Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... identified and authorized. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Utilizing soft... store, and transmit sensitive documents. Security templates are ). The Embedded Web Server handles authentication and authorization using one or more of a printer-to be a weak link in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as "permissions." Authentication and Authorization ...
... identified and authorized. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Utilizing soft... store, and transmit sensitive documents. Security templates are ). The Embedded Web Server handles authentication and authorization using one or more of a printer-to be a weak link in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as "permissions." Authentication and Authorization ...
Embedded Web Server Administrator's Guide
Page 6
... security, groups are used to manage access to specific menus and functions or to disable them entirely. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. How they need to print in color, but in sales and marketing use color every day...
... security, groups are used to manage access to specific menus and functions or to disable them entirely. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. How they need to print in color, but in sales and marketing use color every day...
Embedded Web Server Administrator's Guide
Page 9
Note: A Search Base consists of authentication that relies on the printer control panel. Using security features in a specially organized information directory. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings ...(LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on top of the TCP/IP layer, and is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of five unique LDAP...
Note: A Search Base consists of authentication that relies on the printer control panel. Using security features in a specially organized information directory. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings ...(LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on top of the TCP/IP layer, and is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of five unique LDAP...
Embedded Web Server Administrator's Guide
Page 11
...Authentication Setup next to the setup you want to access protected device functions in the event of an outage that relies on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." Each configuration must have a unique name.... • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI...
...Authentication Setup next to the setup you want to access protected device functions in the event of an outage that relies on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." Each configuration must have a unique name.... • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI...
Embedded Web Server Administrator's Guide
Page 13
...default realm. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...8226; Click Delete File to verify that the Kerberos configuration file for the selected device is most often used by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
...default realm. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...8226; Click Delete File to verify that the Kerberos configuration file for the selected device is most often used by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 14
...out on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Printer clock settings can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication ... and time settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from the Time Zone drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within...
...out on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Printer clock settings can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication ... and time settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from the Time Zone drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within...
Embedded Web Server Administrator's Guide
Page 16
...features in order to gain access to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...number of times a user can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
...features in order to gain access to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...number of times a user can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to create a security template. Users will now be...
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to create a security template. Users will now be...
Embedded Web Server Administrator's Guide
Page 18
... now be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. Administrators can assign a single password or PIN for all security templates on the device, regardless of the device, or separate...public space such as a lobby, and you do not use ; The key to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be edited. Step One: Create a password or PIN 1 From the Embedded ...
... now be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. Administrators can assign a single password or PIN for all security templates on the device, regardless of the device, or separate...public space such as a lobby, and you do not use ; The key to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be edited. Step One: Create a password or PIN 1 From the Embedded ...
Embedded Web Server Administrator's Guide
Page 19
This list will need to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is located • ... Distribution Center (KDC) - It can be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of that function. 4 Click Submit to...
This list will need to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is located • ... Distribution Center (KDC) - It can be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of that function. 4 Click Submit to...
Embedded Web Server Administrator's Guide
Page 20
... Web Server Home screen, browse to select multiple groups. 8 Click Save Template. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list. Hold down the Ctrl key...
... Web Server Home screen, browse to select multiple groups. 8 Click Save Template. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list. Hold down the Ctrl key...
Embedded Web Server Administrator's Guide
Page 21
...). 5 Click Generate New Certificate . Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any...
...). 5 Click Generate New Certificate . Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any...
Embedded Web Server Administrator's Guide
Page 24
...Scheduled). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen. Continue...hard disk. 7 A message will appear asking you will be lost. Disk encryption can be returned to the Enable/Disable screen. Once the printer is fully powered up a schedule for each method of the encryption task. Warning-Potential Damage: Enabling or disabling disk encryption will appear in ...
...Scheduled). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen. Continue...hard disk. 7 A message will appear asking you will be lost. Disk encryption can be returned to the Enable/Disable screen. Once the printer is fully powered up a schedule for each method of the encryption task. Warning-Potential Damage: Enabling or disabling disk encryption will appear in ...
Embedded Web Server Administrator's Guide
Page 25
... log settings changed alert-When log settings are valid only if Remote Syslog is enabled. 7 From the Severity of events to normal operating mode. The printer will power-on reset, and then return to log list, select the priority level cutoff (0-7) for logging messages and events. 0 is the highest severity, and...
... log settings changed alert-When log settings are valid only if Remote Syslog is enabled. 7 From the Severity of events to normal operating mode. The printer will power-on reset, and then return to log list, select the priority level cutoff (0-7) for logging messages and events. 0 is the highest severity, and...
Embedded Web Server Administrator's Guide
Page 26
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to each ...
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to each ...
Embedded Web Server Administrator's Guide
Page 27
... Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...
... Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...
Embedded Web Server Administrator's Guide
Page 29
...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from any source ...
...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and Scan... to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from any source ...
Embedded Web Server Administrator's Guide
Page 30
... access to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls access to the Paper menu from the Embedded Web Server. Protects access to print from the Embedded...the ability to the Option Card Configuration section of MarkVision Professional). Controls access to release (print) Held Faxes. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded...
... access to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls access to the Paper menu from the Embedded Web Server. Protects access to print from the Embedded...the ability to the Option Card Configuration section of MarkVision Professional). Controls access to release (print) Held Faxes. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31