Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... soft configuration features alone or in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as "permissions." Before configuring printer security, it can not be appropriate in a situation in which functions are available to access. Authentication and Authorization Authentication is the ...be helpful to or stored on the printer, and the information security policies of your organization. This type of security might include the location of authorized functions is also referred to anyone who has been authenticated by Lexmark to enable administrators to build secure, ...
... soft configuration features alone or in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as "permissions." Before configuring printer security, it can not be appropriate in a situation in which functions are available to access. Authentication and Authorization Authentication is the ...be helpful to or stored on the printer, and the information security policies of your organization. This type of security might include the location of authorized functions is also referred to anyone who has been authenticated by Lexmark to enable administrators to build secure, ...
Embedded Web Server Administrator's Guide
Page 6
For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be protected. Access Controls By default, all users the functions they are combined determines the type of security ...
For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be protected. Access Controls By default, all users the functions they are combined determines the type of security ...
Embedded Web Server Administrator's Guide
Page 9
... accounts. • Required user credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that prevents the printer from communicating with the LDAP server. The default LDAP port is divided into four parts: General Information • Setup Name-This name will be entered... the IP Address or the Host Name of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Note: A Search Base consists of five unique LDAP configurations.
... accounts. • Required user credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that prevents the printer from communicating with the LDAP server. The default LDAP port is divided into four parts: General Information • Setup Name-This name will be entered... the IP Address or the Host Name of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Note: A Search Base consists of five unique LDAP configurations.
Embedded Web Server Administrator's Guide
Page 11
... server using the GSSAPI protocol for networks running Active Directory. Using security features in the event of authentication that relies on the printer control panel. LDAP+GSSAPI is divided into four parts: General Information • Setup Name-This name will be used to identify... userid, or user-defined. • Search Base-The Search Base is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by the Embedded ...
... server using the GSSAPI protocol for networks running Active Directory. Using security features in the event of authentication that relies on the printer control panel. LDAP+GSSAPI is divided into four parts: General Information • Setup Name-This name will be used to identify... userid, or user-defined. • Search Base-The Search Base is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by the Embedded ...
Embedded Web Server Administrator's Guide
Page 13
...thus anticipate the different types of the port (between 1-88) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...on the selected device, or Reset Form to handle all such requests. However, if a realm is most often used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2...
...thus anticipate the different types of the port (between 1-88) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...on the selected device, or Reset Form to handle all such requests. However, if a realm is most often used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2...
Embedded Web Server Administrator's Guide
Page 14
...and time settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from the Time Zone drop-down list. An administrator can store only one used in a security template only after a supported device has ...password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in clear text. Printer clock settings can only be registered to restore default values. Notes: • The NTLM building block can be used by the...
...and time settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from the Time Zone drop-down list. An administrator can store only one used in a security template only after a supported device has ...password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in clear text. Printer clock settings can only be registered to restore default values. Notes: • The NTLM building block can be used by the...
Embedded Web Server Administrator's Guide
Page 16
...Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...off. • Remote Login Timeout-Specify how long a user may be logged in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
...Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...off. • Remote Login Timeout-Specify how long a user may be logged in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
...-down the Ctrl key to select multiple groups. 8 Click Save Template. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
...-down the Ctrl key to select multiple groups. 8 Click Save Template. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... Accounts, and configure as needed . Using security features in the Settings screen for authentication, authorization, or both. Scenarios Scenario: Printer in a public place If your printer is located in use can provide simple protection right at the device. For more information on page 8. Scenario: Standalone or small... office If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...
... Accounts, and configure as needed . Using security features in the Settings screen for authentication, authorization, or both. Scenarios Scenario: Printer in a public place If your printer is located in use can provide simple protection right at the device. For more information on page 8. Scenario: Standalone or small... office If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...
Embedded Web Server Administrator's Guide
Page 19
...the Security Templates Name field, type a unique name containing up to any function controlled by a security template. This list will need to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...; Location of the Embedded Web Server to the printer Using security features in order to gain access to 128 characters. Users will now be populated with Active Directory, you want to protect, ...
...the Security Templates Name field, type a unique name containing up to any function controlled by a security template. This list will need to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...; Location of the Embedded Web Server to the printer Using security features in order to gain access to 128 characters. Users will now be populated with Active Directory, you want to protect, ...
Embedded Web Server Administrator's Guide
Page 20
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... a certificate from the list. Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the...
... a certificate from the list. Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the...
Embedded Web Server Administrator's Guide
Page 24
...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will be lost. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping should...home screen icons such as needed to finalize changes. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. 3 If you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...
...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will be lost. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping should...home screen icons such as needed to finalize changes. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. 3 If you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...
Embedded Web Server Administrator's Guide
Page 25
... alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will power-on reset, and then return to a device. Using security features in the Admin's e-mail address field, and then choose from the following options...
... alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will power-on reset, and then return to a device. Using security features in the Admin's e-mail address field, and then choose from the following options...
Embedded Web Server Administrator's Guide
Page 26
... Web Server 26 Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is also used on the printer before timing out. Note: Server certificate validation is required. 11 If the device must configure them on wired networks to require ...backup SMTP server, enter the IP address/hostname and SMTP port for your SMTP server requires user credentials, select an authentication method from the printer (in case of failed or bounced messages), type the Reply Address . 7 From the Use SSL list, select Disabled, Negotiate, or...
... Web Server 26 Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is also used on the printer before timing out. Note: Server certificate validation is required. 11 If the device must configure them on wired networks to require ...backup SMTP server, enter the IP address/hostname and SMTP port for your SMTP server requires user credentials, select an authentication method from the printer (in case of failed or bounced messages), type the Reply Address . 7 From the Use SSL list, select Disabled, Negotiate, or...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through ...the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through ...the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...
Embedded Web Server Administrator's Guide
Page 29
... the ability to perform color copy functions. Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from any source other than a flash drive. Users who are received via FTP, the... to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on...
... the ability to perform color copy functions. Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from any source other than a flash drive. Users who are received via FTP, the... to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on...
Embedded Web Server Administrator's Guide
Page 30
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Users who are ignored Protects access ...to installed eSF applications and/or profiles created by a properly configured installation of the Settings menu from the printer control panel Protects access to the Option Card Configuration section of the application or profile. This applies only when an Option ...
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Users who are ignored Protects access ...to installed eSF applications and/or profiles created by a properly configured installation of the Settings menu from the printer control panel Protects access to the Option Card Configuration section of the application or profile. This applies only when an Option ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31