os_gatekeeper_enable - Sonoma - Misconfiguration
ryan-baier-nih opened this issue · comments
Ryan Baier commented
The Sonoma rule for os_gatekeeper_enable has the mobileconfig: value as true. This should be false since this rule is audited and remediated within the script and not a configuration profile.
Bob Gendler commented
This is actually on purpose.
When you set it with profile it locks the GUI but the command line can override it. So we decided the configuration profile is important but reading the status of the profile doesn't return the actual status of gatekeeper.
Ryan Baier commented
Perfect. Thank you for the explanation.