Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...a user who you are available to use the printer, and which functions those users holding appropriate credentials. Authorization specifies which functions are ). This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document... outputs safe and confidential in today's busy environments. Before configuring printer security, it can use the printer. Understanding the basics Securing a printer through the Embedded Web Server ...
...a user who you are available to use the printer, and which functions those users holding appropriate credentials. Authorization specifies which functions are ). This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document... outputs safe and confidential in today's busy environments. Before configuring printer security, it can use the printer. Understanding the basics Securing a printer through the Embedded Web Server ...
Embedded Web Server Administrator's Guide
Page 6
... security template. For example, in Company A, employees in the warehouse do , see "Menu of functions such as "Function Access Controls"), are used in some multifunction printers, over 40 individual menus and functions can be set of Access Controls" on the type of users needing access to only authorized users. Access Controls...
... security template. For example, in Company A, employees in the warehouse do , see "Menu of functions such as "Function Access Controls"), are used in some multifunction printers, over 40 individual menus and functions can be set of Access Controls" on the type of users needing access to only authorized users. Access Controls...
Embedded Web Server Administrator's Guide
Page 9
... TCP/IP layer, and is the node in the Embedded Web Server 9 Note: A Search Base consists of an outage that runs directly on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets Layer/...Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with any form of databases without special integration, making it can store a maximum of five unique LDAP configurations.
... TCP/IP layer, and is the node in the Embedded Web Server 9 Note: A Search Base consists of an outage that runs directly on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets Layer/...Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with any form of databases without special integration, making it can store a maximum of five unique LDAP configurations.
Embedded Web Server Administrator's Guide
Page 11
... LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the... printer from communicating with a Kerberos server to identify each session by commas. Note: A Search Base consists of authenticating directly with the ...
... LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the... printer from communicating with a Kerberos server to identify each session by commas. Note: A Search Base consists of authenticating directly with the ...
Embedded Web Server Administrator's Guide
Page 13
... with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security...the KDC Port field. 5 Type the realm (or domain) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
... with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security...the KDC Port field. 5 Type the realm (or domain) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
Embedded Web Server Administrator's Guide
Page 14
...with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Instead of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Setting date and time Because ...Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a non-...
...with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Instead of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Setting date and time Because ...Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a non-...
Embedded Web Server Administrator's Guide
Page 16
...a specific type of the selections available in order to gain access to cancel all changes. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... Click Submit to save changes, or Reset Form to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
...a specific type of the selections available in order to gain access to cancel all changes. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... Click Submit to save changes, or Reset Form to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... Add authorization, and then select a building block from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to 128 characters to create a security template. Editing or deleting an existing security template 1 From the Embedded Web...
... Add authorization, and then select a building block from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to 128 characters to create a security template. Editing or deleting an existing security template 1 From the Embedded Web...
Embedded Web Server Administrator's Guide
Page 18
...; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18 Scenarios Scenario...
...; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18 Scenarios Scenario...
Embedded Web Server Administrator's Guide
Page 19
This list will be pulled from the drop-down the Ctrl key to the printer as seamless as other network services. Note: Certain building blocks-such as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify ... the Embedded Web Server 19 User credentials and group designations can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. The KDC port - Hold down list next to the name of that function. 4 Click Submit to save changes...
This list will be pulled from the drop-down the Ctrl key to the printer as seamless as other network services. Note: Certain building blocks-such as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify ... the Embedded Web Server 19 User credentials and group designations can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. The KDC port - Hold down list next to the name of that function. 4 Click Submit to save changes...
Embedded Web Server Administrator's Guide
Page 20
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate ...
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate ...
Embedded Web Server Administrator's Guide
Page 24
... be lost. Continue? • Select Yes to the Enable/Disable screen. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk. 7 A... message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm the action: Contents will indicate the progress of sensitive data in ...
... be lost. Continue? • Select Yes to the Enable/Disable screen. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk. 7 A... message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm the action: Contents will indicate the progress of sensitive data in ...
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are ...
The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are ...
Embedded Web Server Administrator's Guide
Page 26
... Though normally associated with wireless network connections, 802.1x authentication is required. 11 If the device must configure them on the printer before timing out. Using security features in order to send E-mail, enter the information appropriate for that server. 5 For ...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log 802...
... Though normally associated with wireless network connections, 802.1x authentication is required. 11 If the device must configure them on the printer before timing out. Using security features in order to send E-mail, enter the information appropriate for that server. 5 For ...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log 802...
Embedded Web Server Administrator's Guide
Page 27
...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to be accepted through 3. Setting up SNMP Simple Network ...
...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to be accepted through 3. Setting up SNMP Simple Network ...
Embedded Web Server Administrator's Guide
Page 29
... on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section...Change Language feature from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Controls the ability to print...
... on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section...Change Language feature from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Controls the ability to print...
Embedded Web Server Administrator's Guide
Page 30
... Settings menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls access to printer settings and functions by incoming print jobs are ignored. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
... Settings menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls access to printer settings and functions by incoming print jobs are ignored. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31