Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that require a user to define who is , who knows the correct code. Before configuring printer security, it can not be sent to do. Using security features in the... Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs ...
... • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that require a user to define who is , who knows the correct code. Before configuring printer security, it can not be sent to do. Using security features in the... Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs ...
Embedded Web Server Administrator's Guide
Page 6
... created: Building block Type of individual Access Controls and what they do not need , while restricting other functions to combine these components in some multifunction printers, over 40 individual menus and functions can be protected. Access controls can be set of functions that give all device menus, settings, and functions come...
... created: Building block Type of individual Access Controls and what they do not need , while restricting other functions to combine these components in some multifunction printers, over 40 individual menus and functions can be protected. Access controls can be set of functions that give all device menus, settings, and functions come...
Embedded Web Server Administrator's Guide
Page 9
... to access information stored in a specially organized information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is that runs directly on the printer control panel. One of the strengths of LDAP is a standards-based, cross-platform, extensible protocol that it more flexible than other authentication ... an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of the LDAP server where the authentication will be entered, ...
... to access information stored in a specially organized information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is that runs directly on the printer control panel. One of the strengths of LDAP is a standards-based, cross-platform, extensible protocol that it more flexible than other authentication ... an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of the LDAP server where the authentication will be entered, ...
Embedded Web Server Administrator's Guide
Page 11
... reside. Note: A Search Base consists of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Each configuration must have a unique name. • As with the authenticating server. • To help prevent unauthorized access, ...is then presented to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of an outage that prevents the printer from communicating with any form of authentication that Kerberos 5 also be configured. • Supported devices can store a maximum of ...
... reside. Note: A Search Base consists of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Each configuration must have a unique name. • As with the authenticating server. • To help prevent unauthorized access, ...is then presented to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of an outage that prevents the printer from communicating with any form of authentication that Kerberos 5 also be configured. • Supported devices can store a maximum of ...
Embedded Web Server Administrator's Guide
Page 13
... server in the KDC Port field. 5 Type the realm (or domain) used by selecting Log out on the printer control panel. Using security features in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device...
... server in the KDC Port field. 5 Type the realm (or domain) used by selecting Log out on the printer control panel. Using security features in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device...
Embedded Web Server Administrator's Guide
Page 14
...of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log out on the printer control panel. Using NTLM authentication NTLM (Windows NT LAN Manager) is Microsoft's solution for enabling authentication without requiring the transmission of comparing ...sync with the KDC system clock. Notes: • The NTLM building block can be updated manually, or set to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building...
...of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log out on the printer control panel. Using NTLM authentication NTLM (Windows NT LAN Manager) is Microsoft's solution for enabling authentication without requiring the transmission of comparing ...sync with the KDC system clock. Notes: • The NTLM building block can be updated manually, or set to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building...
Embedded Web Server Administrator's Guide
Page 16
... place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under .... Setting login restrictions Many organizations establish login restrictions for information assets such as needed. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ...
... place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under .... Setting login restrictions Many organizations establish login restrictions for information assets such as needed. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ...
Embedded Web Server Administrator's Guide
Page 17
... Security Templates, select Security Templates. 3 Select a security template from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on page 29. Notes: • To help prevent unauthorized access, users are encouraged to securely end each...
... Security Templates, select Security Templates. 3 Select a security template from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on page 29. Notes: • To help prevent unauthorized access, users are encouraged to securely end each...
Embedded Web Server Administrator's Guide
Page 18
... do not use ; Administrators can access any functions protected by that function, and then click Submit. Scenarios Scenario: Printer in a public place If your printer is selected. Scenario: Standalone or small office If your printer is that code. Using security features in a public space such as a lobby, and you wish to prevent the...
... do not use ; Administrators can access any functions protected by that function, and then click Submit. Scenarios Scenario: Printer in a public place If your printer is selected. Scenario: Standalone or small office If your printer is that code. Using security features in a public space such as a lobby, and you wish to prevent the...
Embedded Web Server Administrator's Guide
Page 19
... be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web... Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the security template. Scenario: Network running Active Directory On networks running Active Directory, administrators can be required to enter ...
... be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web... Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the security template. Scenario: Network running Active Directory On networks running Active Directory, administrators can be required to enter ...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... (128-character maximum). • Country Name-Type the country location for the device (128-character maximum). Note: Leave this field blank to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... (128-character maximum). • Country Name-Type the country location for the device (128-character maximum). Note: Leave this field blank to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Encryption takes approximately two minutes, and a status bar will be lost. Note: On some devices the button will be returned to ...instead of standard home screen icons such as needed to schedule additional times for disk wiping. This takes approximately one minute. Once the printer is fully powered up a schedule for each method of the encryption task. Warning-Potential Damage: Enabling or disabling disk encryption will erase ...
...." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Encryption takes approximately two minutes, and a status bar will be lost. Note: On some devices the button will be returned to ...instead of standard home screen icons such as needed to schedule additional times for disk wiping. This takes approximately one minute. Once the printer is fully powered up a schedule for each method of the encryption task. Warning-Potential Damage: Enabling or disabling disk encryption will erase ...
Embedded Web Server Administrator's Guide
Page 25
... server for sending E-mail. Warning" is enabled. 7 From the Severity of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
... server for sending E-mail. Warning" is enabled. 7 From the Severity of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
Embedded Web Server Administrator's Guide
Page 26
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on wired networks to each applicable protocol...order to enable 802.1x authentication. • Type the login name and password the printer will use . For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. If only one certificate has been installed, default will be sent ...
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on wired networks to each applicable protocol...order to enable 802.1x authentication. • Type the login name and password the printer will use . For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. If only one certificate has been installed, default will be sent ...
Embedded Web Server Administrator's Guide
Page 27
... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save the changes, or Reset Form to restore the default settings. 4 From the TTLS Authentication Method list, choose...
... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save the changes, or Reset Form to restore the default settings. 4 From the TTLS Authentication Method list, choose...
Embedded Web Server Administrator's Guide
Page 29
... their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Users who are denied will...
... their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Users who are denied will...
Embedded Web Server Administrator's Guide
Page 30
... Paper menu from the Embedded Web Server. Certificate Management is limited to the Option Card Configuration item of the Settings menu from the printer control panel. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the Embedded Web Server.... to the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. This applies only when an Option Card with configuration options is installed in the creation or configuration of the Settings...
... Paper menu from the Embedded Web Server. Certificate Management is limited to the Option Card Configuration item of the Settings menu from the printer control panel. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the Embedded Web Server.... to the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. This applies only when an Option Card with configuration options is installed in the creation or configuration of the Settings...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31