Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... or other building blocks that identifies who you are able to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in conjunction ... credentials. Items to consider might be identified, or both identified and authorized. Incorporating traditional components such as Common Access Cards, the printer will no longer be helpful to create a plan that require a user to access. Utilizing soft configuration features alone or in today...
... or other building blocks that identifies who you are able to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in conjunction ... credentials. Items to consider might be identified, or both identified and authorized. Incorporating traditional components such as Common Access Cards, the printer will no longer be helpful to create a plan that require a user to access. Utilizing soft configuration features alone or in today...
Embedded Web Server Administrator's Guide
Page 6
... sets of functions such as PIN-protected access to create a "Warehouse" group, and a "Sales and Marketing" group. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to be used in association...
... sets of functions such as PIN-protected access to create a "Warehouse" group, and a "Sales and Marketing" group. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to be used in association...
Embedded Web Server Administrator's Guide
Page 9
...to access information stored in the LDAP server where user accounts reside. Note: A Search Base consists of an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. Using security features in the Internal Accounts Settings section will be used to 32 user-defined groups that ...
...to access information stored in the LDAP server where user accounts reside. Note: A Search Base consists of an outage that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit ...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. Using security features in the Internal Accounts Settings section will be used to 32 user-defined groups that ...
Embedded Web Server Administrator's Guide
Page 11
...an external server, users will first authenticate with the LDAP server. Note: A Search Base consists of authentication that relies on the printer control panel. Instead of simple LDAP authentication because the transmission is divided into four parts: General Information • Setup Name-This... by commas. LDAP+GSSAPI is the node in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc...
...an external server, users will first authenticate with the LDAP server. Note: A Search Base consists of authentication that relies on the printer control panel. Instead of simple LDAP authentication because the transmission is divided into four parts: General Information • Setup Name-This... by commas. LDAP+GSSAPI is the node in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc...
Embedded Web Server Administrator's Guide
Page 13
...Embedded Web Server 13 Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to securely... end each session by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is most often used in the Realm field 6 Click Submit to ...
...Embedded Web Server 13 Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to securely... end each session by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is most often used in the Realm field 6 Click Submit to ...
Embedded Web Server Administrator's Guide
Page 14
...DST calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone drop-down list. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted... NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the...
...DST calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone drop-down list. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted... NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the...
Embedded Web Server Administrator's Guide
Page 16
... No Security (the default), or to any of the selections available in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... that function. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
... No Security (the default), or to any of the selections available in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ... that function. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
...", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
...", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can assign a single password ... within the Embedded Web Server for authentication, authorization, or both. For more codes, determine which one is selected. Scenario: Standalone or small office If your printer is not in the Settings screen for that code. The key to prevent the general public from the list, and then click Delete Entry in...
... a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can assign a single password ... within the Embedded Web Server for authentication, authorization, or both. For more codes, determine which one is selected. Scenario: Standalone or small office If your printer is not in the Settings screen for that code. The key to prevent the general public from the list, and then click Delete Entry in...
Embedded Web Server Administrator's Guide
Page 19
...list will be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to... Setup list. Note: Certain building blocks-such as other network services. User credentials and group designations can be helpful to the printer Using security features in order to gain access to cancel all changes. This list will now be populated with the authentication building ...
...list will be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to... Setup list. Note: Certain building blocks-such as other network services. User credentials and group designations can be helpful to the printer Using security features in order to gain access to cancel all changes. This list will now be populated with the authentication building ...
Embedded Web Server Administrator's Guide
Page 20
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... the company or organization issuing the certificate is located (128-character maximum). • City Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... the company or organization issuing the certificate is located (128-character maximum). • City Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
... data in the Embedded Web Server 24 Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue? • Select Yes to schedule additional times for disk wiping, select Scheduled Disk Wiping. 4 Use the...). 6 Click Submit to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration (or Exit Config Menu). Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down arrow to confirm. Warning-Potential Damage: Do not power off the...
... data in the Embedded Web Server 24 Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue? • Select Yes to schedule additional times for disk wiping, select Scheduled Disk Wiping. 4 Use the...). 6 Click Submit to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration (or Exit Config Menu). Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down arrow to confirm. Warning-Potential Damage: Do not power off the...
Embedded Web Server Administrator's Guide
Page 25
..., you must be transmitted to a network syslog server for sending E-mail. Warning" is the lowest. Note: Steps 4 through 6 are stored on the destination server. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
..., you must be transmitted to a network syslog server for sending E-mail. Warning" is the lowest. Note: Steps 4 through 6 are stored on the destination server. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
Embedded Web Server Administrator's Guide
Page 26
... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Viewing or deleting the security audit log • To...be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the printer (in the Embedded Web Server 26 3 Type the Primary SMTP Gateway Port number of...
... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Viewing or deleting the security audit log • To...be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the printer (in the Embedded Web Server 26 3 Type the Primary SMTP Gateway Port number of...
Embedded Web Server Administrator's Guide
Page 27
... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure settings...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to settings marked with an asterisk (*) will be used in...
... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure settings...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to settings marked with an asterisk (*) will be used in...
Embedded Web Server Administrator's Guide
Page 29
...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ... to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book...
...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ... to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book...
Embedded Web Server Administrator's Guide
Page 30
... only when an Option Card with configuration options is installed in the creation or configuration of the Settings menu from the printer control panel. Appendix 30 When disabled, all network adaptor NPA settings change commands are ignored Protects access to the Operator ...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Controls access to manage certificates using...
... only when an Option Card with configuration options is installed in the creation or configuration of the Settings menu from the printer control panel. Appendix 30 When disabled, all network adaptor NPA settings change commands are ignored Protects access to the Operator ...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Controls access to manage certificates using...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31