-2

I need software to manage a large number of groups for a FTP server. Ideally this software should also allow managing the associated NTFS rights for the folders on FTP (if they still match the definition for example, or propagate rights changes to the disk). I do not need a complex and very expensive IT management suite, just a solution for the described problem. Prices up to about 5000$ are ok.

After having searched for some hours on the web, I could neither find an interesting tool to evaluate nor a comparison of existing tools. Given this situation, what are some of the best candidates I can start evaluating?

jdehaan
  • 168
  • 5
  • If you can't find something, for under $5000, you could probably have someone write a customized program for you. – jftuga Sep 13 '11 at 15:46
  • In the end if I cannot find anything, I will probably do it myself using the network management API... :-) – jdehaan Sep 13 '11 at 16:02

1 Answers1

7

Ummm, seems Active Directory would be exactly what you need. Assuming you already own licenses for Windows Server, the cost will be a whopping $0.

Update

After hearing you describe your needs further, what you really need is a filesystem permissions auditing and management system, not really user and group management. It's quite unlikely that you'll find a canned solution that does everything you need. It sounds, though, that you could get the desired functionality with a small set of powershell scripts, possibly called by a simple web front end.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • 1
    Yes, this exactly the type of thing AD is great at. Although it won't be 0 as you would probably have to purchase "AD CALs" but they are like 20$/ea or something silly cheap (minus the count you have from purchasing Windows Server) – Zypher Sep 13 '11 at 15:58
  • Ahh yes, those pesky CALs. :) – EEAA Sep 13 '11 at 15:59
  • We actually already have an IT managed LDAP, from which we can take the users, but in our team we focus on managing the rights & groups into which these users can be put. There is no really niche UI to figure out at a glance where a given user belongs to and what folders he is able to access with given rights. On the contrary given a folder on FTP I also have to easy way to figure out which users have access to it.... Can Active Directory really do that? I will check of course, but I was not aware that it could do it. Thanks anywas. – jdehaan Sep 13 '11 at 16:07
  • Right-click on the folder in question, select "Properties", and check the "Security" tab. The information there is from the NTFS ACLs, and individual ACEs can be local users/groups, AD users/groups, or both. – EEAA Sep 13 '11 at 16:11
  • ErikA, you are kidding me, do you really mean this is a user friendly way? :-D I will have to check repeatedly and modify + audit these rights quite often, I need software to overview and query it without browsing to each single folder and check the rights manually. We are talking about more than a million files and a few hundreds users and even more groups. – jdehaan Sep 13 '11 at 16:14
  • Well, to be fair, you did not describe this requirement in your question. You just asked for a "user and group management software", which AD does very well. See my edited answer (in a minute or two) for more details. – EEAA Sep 13 '11 at 16:20
  • @jdehaan, He's not kidding. He's assuming you would use logical groupings, functional AD groups, ACL/ACE inheritance, etc to make this all quite easy. Coordinating access permission for thousands of users and files/folders has user-friendliness limits. – Chris S Sep 13 '11 at 16:20
  • @jdehaan - I manage a ~15TB Windows file server that is accessed on a daily basis by ~3000 people. We use no special tools to verify/set permissions. Like Chris S said, you just need to make sure that your inheritance is set up appropriately and that you make judicious use of groups. – EEAA Sep 13 '11 at 16:25
  • Thanks for this hint, I guess this is the key point in our deployment stragegy. My manager does not trust quite well the settings and would like to have a mean to check a wanted to an actual config. I guess I can manage to write some scripts using the sysinternal tools and powershell. I feel better if you can manage it without such a tool, I hope I can learn it too :-) Thanks for the discussion guys. – jdehaan Sep 13 '11 at 16:45