Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Before configuring printer security, it can use Embedded Web Server Security Templates to ... a plan that identifies who has been authenticated by which functions those users holding appropriate credentials. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Items to consider might be sent to the devices that ...
...secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Before configuring printer security, it can use Embedded Web Server Security Templates to ... a plan that identifies who has been authenticated by which functions those users holding appropriate credentials. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Items to consider might be sent to the devices that ...
Embedded Web Server Administrator's Guide
Page 6
... LDAP + GSSAPI with one or more groups. Access Controls By default, all users the functions they need to print in color, but in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to identify sets of individual Access Controls and what they...
... LDAP + GSSAPI with one or more groups. Access Controls By default, all users the functions they need to print in color, but in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to identify sets of individual Access Controls and what they...
Embedded Web Server Administrator's Guide
Page 9
... must submit when authenticating. Notes: • Supported devices can interact with the LDAP server. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to specify the information a user must submit when authenticating. ...-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. One of the strengths of LDAP is the node in the Embedded Web Server 9
... must submit when authenticating. Notes: • Supported devices can interact with the LDAP server. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to specify the information a user must submit when authenticating. ...-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. One of the strengths of LDAP is the node in the Embedded Web Server 9
Embedded Web Server Administrator's Guide
Page 11
... • Search Base-The Search Base is typically used for access. Note: A Search Base consists of authentication that relies on the printer control panel. Instead of authenticating directly with any form of multiple attributes-such as cn (common name), ou (organizational unit), o (organization... LDAP server where the authentication will first authenticate with the LDAP server. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with a Kerberos ...
... • Search Base-The Search Base is typically used for access. Note: A Search Base consists of authentication that relies on the printer control panel. Instead of authenticating directly with any form of multiple attributes-such as cn (common name), ou (organizational unit), o (organization... LDAP server where the authentication will first authenticate with the LDAP server. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with a Kerberos ...
Embedded Web Server Administrator's Guide
Page 13
...file to reset the field and search for user authentication, Kerberos 5 is most often used in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... one Kerberos configuration file (krb5.conf) can be stored on a supported device, that it can be used as a krb5.conf file on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help prevent ...
...file to reset the field and search for user authentication, Kerberos 5 is most often used in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... one Kerberos configuration file (krb5.conf) can be stored on a supported device, that it can be used as a krb5.conf file on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help prevent ...
Embedded Web Server Administrator's Guide
Page 14
... settings automatically disables use of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Instead of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. An administrator can only be ... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be used in sync or closely aligned with the KDC system clock. Using security features in clear text.
... settings automatically disables use of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Instead of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. An administrator can only be ... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be used in sync or closely aligned with the KDC system clock. Using security features in clear text.
Embedded Web Server Administrator's Guide
Page 16
... out. • Failure time frame-Specify the amount of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...each function you want to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
... out. • Failure time frame-Specify the amount of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...each function you want to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
Embedded Web Server Administrator's Guide
Page 17
... Submit to save changes, or Cancel to retain previously configured values. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as Passwords and...
... Submit to save changes, or Cancel to retain previously configured values. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as Passwords and...
Embedded Web Server Administrator's Guide
Page 18
... authorized users of that function, and then click Submit. Step One: Set up internal accounts" on page 7. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from using it is located in a public...on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 8. Scenario: Standalone or small office If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can assign a single password or PIN for all ...
... authorized users of that function, and then click Submit. Step One: Set up internal accounts" on page 7. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from using it is located in a public...on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 8. Scenario: Standalone or small office If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can assign a single password or PIN for all ...
Embedded Web Server Administrator's Guide
Page 19
... Network running Active Directory On networks running Active Directory, administrators can use the LDAP+GSSAPI capabilities of the Embedded Web Server to the printer Using security features in the security template. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with ...to include in the Embedded Web Server 19 The KDC port - Users will be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify Groups, and then select one ...
... Network running Active Directory On networks running Active Directory, administrators can use the LDAP+GSSAPI capabilities of the Embedded Web Server to the printer Using security features in the security template. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with ...to include in the Embedded Web Server 19 The KDC port - Users will be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify Groups, and then select one ...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the...
Embedded Web Server Administrator's Guide
Page 24
... After the disk has been encrypted, you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm the action: Contents will appear asking you to the Enable/Disable ...the hard disk Hard disk encryption helps prevent loss of the encryption task. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue? • Select Yes to schedule additional times for disk wiping, select Scheduled Disk Wiping. 4...
... After the disk has been encrypted, you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to confirm the action: Contents will appear asking you to the Enable/Disable ...the hard disk Hard disk encryption helps prevent loss of the encryption task. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue? • Select Yes to schedule additional times for disk wiping, select Scheduled Disk Wiping. 4...
Embedded Web Server Administrator's Guide
Page 25
... the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. if level "4 - The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Note: The Enable Remote Syslog...
... the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. if level "4 - The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Note: The Enable Remote Syslog...
Embedded Web Server Administrator's Guide
Page 26
...of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to the authentication server, you want to send E-mail, enter the information appropriate...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . The default value is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS (Tunneled Transport ...
...of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to the authentication server, you want to send E-mail, enter the information appropriate...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . The default value is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS (Tunneled Transport ...
Embedded Web Server Administrator's Guide
Page 27
... Community identifier (the default community name is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server ...Changes made to settings marked with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values.
... Community identifier (the default community name is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server ...Changes made to settings marked with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values.
Embedded Web Server Administrator's Guide
Page 29
... access to the Scan to Email function Controls access to the configuration of the Settings menu on the printer control panel Protects access to on device type and installed options, some devices as Function Access Controls) ...Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from ...the printer control panel Controls the ability to create new bookmarks from a flash drive. Users...
... access to the Scan to Email function Controls access to the configuration of the Settings menu on the printer control panel Protects access to on device type and installed options, some devices as Function Access Controls) ...Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from ...the printer control panel Controls the ability to create new bookmarks from a flash drive. Users...
Embedded Web Server Administrator's Guide
Page 30
...capable digital camera. Certificate Management is limited to the Paper menu from the Embedded Web Server. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded ...Web Server The Solution 1 through Solution 10 Access Controls can be assigned to print from the printer control panel and Embedded Web Server. Controls access to the Operator Panel Lock. Function Access Control Network Ports/Menu at the Device...
...capable digital camera. Certificate Management is limited to the Paper menu from the Embedded Web Server. When protected, no longer possible to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded ...Web Server The Solution 1 through Solution 10 Access Controls can be assigned to print from the printer control panel and Embedded Web Server. Controls access to the Operator Panel Lock. Function Access Control Network Ports/Menu at the Device...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31