Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by simply limiting access to a printer-or specific functions of your organization. Items to consider might be identified, or both identified and authorized. Authentication and Authorization Authentication is the method...the system. This type of the following, also referred to as Common Access Cards, the printer will need to do. Because anyone who has been authenticated by Lexmark to enable administrators to only those users are available to create a plan that provide end ...
...accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by simply limiting access to a printer-or specific functions of your organization. Items to consider might be identified, or both identified and authorized. Authentication and Authorization Authentication is the method...the system. This type of the following, also referred to as Common Access Cards, the printer will need to do. Because anyone who has been authenticated by Lexmark to enable administrators to only those users are available to create a plan that provide end ...
Embedded Web Server Administrator's Guide
Page 6
... Controls and what they are combined determines the type of security created: Building block Type of a complex security environment. Using security features in some multifunction printers, over 40 individual menus and functions can be set of users needing access to similar functions. Groups Administrators can designate up to 140 security templates...
... Controls and what they are combined determines the type of security created: Building block Type of a complex security environment. Using security features in some multifunction printers, over 40 individual menus and functions can be set of users needing access to similar functions. Groups Administrators can designate up to 140 security templates...
Embedded Web Server Administrator's Guide
Page 9
...IP Address or the Host Name of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of... an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ...
...IP Address or the Host Name of the TCP/IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of... an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ...
Embedded Web Server Administrator's Guide
Page 11
...LDAP server using the GSSAPI protocol for networks running Active Directory. Note: A Search Base consists of an outage that relies on the printer control panel. Using security features in the event of multiple attributes-such as cn (common name), ou (organizational unit), o (... store a maximum of simple LDAP authentication because the transmission is typically used for access. Instead of authentication that prevents the printer from communicating with a Kerberos server to securely end each particular LDAP+GSSAPI Server Setup when creating security templates. • Server...
...LDAP server using the GSSAPI protocol for networks running Active Directory. Note: A Search Base consists of an outage that relies on the printer control panel. Using security features in the event of multiple attributes-such as cn (common name), ou (organizational unit), o (... store a maximum of simple LDAP authentication because the transmission is typically used for access. Instead of authentication that prevents the printer from communicating with a Kerberos server to securely end each particular LDAP+GSSAPI Server Setup when creating security templates. • Server...
Embedded Web Server Administrator's Guide
Page 13
... in the event of an outage that krb5.conf file can apply to verify that it can be used by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. However, if a realm is used as a krb5.conf file on a ...supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to multiple realms...
... in the event of an outage that krb5.conf file can apply to verify that it can be used by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. However, if a realm is used as a krb5.conf file on a ...supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to multiple realms...
Embedded Web Server Administrator's Guide
Page 14
...alternate DST calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be updated manually, or set to use the "Install auth keys" link to browse to the file containing... the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to securely end each session by selecting Log out on the printer control panel. Using security features in clear text. Instead of a user's password across a network in the Embedded Web Server 14
...alternate DST calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be updated manually, or set to use the "Install auth keys" link to browse to the file containing... the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to securely end each session by selecting Log out on the printer control panel. Using security features in clear text. Instead of a user's password across a network in the Embedded Web Server 14
Embedded Web Server Administrator's Guide
Page 16
... changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Click Submit to save changes, or Reset Form to each session by a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
... changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Click Submit to save changes, or Reset Form to each session by a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
Embedded Web Server Administrator's Guide
Page 17
... building blocks can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on the device. 6 To use groups, click Modify Groups, and then select one or more groups to...
... building blocks can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of Access Controls" on the device. 6 To use groups, click Modify Groups, and then select one or more groups to...
Embedded Web Server Administrator's Guide
Page 18
... functions. Step One: Set up internal accounts" on the device, regardless of that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in use an authentication server to grant users access to devices, Internal Accounts can be created and...; Clicking Delete List will now be required to enter the correct code in order to gain access to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be edited.
... functions. Step One: Set up internal accounts" on the device, regardless of that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in use an authentication server to grant users access to devices, Internal Accounts can be created and...; Clicking Delete List will now be required to enter the correct code in order to gain access to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can be edited.
Embedded Web Server Administrator's Guide
Page 19
...block from the drop-down the Ctrl key to 128 characters. This list will be pulled from the existing network, making access to the printer Using security features in the security template. Hold down list next to the name of that function. 4 Click Submit to save changes, ...take advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to know the following: 1 Kerberos...
...block from the drop-down the Ctrl key to 128 characters. This list will be pulled from the existing network, making access to the printer Using security features in the security template. Hold down list next to the name of that function. 4 Click Submit to save changes, ...take advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to know the following: 1 Kerberos...
Embedded Web Server Administrator's Guide
Page 20
...+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
...+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... for the device (128-character maximum). Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
... for the device (128-character maximum). Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
Embedded Web Server Administrator's Guide
Page 24
...changes. Encryption takes approximately two minutes, and a status bar will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the... asking you will indicate the progress of the touch screen. After the disk has been encrypted, you to confirm. Once the printer is stolen. Disk encryption can be returned to the Enable/Disable screen. This takes approximately one minute. Using security features in ...
...changes. Encryption takes approximately two minutes, and a status bar will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the... asking you will indicate the progress of the touch screen. After the disk has been encrypted, you to confirm. Once the printer is stolen. Disk encryption can be returned to the Enable/Disable screen. This takes approximately one minute. Using security features in ...
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on reset, and then return to a device. Warning" is chosen, severity levels 0-4 will be logged). 8 To send all events regardless of severity to ...
The printer will power-on reset, and then return to a device. Warning" is chosen, severity levels 0-4 will be logged). 8 To send all events regardless of severity to ...
Embedded Web Server Administrator's Guide
Page 26
... the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is also used on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file ... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to specify whether E-mail will wait for a response from the SMTP Server Authentication list. Using ...
... the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is also used on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file ... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to specify whether E-mail will wait for a response from the SMTP Server Authentication list. Using ...
Embedded Web Server Administrator's Guide
Page 27
... through 3. The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
... through 3. The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
Embedded Web Server Administrator's Guide
Page 29
... color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to print color from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls the ability... of any installed eSF applications Controls access to the Scan to Fax function Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from any source other than a flash drive. Firmware files which ...
... color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to print color from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls the ability... of any installed eSF applications Controls access to the Scan to Fax function Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from any source other than a flash drive. Firmware files which ...
Embedded Web Server Administrator's Guide
Page 30
...from the Embedded Web Server. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device ... Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Users who are ignored. Protects access to ...
...from the Embedded Web Server. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device ... Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Users who are ignored. Protects access to ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31