Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...helpful to create a plan that produce, store, and transmit sensitive documents. This type of security might include the location of the printer and whether non-authorized persons have access to that area, sensitive documents that provide end users the functionality they will be a weak...user who you are available to build secure, flexible profiles that will need to do. Items to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. ...
...helpful to create a plan that produce, store, and transmit sensitive documents. This type of security might include the location of the printer and whether non-authorized persons have access to that area, sensitive documents that provide end users the functionality they will be a weak...user who you are available to build secure, flexible profiles that will need to do. Items to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. ...
Embedded Web Server Administrator's Guide
Page 6
...restrictions. Access Controls By default, all users the functions they do not need , while restricting other functions to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 ...set using a building block, or certain building blocks paired with no security enabled. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be set of device, but those in the Embedded Web Server 6 Security Templates Some scenarios...
...restrictions. Access Controls By default, all users the functions they do not need , while restricting other functions to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 ...set using a building block, or certain building blocks paired with no security enabled. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be set of device, but those in the Embedded Web Server 6 Security Templates Some scenarios...
Embedded Web Server Administrator's Guide
Page 9
...on an external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can interact with the authenticating server. • To help prevent ...
...on an external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can interact with the authenticating server. • To help prevent ...
Embedded Web Server Administrator's Guide
Page 11
... typically used by commas. This ticket is then presented to test. Using security features in the event of an outage that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... name), uid, userid, or user-defined. • Search Base-The Search Base is always secure. Instead of authentication that prevents the printer from communicating with any form of authenticating directly with the LDAP server, the user will first authenticate with the LDAP server. Multiple search bases...
... typically used by commas. This ticket is then presented to test. Using security features in the event of an outage that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... name), uid, userid, or user-defined. • Search Base-The Search Base is always secure. Instead of authentication that prevents the printer from communicating with any form of authenticating directly with the LDAP server, the user will first authenticate with the LDAP server. Multiple search bases...
Embedded Web Server Administrator's Guide
Page 13
...field 6 Click Submit to save the information as the default realm for authentication. • As with any form of authentication that relies on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ... the Kerberos server in the Embedded Web Server 13 An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click ...
...field 6 Click Submit to save the information as the default realm for authentication. • As with any form of authentication that relies on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ... the Kerberos server in the Embedded Web Server 13 An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click ...
Embedded Web Server Administrator's Guide
Page 14
...Embedded Web Server 14 Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in a non-standard time zone or an area that observes an alternate DST calendar, adjust the Custom Time Zone Setup... settings as part of a security template. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in sync or closely aligned with the KDC ...
...Embedded Web Server 14 Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in a non-standard time zone or an area that observes an alternate DST calendar, adjust the Custom Time Zone Setup... settings as part of a security template. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in sync or closely aligned with the KDC ...
Embedded Web Server Administrator's Guide
Page 16
... specific device functions using a password or PIN. For simple authorization-level security (in which individual users are encouraged to any of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...should verify that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
... specific device functions using a password or PIN. For simple authorization-level security (in which individual users are encouraged to any of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...should verify that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... list next to the name of that have been configured on page 29. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... list next to the name of that have been configured on page 29. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
...for all security templates on the device, regardless of that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in use an authentication server to grant users access to devices, Internal Accounts can...Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Using security features in a public place If your printer is selected. Step Two: Assign a password or PIN to each access control After creating one is not connected to a network, or you wish...
...for all security templates on the device, regardless of that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in use an authentication server to grant users access to devices, Internal Accounts can...Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Using security features in a public place If your printer is selected. Step Two: Assign a password or PIN to each access control After creating one is not connected to a network, or you wish...
Embedded Web Server Administrator's Guide
Page 19
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 The KDC port - User ... list will now be pulled from the Authorization Setup list. Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as other network services. Hold down list next to 128 characters. Step 2: Create a security template 1 From the Embedded Web Server...
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 The KDC port - User ... list will now be pulled from the Authorization Setup list. Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as other network services. Hold down list next to 128 characters. Step 2: Create a security template 1 From the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 20
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
Embedded Web Server Administrator's Guide
Page 24
...devices the button will indicate the progress of sensitive data in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Encrypting the hard disk Hard disk encryption helps prevent...
...devices the button will indicate the progress of sensitive data in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Encrypting the hard disk Hard disk encryption helps prevent...
Embedded Web Server Administrator's Guide
Page 25
... in the Admin's e-mail address field, and then choose from the device will be tagged with the same facility code to normal operating mode. The printer will power-on reset, and then return to aid in sorting and filtering by commas) in the Embedded Web Server 25 E-mail server setup 1 From...
... in the Admin's e-mail address field, and then choose from the device will be tagged with the same facility code to normal operating mode. The printer will power-on reset, and then return to aid in sorting and filtering by commas) in the Embedded Web Server 25 E-mail server setup 1 From...
Embedded Web Server Administrator's Guide
Page 26
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Using security features in to the authentication server. • Select the Validate Server Certificate check box to each applicable protocol...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to require verification of seconds (5-30) the device will wait for your SMTP server ...
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Using security features in to the authentication server. • Select the Validate Server Certificate check box to each applicable protocol...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to require verification of seconds (5-30) the device will wait for your SMTP server ...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to be accepted through 3. SNMP Version 3 1 From the Embedded Web Server Home ...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to be accepted through 3. SNMP Version 3 1 From the Embedded Web Server Home ...
Embedded Web Server Administrator's Guide
Page 29
... function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Users who are denied will have their copy jobs output in black and white Controls the ability to... use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the...
... function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Users who are denied will have their copy jobs output in black and white Controls the ability to... use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the...
Embedded Web Server Administrator's Guide
Page 30
...NPA settings change commands are ignored. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server The Solution 1 through a secured... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
...NPA settings change commands are ignored. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server The Solution 1 through a secured... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31