I need a command-line (no-GUI) client-server application which allows clients to start robocopy commands on a server with a service account.
The scenario is that several users regularly need to copy large amounts of data (>100GB) from one network share to another network share.
Those users only have standard user rights (no admin access) and the Desktops those people use only has 100Mbit Network connection.
Therefore doing those robocopy commands from their desktops takes very long.
We have a server (Win 2008R2) in place which could do the copyjobs for them.
We also have a service account with elevated access set up. But the Users are not allowed to use that service account directly. PSexec (or similar tools) is also not an option because CredSSP can not be activated on the clients (standard user access only) and because of the Kerberos-double-hop-issue (share to share robocopy - not on the server itself)
My idea to circumvent those issues is to create a custom DLL for IIS, as an interface between the client and the server.
That program/dll/Webservice listens on a TCP Port for incoming requests (config by IIS).
The client side of the program will then call that Service and transmit the source- and destination path and the server will copy it using the service account.
All machines (Clients and Server) are in an Active Directory / Windows Domain.
The service needs to check that only people in a specific AD-Security Group are allowed to use it. (can be configured in IIS),
Also the service needs to check that the user, who calls the service, also has readaccess to the source, and write access to the destination directory, to make sure nobody could copy data with that serviceaccount that he/she normally couldn’t do with the normal user account.
The service should use the existing windows robocopy command (with some predefined parameters) to run the copy job and the clients should see “sort-of-realtime” progress. So the console output from the robocopy process on the server needs to be forwarded to the client in some form.
I already made a solution for this issue by creating a SOAP/Webservice in IIS that starts a script on the server. The only problem here is that the client doesnt get real-time feedback using that method. :-|
Suggestions are welcome!