Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...printer, and which a system securely identifies a user (that require a user to access. This set of a business, so that identifies who knows the correct code. The Embedded Web Server handles authentication and authorization using one or more of security might include the location of security features available in the Lexmark... functionality they will no longer be identified, or both identified and authorized. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Items to consider might be helpful to...
...printer, and which a system securely identifies a user (that require a user to access. This set of a business, so that identifies who knows the correct code. The Embedded Web Server handles authentication and authorization using one or more of security might include the location of security features available in the Lexmark... functionality they will no longer be identified, or both identified and authorized. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Items to consider might be helpful to...
Embedded Web Server Administrator's Guide
Page 6
... the needs of users needing access to similar functions. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Access controls can be set of device, but those in some devices as "Function Access Controls...
... the needs of users needing access to similar functions. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Access controls can be set of device, but those in some devices as "Function Access Controls...
Embedded Web Server Administrator's Guide
Page 9
...of the LDAP server where the authentication will be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP ...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of LDAP is that runs directly on the printer control panel. Notes: • Supported devices can store a maximum of databases without special integration, making it can create up to 32 ...
...of the LDAP server where the authentication will be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP ...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of LDAP is that runs directly on the printer control panel. Notes: • Supported devices can store a maximum of databases without special integration, making it can create up to 32 ...
Embedded Web Server Administrator's Guide
Page 11
...unauthorized access, users are encouraged to test. LDAP+GSSAPI is then presented to communicate with any form of authentication that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Each configuration must ...
...unauthorized access, users are encouraged to test. LDAP+GSSAPI is then presented to communicate with any form of authentication that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Each configuration must ...
Embedded Web Server Administrator's Guide
Page 13
..., Kerberos 5 is most often used , uploading or re-submitting a simple Kerberos file will be used by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel.
..., Kerberos 5 is most often used , uploading or re-submitting a simple Kerberos file will be used by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel.
Embedded Web Server Administrator's Guide
Page 14
...manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Notes: • The NTLM building block can store only one used by the Kerberos server. 1 From the Embedded Web Server ..., adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in sync or closely aligned with the NTLM ...
...manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Notes: • The NTLM building block can store only one used by the Kerberos server. 1 From the Embedded Web Server ..., adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in sync or closely aligned with the NTLM ...
Embedded Web Server Administrator's Guide
Page 16
... block 1 From the Embedded Web Server Home screen, browse to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous... gain access to any of building block, see the relevant section(s) under "Configuring building blocks" on page 7. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
... block 1 From the Embedded Web Server Home screen, browse to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous... gain access to any of building block, see the relevant section(s) under "Configuring building blocks" on page 7. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
Embedded Web Server Administrator's Guide
Page 17
... down list next to the name of up to 140 security templates. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... down list next to the name of up to 140 security templates. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is not connected to a network, or you want to protect, select a password or PIN from the list, and then click Delete Entry in the Settings ... function you do not use an authentication server to grant users access to the name of that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
... a public place If your printer is not connected to a network, or you want to protect, select a password or PIN from the list, and then click Delete Entry in the Settings ... function you do not use an authentication server to grant users access to the name of that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
Embedded Web Server Administrator's Guide
Page 19
.... This list will now be populated with the authorization building blocks available on the device. User credentials and group designations can be helpful to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...a security template from the drop-down the Ctrl key to any function controlled by a security template. This list will need to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. Hold down list next to the name ...
.... This list will now be populated with the authorization building blocks available on the device. User credentials and group designations can be helpful to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...a security template from the drop-down the Ctrl key to any function controlled by a security template. This list will need to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. Hold down list next to the name ...
Embedded Web Server Administrator's Guide
Page 20
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... Management. 2 Select Device Certificate Management. 3 Select a certificate from the list. 3 For each function you want to protect, select the newly created security template from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
... Management. 2 Select Device Certificate Management. 3 Select a certificate from the list. 3 For each function you want to protect, select the newly created security template from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
Embedded Web Server Administrator's Guide
Page 24
...and Scheduled). 6 Click Submit to confirm. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Warning-Potential Damage: Enabling... to designate when disk wiping should display a list of functions, instead of the encryption task. Repeat as Copy or Fax. 3 Verify that the printer is stolen. 3 If you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn...
...and Scheduled). 6 Click Submit to confirm. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Warning-Potential Damage: Enabling... to designate when disk wiping should display a list of functions, instead of the encryption task. Repeat as Copy or Fax. 3 Verify that the printer is stolen. 3 If you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn...
Embedded Web Server Administrator's Guide
Page 25
... valid only if Remote Syslog is enabled. 7 From the Severity of events to log list, select the priority level cutoff (0-7) for events to a device. The printer will power-on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home...
... valid only if Remote Syslog is enabled. 7 From the Severity of events to log list, select the priority level cutoff (0-7) for events to a device. The printer will power-on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home...
Embedded Web Server Administrator's Guide
Page 26
...check box next to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP... Using security features in order to create port-based connections. The default is required. 11 If the device must configure them on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or...
...check box next to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP... Using security features in order to create port-based connections. The default is required. 11 If the device must configure them on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server allows ...administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which ...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server allows ...administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which ...
Embedded Web Server Administrator's Guide
Page 29
... their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Users who are denied will be available for scan and copy...
... their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Users who are denied will be available for scan and copy...
Embedded Web Server Administrator's Guide
Page 30
...to the General and Print Settings items of MarkVision Professional). This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to release (print) Held Faxes. Controls ...the ability to installed eSF applications and/or profiles created by incoming print jobs are ignored. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded ...
...to the General and Print Settings items of MarkVision Professional). This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to release (print) Held Faxes. Controls ...the ability to installed eSF applications and/or profiles created by incoming print jobs are ignored. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31