --master-disable command that you ran to set Gatekeeper’s “Allow app downloads from” setting to “Anywhere.”

If you found this article useful, you might want to check out How to Run Mac Software Update via the Terminal.

Have you set Gatekeepers’ “Download apps from” setting to “Anywhere” before? How did you do it? Please leave a comment below.

25 thoughts on “How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra”

Anon says:
Is there a way to forget all allowed apps?
Reply
matthew says:
Anys-MacBook-Pro:~ matthew$ $ sudo spctl –master-disable
-bash: $: command not found

wha?

Reply
Micros says:
Use a double dash. It somehow got converted to a long dash in your comment.
Reply
Oliver Cordingley says:
Don’t type the $, it is used to show that you are meant to be typing in the terminal
Hacker Space says:
You added a $ the $ already exists as the first character in the terminal
Reply
Ian McKenzie says:
respect
Reply
chazz says:
the command doesn’t work for me
Password:
Usage: spctl –assess [–type type] [-v] path … # assessment
spctl –add [–type type] [–path|–requirement|–anchor|–hash] spec … # add rule(s)
spctl [–enable|–disable|–remove] [–type type] [–path|–requirement|–anchor|–hash|–rule] spec # change rule(s)
spctl –status | –master-enable | –master-disable # system master switch
Reply
Noe says:
Worked PERFECTLY! A million thanks!
Reply
chris says:
Nope! Does not work. I enter the command in Terminal followed by Password only to get another prompt
that requests password with a key next to it. Frustrating.
Reply
Noe says:
I think you are supposed to write the command, hit enter and, when the key appears, type the password 😉
Reply
Oliver Cordingley says:
Just so you know your password isn’t actually shown to you, you just have to assume that it is typing
ALEX JOLLY says:
thanks …it helps me a lot
Reply
vzRowan says:
Is there an option to “undo” this command? (removing de button)
Reply
vzRowan says:
nevermind, never made it to the end of the article, now i read it, sorry.
Reply
Rombout says:
I still see applications are run from a temp folder and not from the applictions folder. I tried manually editing preferences file of such apps but after opening and closing they are reset again to this temp folder. But i did add the Anywhere option again.
Does anyone know some more trick for this?
Reply
Grumpy Mac user. says:
Your issue appears to be because Gatekeeper has some apparently deliberately obfuscated security that is called GateKeeper Path Randomization. This deliberately and secretly vandalises any attempt to modify installed applications.
I can’t find any way to turn gatekeeper off (this article doesn’t help here) but if you copy your app into the Applications directory in finder then you may find it now works… or you may not.
It’s vaguely documented here https://bugs.eclipse.org/bugs/show_bug.cgi?id=507328 where your mac allows you to launch eclipse set a workspace install some addons and them mostly forgets about this as soon as you restart. I can see that preventing modification might be considered a security feature but allowing modification and then removing the modifications without warning seems a deliberate attempt to break applications – perhaps a way to extort money from developers who need to pay to get things signed?
Reply
WX GAMING// Wenxiang//Trollers says:
Thanks this helped me a lot
Reply
disqus_GGYzLlp2oJ says:
It’s not letting me type in my password.
Reply
Bob says:
the password in terminal is never shown for security purposes, just type it in and hit return.
Reply
scoupdogg says:
sigh, probably in the next update this is going too.
i hated Iphone and Liked Mac for the exact same reason, iphone is too walled.
mac is going to same route, probably next option is to move to Chrome OS
Reply
Totellthetruth says:
THanks!
Reply
Beka Kharebava says:
not work !!
iMac:~ mac$ sudo spctl –master-disable
sudo: /etc/sudoers is owned by uid 1, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
iMac:~ mac$
Reply
Joe Clay says:
It works. I did it last night. Something is up with your configuration if you can’t use sudo.
Reply
Beka Kharebava says:
What should I do to solve this problem?
Joe Clay says:
My comment with a link is awaiting moderation, but Google “/etc/sudoers is owned by uid 1, should be 0” since it’s some sort of permissions issue and that line is where the problem is. There’s a guy in the first post that shows up for me who might have a fix with the chown command.
chown root:root /etc/sudoers
David Raybould says:
Awesome! Thank you.
Reply
RIATA de DIOS says:
nice
Reply
Ben Frain says:
Thanks for this post. Was driving me nuts!
Reply
Joe Clay says:
I hate when they make annoying changes like this. I know what I’m installing and running. I made the app that I was trying to run in automator on one of my other machines FFS.
Reply
Gonzalo Guirao Perez says:
Impossible for me.
Gonzalo-Guiraos-iMac:~ gonzaloguirao$ sudo spctl -–master-disable
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
It tells me to put it to the trash, when I try control Open
Reply
Michael Lin says:
You’ll need to edit your /etc/sudoers file with visudo. Try the command “su”, or switch user, to do this.
Reply
Gonzalo Guirao Perez says:
Thanks I will try
Elinei says:
THANK YOU! Exactly what I needed.
Reply
jzumbrun says:
And done.
Reply
Jeremy Michael Lelea says:
You Rule!!!!!
Reply
Terry Luanarista F says:
Thank you so much 🙂
Reply
Zahid Efe says:
Thanks, that’s what I was looking for 🙂
Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.