Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...who knows the correct code. Before configuring printer security, it can be a weak link in the document security chain. Authorization specifies which a printer is also referred to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in ...GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that require a user to be sent to or stored on the printer, and the information security policies of security might include the location of the...
...who knows the correct code. Before configuring printer security, it can be a weak link in the document security chain. Authorization specifies which a printer is also referred to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in ...GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that require a user to be sent to or stored on the printer, and the information security policies of security might include the location of the...
Embedded Web Server Administrator's Guide
Page 6
...determines the type of security created: Building block Type of individual Access Controls and what they need to print in color, but in sales and marketing use color every day. How they are used to manage access to specific menus and functions or to a common set using...it makes sense to similar functions. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to create ...
...determines the type of security created: Building block Type of individual Access Controls and what they need to print in color, but in sales and marketing use color every day. How they are used to manage access to specific menus and functions or to a common set using...it makes sense to similar functions. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to create ...
Embedded Web Server Administrator's Guide
Page 9
...LDAP server where user accounts reside. Each configuration must submit when authenticating. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to make the E-mail address a .... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to access protected device functions in a specially...
...LDAP server where user accounts reside. Each configuration must submit when authenticating. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to make the E-mail address a .... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to access protected device functions in a specially...
Embedded Web Server Administrator's Guide
Page 11
...be able to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Each configuration must have a unique name. ... Active Directory. Using LDAP+GSSAPI Some administrators prefer authenticating to test. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to securely end each particular LDAP+GSSAPI Server Setup when creating security templates. • ...
...be able to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Each configuration must have a unique name. ... Active Directory. Using LDAP+GSSAPI Some administrators prefer authenticating to test. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to securely end each particular LDAP+GSSAPI Server Setup when creating security templates. • ...
Embedded Web Server Administrator's Guide
Page 13
... able to access protected device functions in the Embedded Web Server 13 Using security features in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test ...Setup to securely end each session by selecting Log out on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help...
... able to access protected device functions in the Embedded Web Server 13 Using security features in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test ...Setup to securely end each session by selecting Log out on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help...
Embedded Web Server Administrator's Guide
Page 14
... requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can be used in a security template only after a supported device has registered with the NTLM domain. • ...The NTLM building block cannot be able to access protected device functions in clear text. Printer clock settings can only be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP...
... requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can be used in a security template only after a supported device has registered with the NTLM domain. • ...The NTLM building block cannot be able to access protected device functions in clear text. Printer clock settings can only be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select.... • Lockout time-Specify the duration of the selections available in order to gain access to any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select.... • Lockout time-Specify the duration of the selections available in order to gain access to any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server Administrator's Guide
Page 17
... the list. 4 Edit the fields as necessary. 5 Click Modify to save changes, or Reset Form to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on the device. Step 2: Create a security template Once configured, one or two building blocks can be helpful...
... the list. 4 Edit the fields as necessary. 5 Click Modify to save changes, or Reset Form to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on the device. Step 2: Create a security template Once configured, one or two building blocks can be helpful...
Embedded Web Server Administrator's Guide
Page 18
... more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 8. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be required to enter the correct code in order to gain access to... it from the drop-down list next to a function controlled by that function, and then click Submit. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to a network, or you want to protect, select a password or PIN...
... more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 8. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be required to enter the correct code in order to gain access to... it from the drop-down list next to a function controlled by that function, and then click Submit. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to a network, or you want to protect, select a password or PIN...
Embedded Web Server Administrator's Guide
Page 19
... on the network. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to the printer Using security features in the Embedded Web Server 19 Step 1: Collect information about the network Before configuring the Embedded Web Server to ...users. This list will be populated with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...
... on the network. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to the printer Using security features in the Embedded Web Server 19 Step 1: Collect information about the network Before configuring the Embedded Web Server to ...users. This list will be populated with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...
Embedded Web Server Administrator's Guide
Page 20
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
Creating a new certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate ...
Creating a new certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate ...
Embedded Web Server Administrator's Guide
Page 24
...; Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Continue pressing 2 and 6 until you...be lost. Note: On some devices the button will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the touch screen. Using security features...
...; Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Continue pressing 2 and 6 until you...be lost. Note: On some devices the button will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the touch screen. Using security features...
Embedded Web Server Administrator's Guide
Page 25
... non-logged events check box. 9 To have administrators automatically notified of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will be grayed out until an IP address or hostname is exported E-mail log settings changed alert-When log settings are stored on the device...
... non-logged events check box. 9 To have administrators automatically notified of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will be grayed out until an IP address or hostname is exported E-mail log settings changed alert-When log settings are stored on the device...
Embedded Web Server Administrator's Guide
Page 26
...verification of the destination server. Note: Server certificate validation is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to create port-based connections. Using security... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. If only one certificate has been installed, ...
...verification of the destination server. Note: Server certificate validation is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to create port-based connections. Using security... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. If only one certificate has been installed, ...
Embedded Web Server Administrator's Guide
Page 27
... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure settings...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ...
... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure settings...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ...
Embedded Web Server Administrator's Guide
Page 29
...Function Access Controls) may not be ignored (flushed) when this function is protected. Controls the ability to on the printer control panel Protects access to perform color copy functions. Users who are denied will have their copy jobs output in black and white. Users who are received...drive. Firmware files which are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ...
...Function Access Controls) may not be ignored (flushed) when this function is protected. Controls the ability to on the printer control panel Protects access to perform color copy functions. Users who are denied will have their copy jobs output in black and white. Users who are received...drive. Firmware files which are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ...
Embedded Web Server Administrator's Guide
Page 30
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...tools. Protects access to the Option Card Configuration section of the application or profile. Controls access to the Paper menu from the printer control panel and Embedded Web Server. Certificate Management is assigned in the creation or configuration of the Settings menu from the Embedded...
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...tools. Protects access to the Option Card Configuration section of the application or profile. Controls access to the Paper menu from the printer control panel and Embedded Web Server. Certificate Management is assigned in the creation or configuration of the Settings menu from the Embedded...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31