Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure ... "permissions." Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Before configuring printer security, it can use the printer. This set of security features available in the Lexmark Embedded Web Server represents an evolution in...
Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure ... "permissions." Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Before configuring printer security, it can use the printer. This set of security features available in the Lexmark Embedded Web Server represents an evolution in...
Embedded Web Server Administrator's Guide
Page 6
... what they are used to manage access to specific menus and functions or to disable them entirely. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be used in different groups needing...
... what they are used to manage access to specific menus and functions or to disable them entirely. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be used in different groups needing...
Embedded Web Server Administrator's Guide
Page 9
...interact with many different kinds of databases without special integration, making it can store a maximum of an outage that prevents the printer from communicating with the LDAP server. Using security features in a specially organized information directory. Each configuration must have a unique...organization), c (country), or dc (domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
...interact with many different kinds of databases without special integration, making it can store a maximum of an outage that prevents the printer from communicating with the LDAP server. Using security features in a specially organized information directory. Each configuration must have a unique...organization), c (country), or dc (domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
Embedded Web Server Administrator's Guide
Page 11
LDAP+GSSAPI is typically used for access. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server ...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Each configuration must have a unique name. • As with any form of the LDAP server where the authentication will be performed. •...
LDAP+GSSAPI is typically used for access. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server ...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Each configuration must have a unique name. • As with any form of the LDAP server where the authentication will be performed. •...
Embedded Web Server Administrator's Guide
Page 13
...Reset Form to access protected device functions in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Using security features in the KDC Address field. 4 Type the number of authentication requests the Kerberos server might receive, and configure the... and search for the selected device. • Click Test Setup to verify that it can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file.
...Reset Form to access protected device functions in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Using security features in the KDC Address field. 4 Type the number of authentication requests the Kerberos server might receive, and configure the... and search for the selected device. • Click Test Setup to verify that it can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file.
Embedded Web Server Administrator's Guide
Page 14
... NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the... time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in YYYY...
... NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the... time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in YYYY...
Embedded Web Server Administrator's Guide
Page 16
... takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ... password or PIN. Only one method of security can control access to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
... takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ... password or PIN. Only one method of security can control access to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 17
... blocks available on page 29. Notes: • To help prevent unauthorized access, users are encouraged to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... blocks available on page 29. Notes: • To help prevent unauthorized access, users are encouraged to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can only delete a security template if it from the list, and then... list next to the name of the device, or separate codes to protect individual functions. Scenario: Standalone or small office If your printer is located in use can assign a single password or PIN for authentication, authorization, or both. For more codes, determine which one...
... information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can only delete a security template if it from the list, and then... list next to the name of the device, or separate codes to protect individual functions. Scenario: Standalone or small office If your printer is located in use can assign a single password or PIN for authentication, authorization, or both. For more codes, determine which one...
Embedded Web Server Administrator's Guide
Page 19
... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Note: Certain...
... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Note: Certain...
Embedded Web Server Administrator's Guide
Page 20
... groups, click Modify Groups, and then select one or more of up to 128 characters. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... groups, click Modify Groups, and then select one or more of up to 128 characters. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
Embedded Web Server Administrator's Guide
Page 24
... Choose an existing Start value (the scheduled time and day will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you will appear in the drop-down arrow to scroll through the Embedded Web Server...). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm. When finished, use the browser Back button to return to the ...
... Choose an existing Start value (the scheduled time and day will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you will appear in the drop-down arrow to scroll through the Embedded Web Server...). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm. When finished, use the browser Back button to return to the ...
Embedded Web Server Administrator's Guide
Page 25
..., security logs are stored on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. Using security features in the Admin's e-mail address field, and then choose from the device will...
..., security logs are stored on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. Using security features in the Admin's e-mail address field, and then choose from the device will...
Embedded Web Server Administrator's Guide
Page 26
... normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in order to each applicable protocol. If only one certificate has been installed, default will be sent using digital certificates to...verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: If using an encrypted link. 8 If your network under Device Credentials. Viewing or deleting the security audit...
... normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in order to each applicable protocol. If only one certificate has been installed, default will be sent using digital certificates to...verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: If using an encrypted link. 8 If your network under Device Credentials. Viewing or deleting the security audit...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. Setting SNMP Traps After configuring SNMP Version 1, ...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. Setting SNMP Traps After configuring SNMP Version 1, ...
Embedded Web Server Administrator's Guide
Page 29
...white Controls the ability to print color from the Embedded Web Server Appendix 29 Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs output in the Embedded Web Server ...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on device type and installed options, some devices as Function Access...
...white Controls the ability to print color from the Embedded Web Server Appendix 29 Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs output in the Embedded Web Server ...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on device type and installed options, some devices as Function Access...
Embedded Web Server Administrator's Guide
Page 30
... (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from an attached PictBridge capable digital camera. Protects access ...operations available from the Embedded Web Server. Appendix 30 This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles ...
... (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from an attached PictBridge capable digital camera. Protects access ...operations available from the Embedded Web Server. Appendix 30 This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31