Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... low-level security, by which functions those users holding appropriate credentials. Authorization specifies which a printer is , who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that require a user to or stored on the printer, and the information security policies of your organization. The Embedded Web Server handles authentication...
... low-level security, by which functions those users holding appropriate credentials. Authorization specifies which a printer is , who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that require a user to or stored on the printer, and the information security policies of your organization. The Embedded Web Server handles authentication...
Embedded Web Server Administrator's Guide
Page 6
... faxing, administrators must be set of device, but those in the Embedded Web Server 6 Using security features in sales and marketing use color every day. Access Controls By default, all users the functions they are combined determines the type of security created: Building block Type of... no security enabled. Security Templates Some scenarios call for each access control. In this scenario, it makes sense to print in color, but in some multifunction printers, over 40 individual menus and functions can be used in the warehouse do , see "Menu of a complex security environment. ...
... faxing, administrators must be set of device, but those in the Embedded Web Server 6 Using security features in sales and marketing use color every day. Access Controls By default, all users the functions they are combined determines the type of security created: Building block Type of... no security enabled. Security Templates Some scenarios call for each access control. In this scenario, it makes sense to print in color, but in some multifunction printers, over 40 individual menus and functions can be used in the warehouse do , see "Menu of a complex security environment. ...
Embedded Web Server Administrator's Guide
Page 9
... Web Server 9 Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in a ...Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an administrator must ...
... Web Server 9 Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in a ...Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an administrator must ...
Embedded Web Server Administrator's Guide
Page 11
Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when... Base-The Search Base is always secure. Using LDAP+GSSAPI Some administrators prefer authenticating to communicate with any form of authentication that relies on the printer control panel. Each configuration must have a unique name. • As with the LDAP server. Note: A Search Base consists of simple LDAP authentication because the ...
Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when... Base-The Search Base is always secure. Using LDAP+GSSAPI Some administrators prefer authenticating to communicate with any form of authentication that relies on the printer control panel. Each configuration must have a unique name. • As with the LDAP server. Note: A Search Base consists of simple LDAP authentication because the ...
Embedded Web Server Administrator's Guide
Page 13
... reset the fields and start again. While only one krb5.conf file is used by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. An administrator must thus anticipate the different types of an outage that krb5.conf file can be used , uploading or re-submitting a ...
... reset the fields and start again. While only one krb5.conf file is used by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. An administrator must thus anticipate the different types of an outage that krb5.conf file can be used , uploading or re-submitting a ...
Embedded Web Server Administrator's Guide
Page 14
... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the KDC system clock. Setting date and time ...Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if...
... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the KDC system clock. Setting date and time ...Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if...
Embedded Web Server Administrator's Guide
Page 16
...correct code in order to gain access to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...
...correct code in order to gain access to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...
Embedded Web Server Administrator's Guide
Page 17
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of that have been configured on the device. 6 To use...
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of that have been configured on the device. 6 To use...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is selected. The key to remember is not in use; Notes: • Clicking Delete List will now be required to enter the correct code in ... PIN for that code. however, security templates currently in the Settings screen for all security templates on page 8. Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
... a public place If your printer is selected. The key to remember is not in use; Notes: • Clicking Delete List will now be required to enter the correct code in ... PIN for that code. however, security templates currently in the Settings screen for all security templates on page 8. Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
Embedded Web Server Administrator's Guide
Page 19
... support separate authorization. 7 To use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to the printer Using security features in the security template. Note: Certain building blocks-such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From... to any function controlled by a security template. This list will now be pulled from the existing network, making access to the printer as seamless as other network services. This list will need to 128 characters. Step 3: Assign security templates to access controls 1 ...
... support separate authorization. 7 To use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to the printer Using security features in the security template. Note: Certain building blocks-such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From... to any function controlled by a security template. This list will now be pulled from the existing network, making access to the printer as seamless as other network services. This list will need to 128 characters. Step 3: Assign security templates to access controls 1 ...
Embedded Web Server Administrator's Guide
Page 20
... Groups, and then select one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Using...
... Groups, and then select one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Using...
Embedded Web Server Administrator's Guide
Page 21
... Device Certificate Management window. Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any...
... Device Certificate Management window. Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any...
Embedded Web Server Administrator's Guide
Page 24
... Config Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. This takes approximately one minute. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of disk wiping (Automatic, Manual, and... approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Once the...
... Config Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. This takes approximately one minute. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of disk wiping (Automatic, Manual, and... approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Once the...
Embedded Web Server Administrator's Guide
Page 25
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device.
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device.
Embedded Web Server Administrator's Guide
Page 26
...10 From the User-Initiated E-mail list, select None for your SMTP server requires user credentials, select an authentication method from the printer (in to the authentication server. • Select the Validate Server Certificate check box to require verification of the security certificate on...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log 802....
...10 From the User-Initiated E-mail list, select None for your SMTP server requires user credentials, select an authentication method from the printer (in to the authentication server. • Select the Validate Server Certificate check box to require verification of the security certificate on...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log 802....
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the appropriate ...used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the appropriate ...used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home...
Embedded Web Server Administrator's Guide
Page 29
... to the Configuration Menu Controls the ability to perform color copy functions. Users who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs... output in black and white. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at...
... to the Configuration Menu Controls the ability to perform color copy functions. Users who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs... output in black and white. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at...
Embedded Web Server Administrator's Guide
Page 30
... from an attached PictBridge capable digital camera. Controls ability to the Paper menu from the Embedded Web Server. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). When protected, ... Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to the operations available from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. Function Access Control Network Ports/Menu at ...
... from an attached PictBridge capable digital camera. Controls ability to the Paper menu from the Embedded Web Server. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). When protected, ... Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to the operations available from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. Function Access Control Network Ports/Menu at ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31