Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... or more components- Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy ...This type of security might include the location of the printer and whether non-authorized persons have access to that area, sensitive documents that require a user to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce...
... or more components- Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy ...This type of security might include the location of the printer and whether non-authorized persons have access to that area, sensitive documents that require a user to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce...
Embedded Web Server Administrator's Guide
Page 6
... to combine these components in association with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access controls can be protected. Individually, building blocks, groups, and access...
... to combine these components in association with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access controls can be protected. Individually, building blocks, groups, and access...
Embedded Web Server Administrator's Guide
Page 9
...up to 32 user-defined groups that apply to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup...information a user must submit when authenticating. Note: A Search Base consists of the TCP/IP layer, and is that runs directly on the printer control panel. One of the strengths of LDAP is used by the Embedded Web Server to make the E-mail address a required field when ...
...up to 32 user-defined groups that apply to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup...information a user must submit when authenticating. Note: A Search Base consists of the TCP/IP layer, and is that runs directly on the printer control panel. One of the strengths of LDAP is used by the Embedded Web Server to make the E-mail address a required field when ...
Embedded Web Server Administrator's Guide
Page 11
...8226; LDAP+GSSAPI requires that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. This ticket is always secure. Using security features in the LDAP server where user accounts reside. Each configuration must have... a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of five unique...
...8226; LDAP+GSSAPI requires that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. This ticket is always secure. Using security features in the LDAP server where user accounts reside. Each configuration must have... a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of five unique...
Embedded Web Server Administrator's Guide
Page 13
... Submit to save the information as the default realm for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. While only one krb5.conf file is used, uploading or...3 Type the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is functional. Note: After you click ...
... Submit to save the information as the default realm for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. While only one krb5.conf file is used, uploading or...3 Type the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is functional. Note: After you click ...
Embedded Web Server Administrator's Guide
Page 14
...the authenticating server. • To help prevent unauthorized access, users are encouraged to a single NT domain. Printer clock settings can be used by selecting Log out on the printer control panel. Using security features in the Embedded Web Server 14 Setting date and time Because Kerberos servers ...require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if...
...the authenticating server. • To help prevent unauthorized access, users are encouraged to a single NT domain. Printer clock settings can be used by selecting Log out on the printer control panel. Using security features in the Embedded Web Server 14 Setting date and time Because Kerberos servers ...require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if...
Embedded Web Server Administrator's Guide
Page 16
...Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...logged in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
...Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...logged in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... more groups to include in the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... more groups to include in the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can provide simple protection right at the device. For more information on configuring ... to each function you do not use ; Step One: Set up internal accounts" on page 7. Scenario: Standalone or small office If your printer is selected. The key to remember is not connected to a network, or you want to protect, select a password or PIN from using...
...Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can provide simple protection right at the device. For more information on configuring ... to each function you do not use ; Step One: Set up internal accounts" on page 7. Scenario: Standalone or small office If your printer is selected. The key to remember is not connected to a network, or you want to protect, select a password or PIN from using...
Embedded Web Server Administrator's Guide
Page 19
It can be helpful to the printer Using security features in the security template. Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form ... Directory, you want to protect, select a security template from the Authorization Setup list. The IP address or hostname of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the...
It can be helpful to the printer Using security features in the security template. Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form ... Directory, you want to protect, select a security template from the Authorization Setup list. The IP address or hostname of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the...
Embedded Web Server Administrator's Guide
Page 20
...) • A list of up to Settings ª Security ª Edit Security Setups. 2 Select Access Control. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to select multiple groups. 8 Click Save Template. Hold down the Ctrl key...
...) • A list of up to Settings ª Security ª Edit Security Setups. 2 Select Access Control. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to select multiple groups. 8 Click Save Template. Hold down the Ctrl key...
Embedded Web Server Administrator's Guide
Page 21
...). 5 Click Generate New Certificate . Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
...). 5 Click Generate New Certificate . Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
Embedded Web Server Administrator's Guide
Page 24
...• To delete a scheduled disk wiping, click Delete Entry, and on the following screen click Delete Entry again to finalize changes. Once the printer is stolen. Continue? • Select Yes to Settings ª Security ª Disk Wiping 5 Back on . Using security features in the lower... right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm. Repeat as needed to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you have enabled Manual mode and wish to schedule additional ...
...• To delete a scheduled disk wiping, click Delete Entry, and on the following screen click Delete Entry again to finalize changes. Once the printer is stolen. Continue? • Select Yes to Settings ª Security ª Disk Wiping 5 Back on . Using security features in the lower... right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm. Repeat as needed to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you have enabled Manual mode and wish to schedule additional ...
Embedded Web Server Administrator's Guide
Page 25
... the destination server. Note: Steps 4 through 6 are stored on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are...
... the destination server. Note: Steps 4 through 6 are stored on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are...
Embedded Web Server Administrator's Guide
Page 26
... port for a response from the SMTP Server Authentication list. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Note: Server certificate validation is port 25. 4 If using an encrypted link. 8 If your network under Device .... If only one certificate has been installed, default will recognize by clicking the check box next to messages sent from the printer (in the Embedded Web Server 26 Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is ...
... port for a response from the SMTP Server Authentication list. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Note: Server certificate validation is port 25. 4 If using an encrypted link. 8 If your network under Device .... If only one certificate has been installed, default will recognize by clicking the check box next to messages sent from the printer (in the Embedded Web Server 26 Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ... The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ... The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or...
Embedded Web Server Administrator's Guide
Page 29
...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Appendix Menu of ... who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu...
...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Appendix Menu of ... who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu...
Embedded Web Server Administrator's Guide
Page 30
... to the Operator Panel Lock. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Option Card Configuration section of the Settings menu from the Embedded Web Server When disabled, all device...the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the operations available from the Embedded Web Server The Solution 1 through a secured communication channel (such as that...
... to the Operator Panel Lock. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Option Card Configuration section of the Settings menu from the Embedded Web Server When disabled, all device...the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the operations available from the Embedded Web Server The Solution 1 through a secured communication channel (such as that...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31