Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...in the Embedded Web Server 5 Authorization specifies which functions are available to a user who has been authenticated by Lexmark to enable administrators to use the printer. This set of your organization. This type of security might include the location of the following, also referred to... other public area of a business, so that is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments....
...in the Embedded Web Server 5 Authorization specifies which functions are available to a user who has been authenticated by Lexmark to enable administrators to use the printer. This set of your organization. This type of security might include the location of the following, also referred to... other public area of a business, so that is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments....
Embedded Web Server Administrator's Guide
Page 6
...and a "Sales and Marketing" group. Note: For a list of individual Access Controls and what they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be set of device, but those in the Embedded Web Server 6 In this ... Server security, groups are used in association with one or more groups. Using security features in sales and marketing use color every day. For the purposes of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication...
...and a "Sales and Marketing" group. Note: For a list of individual Access Controls and what they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be set of device, but those in the Embedded Web Server 6 In this ... Server security, groups are used in association with one or more groups. Using security features in sales and marketing use color every day. For the purposes of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication...
Embedded Web Server Administrator's Guide
Page 9
...when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that runs directly on the printer control panel. One of the strengths of LDAP is divided into four parts: General Information • Setup Name-This name will be used... by selecting Log out on top of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of authentication that relies on an external server...
...when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that runs directly on the printer control panel. One of the strengths of LDAP is divided into four parts: General Information • Setup Name-This name will be used... by selecting Log out on top of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of authentication that relies on an external server...
Embedded Web Server Administrator's Guide
Page 11
... Search Base is typically used to identify each session by commas. LDAP+GSSAPI is the node in the event of an outage that prevents the printer from communicating with a Kerberos server to access protected device functions in the LDAP server where user accounts reside. Note: A Search Base consists of five unique... authenticate with the authenticating server. • To help prevent unauthorized access, users are encouraged to test. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Using security features in the Embedded Web Server 11
... Search Base is typically used to identify each session by commas. LDAP+GSSAPI is the node in the event of an outage that prevents the printer from communicating with a Kerberos server to access protected device functions in the LDAP server where user accounts reside. Note: A Search Base consists of five unique... authenticate with the authenticating server. • To help prevent unauthorized access, users are encouraged to test. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Using security features in the Embedded Web Server 11
Embedded Web Server Administrator's Guide
Page 13
... verify that it can be used by itself for user authentication, Kerberos 5 is most often used in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on an external server, users will not be stored on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be able to...
... verify that it can be used by itself for user authentication, Kerberos 5 is most often used in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on an external server, users will not be stored on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be able to...
Embedded Web Server Administrator's Guide
Page 14
...solution for enabling authentication without requiring the transmission of a user's password across a network in the event of an outage that prevents the printer from the Time Zone list will not be able to an NTP server rather than manage date and time settings manually, click the ... require configuration of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Instead of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log...
...solution for enabling authentication without requiring the transmission of a user's password across a network in the event of an outage that prevents the printer from the Time Zone list will not be able to an NTP server rather than manage date and time settings manually, click the ... require configuration of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Instead of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log...
Embedded Web Server Administrator's Guide
Page 16
...list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on configuring a specific type of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...being automatically logged off. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
...list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on configuring a specific type of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...being automatically logged off. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
Embedded Web Server Administrator's Guide
Page 17
This list will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use authorization, click Add authorization, and then select a building block from ...
This list will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use authorization, click Add authorization, and then select a building block from ...
Embedded Web Server Administrator's Guide
Page 18
... more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from using...Security Setups. 2 Select Access Control. 3 For each access control After creating one is selected. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use can be created and stored within the Embedded Web Server for all security templates...
... more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from using...Security Setups. 2 Select Access Control. 3 For each access control After creating one is selected. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use can be created and stored within the Embedded Web Server for all security templates...
Embedded Web Server Administrator's Guide
Page 19
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Hold down list next to ... the LDAP+GSSAPI capabilities of the Embedded Web Server to take advantage of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of...
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Hold down list next to ... the LDAP+GSSAPI capabilities of the Embedded Web Server to take advantage of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of...
Embedded Web Server Administrator's Guide
Page 20
... in step 1. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web Server Home screen, browse to 128 characters. It can be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list. Using security features in step...
... in step 1. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web Server Home screen, browse to 128 characters. It can be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list. Using security features in step...
Embedded Web Server Administrator's Guide
Page 21
... Management. 3 Click New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... Management. 3 Click New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...Wiping. 3 Choose an existing Start value (the scheduled time and day will be turned on . Repeat as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit... modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead of sensitive...
...Wiping. 3 Choose an existing Start value (the scheduled time and day will be turned on . Repeat as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit... modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead of sensitive...
Embedded Web Server Administrator's Guide
Page 25
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will power-on reset, and then return to a device. if level "4 - Using security features in the Admin's e-mail address field, and then choose from the...
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will power-on reset, and then return to a device. if level "4 - Using security features in the Admin's e-mail address field, and then choose from the...
Embedded Web Server Administrator's Guide
Page 26
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. Configuring 802.1x authentication... Though normally associated with wireless network connections, 802.1x authentication is also used on the printer before timing out. If only one certificate has been installed, default will be the only choice listed. 3 Under Allowable...
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. Configuring 802.1x authentication... Though normally associated with wireless network connections, 802.1x authentication is also used on the printer before timing out. If only one certificate has been installed, default will be the only choice listed. 3 Under Allowable...
Embedded Web Server Administrator's Guide
Page 27
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ... Password in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home screen...
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ... Password in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home screen...
Embedded Web Server Administrator's Guide
Page 29
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ... the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ... the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
Embedded Web Server Administrator's Guide
Page 30
...Access Controls can be assigned to the Operator Panel Lock. When protected, no longer possible to the Paper menu from the printer control panel. Controls access to release (print) Held Faxes. Protects access to manage certificates using remote management tools. The ...Access Control for each Solution is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, it does Protects access...
...Access Controls can be assigned to the Operator Panel Lock. When protected, no longer possible to the Paper menu from the printer control panel. Controls access to release (print) Held Faxes. Protects access to manage certificates using remote management tools. The ...Access Control for each Solution is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, it does Protects access...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31