Brief for a Schools Management Console:
A small web based (ASP?) solution to allow non-administrative users to perform certain tasks for specific user groups on Windows AD based networks.
When opening the console (web) integrated authentication will determine roles and functions available dependent upon AD security group membership, the four levels being Student, Teacher, Technician, Administrator (configurable in settings) – as users could be members of more than one AD security group the highest ranking should be assumed. If unable to use integrated authentication a login dialog (forms based) should be presented but when authenticating this way only functions 1 and 2 should be available.
When the console loads initially there should be a field in which you enter the username for the account you want to change and a Validate or Go button, this will confirm the user exists, load the user information, check their AD security group membership and display their profile path. Once verified the available options should become visible on the console – functions should only be available where the logged in user is a member of a higher ranking AD security group than the manipulated users highest AD security group membership and the configuration allows (for example technicians may be allow to reset passwords and profiles for teachers but not have access to restore user files)
AD Password reset for specified user > enter new password twice then apply, this should also set the “User must change password at next logon AD option” (if this option enabled in the configuration)
Profile reset – this will delete the “My Settings” folder structure from within the manipulated users profile path. The process needs to run server side not client side.
Restore user files – this will open a dual pane file manager (can be web based or use a freeware/opensource offering such as FreeCommander – see attached) with the left hand pane displaying the users profile mirror (read only share on a backup server) and the right hand pane showing their live profile path (both of these can be derived from AD and the predefined mirror server paths – ie user 7361 would have profile path of \\server3\users\2006\7361 and the mirror path would be \\backupserver\usersmirror\2006\7361)
Ideally the interface should be minimal, not show drive letters or menu bar and not allow navigation above the users path and should only enable copying from mirror to live profile (share permissions would prevent this anyway but if the interface could not present the option so much the better)
The interface should be customisable by means of a central server side settings file where application name (titlebar), logos, etc could be set, also OU names and rankings specified, along with any domain specific bindings and impersonation settings.
Paths to the mirror server would also be set here and it would be acceptable to set the root path to each user group as well (eg 2006 – live = \\server3\users\2006 mirror= \\backupserver\usersmirror\2006 - although this should be unnecessary)
It is likely that this will evolve over time so should be coded to allow addition of extra functions and security groups as time progresses.
We would like a nice web interface (AJAX?).
Please provide examples of completed work or experience if bidding.