Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Extended Security Control v14 Picasso


Please note that the function of extended security control is


implemented in v14

completely, and

but we are planning to deactivate it in the future e.g from v14.9 onwards. If you are using the advance security control feature in v14 so you can as administrator control your users that they are not allowed to make folders locally in the client

but only

and in the web, hence restricting the users to work with


new folders and to restrict them to the old or present folders. Moreover after turning it on the users are unable to change the desktop client preferences and are unable to customize the client as per wish.

We recommend not to use the extended security control in the v14 because the client is a important part of our service and it would be made possible for the user that they have access to the full functionality of the software.


The extended security control can be found out in the Server Preferences > Security > User Account Security > Enable Extended security control, to turning it on simply check the option and the service will start new automatically after the changes.

Extended Security Control v11

Extended Security Control provides administrators with more fine-grained central control of the features accessible for users in the client and web interface. It is possible to centrally disable certain features for clients, e.g. permission to change preferences or creating new folders. These settings are saved per-user.

To enable Extended Security Control click on Preferences > Security > User Account Security as an admin and enable the checkbox on the Enable Extended Security Control option.Enable Extended Security Control

(info) Extended Security Control can also be enabled in the PowerFolder Server Configuration File.

Changes when enabling Extended Security Control

Adds new options to user account preferences in the web interface to control permissions in PowerFolder Clients:

  • Change preferences
  • Change transfer mode
  • Create folders
  • Remove folders

Removes folders on the local computer if permission to the folder is revoked for the specific user account (remote deletion / remote wipe).

Security Control




Remove PermissionDelete FolderDescription


Other Member

OwnOther Member

Local Device

Other Devices

All Devices
DefaultMemberLeave folder(tick)(error)(error)(tick)/(error)*(error)(error)

Folder will be left online, the member will not be able to access the online backup of the folder.

Files on other Devices won't be affected. Other Users won't be affected.



Delete folder(tick)(tick)(tick)(tick)/(error)*(error)(error)

Folder will be deleted online. This affects all Users.

Local folders and other Devices won't be affected.

ExtendendMemberLeave folder(tick)(error)(error)(tick)/(error)*(tick)(error)

Folder will be left online, the member will not be able to access the online backup of the folder.

Files on other Devices will also be deleted. Other Users won't be affected.



Delete folder(tick)(tick)(tick)(tick)/(error)*(tick)(tick)

Folder will be deleted online and on all other Devices. Folder can't be restored anymore.

This affects all Users.

* Local folder can be deleted by checking the "Remove archived files and meta-data"-checkbox within the "Stop Sync"-dialogue, not deleted local folders won't be affected by the "Leave/Delete folder"-action.

Adds the possibility to set a Valid from date in the user account preferences in the web interface. Access is being denied before the set date.

Automatic assignment of permissions and quotas by domain name

The GWDG (Gesellschaft für wissenschaftliche Datenverarbeitung Göttingen mbH) created scripts to automatically assign Extended Security Control permissions and quotas to users during their first login and based on the domain name. The script makes use of the Login Callback and Accounts API. The script is written for usage on Linux servers. For Windows we currently provide no example script. Please check the our API documentation for calls you can use in a batch script on Windows servers.

Download: powerfolder-login-callback-gwdg_20140324.tar.gz

(info) The script itself is licensed under the under the Apache License, Version 2.0 (see In the future it will be hosted via a GitHub repository on the GWDG servers. (thumbs up) Thanks to Tibor Kalman and Benedikt Wegmann for providing us with that script!

(warning) Please note: Though we tested this script and it already works properly for the GWDG, we can give no guarantee that it also works properly in your case as it is still under development and may be subject to changes!

To use the script, please follow the steps below:

  1. Download and extract the script to a suitable location. Usually it is placed under the home directory of the user running the PowerFolder Server, e.g. /home/powerfolder/login-callback. If you are placing it in a different path, please make sure you change the PROGDIR variable in the script:

    Code Block

  2. Change the variables PFSADMIN, PFSPASS and PFSURL in the scripts and powerfolder-tibor-quota.shto match the admin account and password as well as the URL to your servers web interface.

    Code Block
    languagebash /

  3. To set permissions and quotas you first have to create a realm and assign domains with regular expressions in the file gwdg_realm2policygroupto them.

    Code Block
    titlegwdg_realm2policygroup example
    # Creating realm 'group1' for internal users and realm 'group2' for users from a different company. Others will end up in the "nothing" policy defined in the gwdg_policy2attribute file.
    group1	^example\.com$|\.example\.com$
    group2	^powerfolder\.com$|\.powerfolder\.com$

  4. Now we assign permissions and quotas in the file gwdg_policy2attributeto the realms. (info)The realm "nothing" is used, when no matching domain has been found.

    Code Block
    titlegwdg_policy2attribute example
    ### Group 1 (internal users)
    group1	quota=2
    group1	FolderCreate=yes
    group1	FolderRemove=yes
    group1	ChangePreferences=yes
    ### Group 2 (users from a different company)
    group2	quota=1
    group2	FolderCreate=yes
    group2	FolderRemove=yes
    group2	ChangePreferences=no
    ### Others (users not matching a realm)
    nothing		quota=0
    nothing		FolderCreate=no
    nothing		FolderRemove=no
    nothing		ChangePreferences=yes

  5. Last step will be to invoke the script when a user logs into the server via a client of web interface. Please add the entry below to the Server Configuration File and restart PowerFolder Server after that.

    Code Block
    titlePowerFolder.config Server Configuration File


Table of Contents