Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...define who the users will be identified, or both identified and authorized. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to use the printer. Authorization specifies which a system securely identifies a user (that is also referred to as authentication and group permissions,... can be helpful to create a plan that only employees who know the password or PIN are able to use the printer, and which a printer is allowed to build secure, flexible profiles that provide end users the functionality they will no longer be used only in...
...define who the users will be identified, or both identified and authorized. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to use the printer. Authorization specifies which a system securely identifies a user (that is also referred to as authentication and group permissions,... can be helpful to create a plan that only employees who know the password or PIN are able to use the printer, and which a printer is allowed to build secure, flexible profiles that provide end users the functionality they will no longer be used only in...
Embedded Web Server Administrator's Guide
Page 6
... a "Warehouse" group, and a "Sales and Marketing" group. Access Controls By default, all users the functions they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access controls can be set of Embedded Web Server security, groups...
... a "Warehouse" group, and a "Sales and Marketing" group. Access Controls By default, all users the functions they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access controls can be set of Embedded Web Server security, groups...
Embedded Web Server Administrator's Guide
Page 9
... Setup dialog is divided into four parts: General Information • Setup Name-This name will be entered, separated by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets ... creating security templates. • Server Address-Enter the IP Address or the Host Name of the TCP/IP layer, and is that prevents the printer from communicating with the LDAP server. Using LDAP Lightweight Directory Access Protocol (LDAP) is the node in the Embedded Web Server 9 Multiple search bases...
... Setup dialog is divided into four parts: General Information • Setup Name-This name will be entered, separated by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets ... creating security templates. • Server Address-Enter the IP Address or the Host Name of the TCP/IP layer, and is that prevents the printer from communicating with the LDAP server. Using LDAP Lightweight Directory Access Protocol (LDAP) is the node in the Embedded Web Server 9 Multiple search bases...
Embedded Web Server Administrator's Guide
Page 11
... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...of five unique LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server, the user will not be configured. • Supported devices can store a maximum of simple LDAP authentication ...
... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...of five unique LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server, the user will not be configured. • Supported devices can store a maximum of simple LDAP authentication ...
Embedded Web Server Administrator's Guide
Page 13
...be able to access protected device functions in the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups....8226; Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the LDAP +GSSAPI building block. Using security features in the Realm field 6 Click Submit to save the information as ...
...be able to access protected device functions in the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups....8226; Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the LDAP +GSSAPI building block. Using security features in the Realm field 6 Click Submit to save the information as ...
Embedded Web Server Administrator's Guide
Page 14
... the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • The NTLM building block can only be in sync or closely aligned with the KDC system clock... and the client generate and compare three encrypted strings based on the user's password. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that ...
... the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • The NTLM building block can only be in sync or closely aligned with the KDC system clock... and the client generate and compare three encrypted strings based on the user's password. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that ...
Embedded Web Server Administrator's Guide
Page 16
... default values. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access... administrators can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
... default values. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access... administrators can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 17
..., type a unique name containing up to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each session by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
..., type a unique name containing up to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each session by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... screen for authentication, authorization, or both. To delete an individual security template, select it is selected. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as needed . For more information on configuring individual user accounts, see the relevant... section(s) under "Configuring building blocks" on page 8. Scenario: Standalone or small office If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...
... screen for authentication, authorization, or both. To delete an individual security template, select it is selected. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as needed . For more information on configuring individual user accounts, see the relevant... section(s) under "Configuring building blocks" on page 8. Scenario: Standalone or small office If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...
Embedded Web Server Administrator's Guide
Page 19
... authorization, and then select a building block from the existing network, making access to any function controlled by a security template. It can be helpful to the printer Using security features in the Embedded Web Server 19 Users will need to include in order to gain access to the... printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory, you want ...
... authorization, and then select a building block from the existing network, making access to any function controlled by a security template. It can be helpful to the printer Using security features in the Embedded Web Server 19 Users will need to include in order to gain access to the... printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory, you want ...
Embedded Web Server Administrator's Guide
Page 20
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the hostname for the device. • Organization Name-Type...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the hostname for the device. • Organization Name-Type...
Embedded Web Server Administrator's Guide
Page 24
... Delete Entry, and on . Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you have enabled Manual mode and wish to Settings ª Security..., you to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Repeat as needed to proceed with disk wiping and encryption. Warning-Potential Damage: Enabling or disabling disk encryption will...
... Delete Entry, and on . Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you have enabled Manual mode and wish to Settings ª Security..., you to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Repeat as needed to proceed with disk wiping and encryption. Warning-Potential Damage: Enabling or disabling disk encryption will...
Embedded Web Server Administrator's Guide
Page 25
... SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. Using security features in the Embedded Web Server 25 The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Admin's e-mail address field, and then choose...
... SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. Using security features in the Embedded Web Server 25 The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Admin's e-mail address field, and then choose...
Embedded Web Server Administrator's Guide
Page 26
...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to send ...method from the SMTP server before changing 802.1x authentication settings. Note: Server certificate validation is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to...
...certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to send ...method from the SMTP server before changing 802.1x authentication settings. Note: Server certificate validation is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to...
Embedded Web Server Administrator's Guide
Page 27
... cause the print server to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the Embedded Web Server 27 SNMP...SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version...
... cause the print server to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the Embedded Web Server 27 SNMP...SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version...
Embedded Web Server Administrator's Guide
Page 29
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, ... the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ability to...
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, ... the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ability to...
Embedded Web Server Administrator's Guide
Page 30
...Web Server When disabled, all device settings changes requested by incoming print jobs are ignored. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). Protects access to...Settings menu from the Embedded Web Server. Protects access to the Option Card Configuration section of the Settings menu from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator...
...Web Server When disabled, all device settings changes requested by incoming print jobs are ignored. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). Protects access to...Settings menu from the Embedded Web Server. Protects access to the Option Card Configuration section of the Settings menu from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31