Page tree

Affected version(s): OXAppSuite 7.10.0 and above, also OXGuard 2.10.0 and above


You are unable to set the default value for users under "Security > OXGuard" which would allow your users to send encrypted emails by default when composing new mail. You are using the following documentation, which is not working:

How can this be configured for a select group of users, who have not yet set up OX Guard? What exactly is the correct syntax for "changeuser --addguipreferences"?

Root Cause:

The documentation above applies only for the OX6 version of Appsuite. The -addguipreferences parameter will not work for later versions of the product. If you try to set the flag for a certain user, the command will appear to be successful:

changeuser --addguipreferences command result
"2019-08-13T12:25:11,331+0200 INFO  [RMI TCP Connection(2492)-]
User 3 in context 1 changed! Changed attributes: password-mechanism, gui, username"

(warning) This is because the property is successfully set, but it does not provide the needed function in versions later than OX6 Appsuite.


The following solution can be used for OX Appsuite 7.10.0 and later.

(info) We recommend that you test this in a staging or QA environment first.
(info) Take care that your spacing is correct in yml files, or OX Appsuite may not start correctly.

In your /opt/open-xchange/etc/meta/guard.yml, add the following, to map a middleware configuration value to the UI value:

    preferencePath: oxguard//defaultEncrypted

(warning) IMPORTANT (warning)
You MUST add a default value for com.openexchange.guard.defaultEncrypted in a properties file. We recommend adding it to, but any configuration file in the middleware will work. If you are running Guard on the middleware servers (not separate servers), then you could also put this in the file.


(warning) If you do not set a default value in a properties file, it will trigger OX Guard to upgrade from 2.8 to 2.10 (when this value was added), and users will lose their default settings for signing, encryption, and inline.

Once the above is in place, you can set the default encryption option for composing an new mail with the changeuser command as follows:

/opt/open-xchange/sbin/changeuser -A oxadmin -P secret -c 1 -i 5 --config/com.openexchange.guard.defaultEncrypted=true

(info) -A = the oxadmin user, -P = the oxadmin password, -c = the context, -i = the user ID

This can also be set at context level with changecontext, if desired. This will set the value to true for the user, but they will be able to uncheck it if they choose.