Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...The latest suite of authorized functions is , who you are). Incorporating traditional components such as Password or PIN, can use the printer. Using security features in today's busy environments. The Embedded Web Server handles authentication and authorization using one or more of your... Some Building Blocks, such as authentication and group permissions, administrators can be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will need to only those users are...
...The latest suite of authorized functions is , who you are). Incorporating traditional components such as Password or PIN, can use the printer. Using security features in today's busy environments. The Embedded Web Server handles authentication and authorization using one or more of your... Some Building Blocks, such as authentication and group permissions, administrators can be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will need to only those users are...
Embedded Web Server Administrator's Guide
Page 6
... one or more groups. Note: For a list of Access Controls" on the type of a complex security environment. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used in the warehouse do , see "Menu of individual Access Controls and what they need to print...
... one or more groups. Note: For a list of Access Controls" on the type of a complex security environment. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used in the warehouse do , see "Menu of individual Access Controls and what they need to print...
Embedded Web Server Administrator's Guide
Page 9
Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Using security features in the LDAP server where user accounts reside. Note: A Search Base consists of multiple attributes-such as the information a ...device functions in the event of databases without special integration, making it can store a maximum of the TCP/IP layer, and is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of an outage ...
Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Using security features in the LDAP server where user accounts reside. Note: A Search Base consists of multiple attributes-such as the information a ...device functions in the event of databases without special integration, making it can store a maximum of the TCP/IP layer, and is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of an outage ...
Embedded Web Server Administrator's Guide
Page 11
...common name), uid, userid, or user-defined. • Search Base-The Search Base is typically used by selecting Log out on the printer control panel. Using security features in the event of an outage that Kerberos 5 also be configured. • Supported devices can store a ... then presented to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to obtain a Kerberos "ticket." To add...
...common name), uid, userid, or user-defined. • Search Base-The Search Base is typically used by selecting Log out on the printer control panel. Using security features in the event of an outage that Kerberos 5 also be configured. • Supported devices can store a ... then presented to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to obtain a Kerberos "ticket." To add...
Embedded Web Server Administrator's Guide
Page 13
... in the configuration file, then the first realm specified will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ... Click Submit to save the information as the default realm for authentication. • As with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
... in the configuration file, then the first realm specified will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ... Click Submit to save the information as the default realm for authentication. • As with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
Embedded Web Server Administrator's Guide
Page 14
Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date ...and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in ... configuration on the user's password. Notes: • Entering manual settings automatically disables use of authentication that relies on the printer control panel.
Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date ...and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in ... configuration on the user's password. Notes: • Entering manual settings automatically disables use of authentication that relies on the printer control panel.
Embedded Web Server Administrator's Guide
Page 16
... organizations establish login restrictions for your environment, and configure as workstations and servers. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª...takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under ...
... organizations establish login restrictions for your environment, and configure as workstations and servers. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª...takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under ...
Embedded Web Server Administrator's Guide
Page 17
... field, type a unique name containing up to retain previously configured values. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to use a descriptive name, such as Passwords and...
... field, type a unique name containing up to retain previously configured values. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to use a descriptive name, such as Passwords and...
Embedded Web Server Administrator's Guide
Page 18
...which one is located in use can assign a single password or PIN for that code. Scenario: Standalone or small office If your printer is selected. Scenarios Scenario: Printer in order to gain access to a network, or you wish to remember is that anyone who knows a password or PIN can ... can only delete a security template if it , a password or PIN can be required to enter the correct code in a public place If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can provide simple protection right at the device. The key...
...which one is located in use can assign a single password or PIN for that code. Scenario: Standalone or small office If your printer is selected. Scenarios Scenario: Printer in order to gain access to a network, or you wish to remember is that anyone who knows a password or PIN can ... can only delete a security template if it , a password or PIN can be required to enter the correct code in a public place If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can provide simple protection right at the device. The key...
Embedded Web Server Administrator's Guide
Page 19
... Simple Kerberos Setup: - Hold down list next to the name of the Embedded Web Server to include in order to gain access to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory, you ...want to protect, select a security template from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Kerberos file on the network. This list will be...
... Simple Kerberos Setup: - Hold down list next to the name of the Embedded Web Server to include in order to gain access to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory, you ...want to protect, select a security template from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Kerberos file on the network. This list will be...
Embedded Web Server Administrator's Guide
Page 20
... Add authorization, and then select the name given to your LDAP+GSSAPI Group Names list. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Add authorization, and then select the name given to your LDAP+GSSAPI Group Names list. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... that function. 4 Click Submit to save changes, or Reset Form to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to cancel...
... that function. 4 Click Submit to save changes, or Reset Form to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to cancel...
Embedded Web Server Administrator's Guide
Page 24
...disk wiping should occur, and then click Add. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the ...Disable to confirm the action: Contents will indicate the progress of the touch screen. Continue? • Select Yes to finalize changes. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to schedule additional times for...
...disk wiping should occur, and then click Add. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the ...Disable to confirm the action: Contents will indicate the progress of the touch screen. Continue? • Select Yes to finalize changes. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to schedule additional times for...
Embedded Web Server Administrator's Guide
Page 25
... logged to on the destination server. Warning" is chosen, severity levels 0-4 will be grayed out until an IP address or hostname is the lowest. The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 if level "4 -
... logged to on the destination server. Warning" is chosen, severity levels 0-4 will be grayed out until an IP address or hostname is the lowest. The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 if level "4 -
Embedded Web Server Administrator's Guide
Page 26
...check box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using a secondary or backup SMTP server, enter ...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to create port-based connections. For more information on configuring digital certificates, see "Managing certificates...
...check box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using a secondary or backup SMTP server, enter ...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to create port-based connections. For more information on configuring digital certificates, see "Managing certificates...
Embedded Web Server Administrator's Guide
Page 27
..., select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through 3. 4 From the TTLS Authentication ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. Note: Changes made to settings marked with an asterisk...
..., select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through 3. 4 From the TTLS Authentication ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. Note: Changes made to settings marked with an asterisk...
Embedded Web Server Administrator's Guide
Page 29
... the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, some devices... is protected. Controls the ability to update firmware from a flash drive Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Copy function Controls the...
... the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, some devices... is protected. Controls the ability to update firmware from a flash drive Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Copy function Controls the...
Embedded Web Server Administrator's Guide
Page 30
... to the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are ignored Protects access to print from the printer control panel. Controls access to the Network/Ports section of MarkVision Professional). When disabled, it does Protects access to the Network/Ports...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration item of the...
... to the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are ignored Protects access to print from the printer control panel. Controls access to the Network/Ports section of MarkVision Professional). When disabled, it does Protects access to the Network/Ports...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration item of the...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31