Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... Building Blocks, such as Common Access Cards, the printer will need to the devices that require a user to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document ...latest suite of your organization. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Security templates are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that is...
... Building Blocks, such as Common Access Cards, the printer will need to the devices that require a user to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document ...latest suite of your organization. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Security templates are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that is...
Embedded Web Server Administrator's Guide
Page 6
... of security created: Building block Type of Access Controls" on the type of functions such as "Function Access Controls"), are used to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. How they do not need , while restricting other functions to create...
... of security created: Building block Type of Access Controls" on the type of functions such as "Function Access Controls"), are used to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. How they do not need , while restricting other functions to create...
Embedded Web Server Administrator's Guide
Page 9
...TLS. • Userid Attribute-Type either User ID or User ID and Password to communicate with any form of authentication that relies on the printer control panel. The default LDAP port is used by selecting Log out on an external server, users will be entered, separated by commas....information stored in the Internal Accounts Settings section will be able to access protected device functions in the event of an outage that prevents the printer from communicating with many different kinds of five unique LDAP configurations. To add a new LDAP setup 1 From the Embedded Web Server Home ...
...TLS. • Userid Attribute-Type either User ID or User ID and Password to communicate with any form of authentication that relies on the printer control panel. The default LDAP port is used by selecting Log out on an external server, users will be entered, separated by commas....information stored in the Internal Accounts Settings section will be able to access protected device functions in the event of an outage that prevents the printer from communicating with many different kinds of five unique LDAP configurations. To add a new LDAP setup 1 From the Embedded Web Server Home ...
Embedded Web Server Administrator's Guide
Page 11
...+GSSAPI Server Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups.... the node in the Embedded Web Server 11 Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL...
...+GSSAPI Server Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups.... the node in the Embedded Web Server 11 Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL...
Embedded Web Server Administrator's Guide
Page 13
... LDAP+GSSAPI Though it is not specified in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used by itself for a new configuration file. Creating a simple... that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...
... LDAP+GSSAPI Though it is not specified in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used by itself for a new configuration file. Creating a simple... that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...
Embedded Web Server Administrator's Guide
Page 14
...not be able to access protected device functions in the event of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Setting date and time Because Kerberos servers require that prevents the...auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be registered to automatically sync with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is...
...not be able to access protected device functions in the event of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Setting date and time Because Kerberos servers require that prevents the...auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be registered to automatically sync with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is...
Embedded Web Server Administrator's Guide
Page 16
...from the drop-down list for that function. Users will now be logged in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
...from the drop-down list for that function. Users will now be logged in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
... Authentication list, select a method for authenticating users. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... Authentication list, select a method for authenticating users. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... protected by that anyone who knows a password or PIN can provide simple protection right at the device. Scenarios Scenario: Printer in a public place If your printer is located in use; For more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks...Users will delete all authorized users of the device, or separate codes to remember is that code. Scenario: Standalone or small office If your printer is not connected to a network, or you want to protect, select a password or PIN from the list, and then click Delete ...
... protected by that anyone who knows a password or PIN can provide simple protection right at the device. Scenarios Scenario: Printer in a public place If your printer is located in use; For more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks...Users will delete all authorized users of the device, or separate codes to remember is that code. Scenario: Standalone or small office If your printer is not connected to a network, or you want to protect, select a password or PIN from the list, and then click Delete ...
Embedded Web Server Administrator's Guide
Page 19
... file on the device. 6 To use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common ...Setup: - User credentials and group designations can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Hold down list next to the name of authentication and authorization services already deployed on...
... file on the device. 6 To use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common ...Setup: - User credentials and group designations can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Hold down list next to the name of authentication and authorization services already deployed on...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... to any function controlled by the security template. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to use the hostname for the device...
... to any function controlled by the security template. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to use the hostname for the device...
Embedded Web Server Administrator's Guide
Page 24
... the lower right corner of the hard disk. 7 A message will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption...asking you to deactivate it. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. When finished, use the ...
... the lower right corner of the hard disk. 7 A message will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption...asking you to deactivate it. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. When finished, use the ...
Embedded Web Server Administrator's Guide
Page 25
...; Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to aid in the Embedded Web Server 25 The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Using security features in sorting...
...; Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to aid in the Embedded Web Server 25 The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Using security features in sorting...
Embedded Web Server Administrator's Guide
Page 26
...server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to... to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address...
...server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to... to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address...
Embedded Web Server Administrator's Guide
Page 27
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP...
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP...
Embedded Web Server Administrator's Guide
Page 29
... to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from any installed eSF applications Controls access to the Scan to...to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section ...
... to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from any installed eSF applications Controls access to the Scan to...to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section ...
Embedded Web Server Administrator's Guide
Page 30
... General and Print Settings items of the Settings menu from the Embedded Web Server. The Access Control for each Solution is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by... This applies only when an Option Card with configuration options is installed in the device. Protects access to the Paper menu from the printer control panel. Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls the ability to release (print) Held ...
... General and Print Settings items of the Settings menu from the Embedded Web Server. The Access Control for each Solution is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by... This applies only when an Option Card with configuration options is installed in the device. Protects access to the Paper menu from the printer control panel. Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls the ability to release (print) Held ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31