Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...user (that will no longer be and what they require, while limiting access to sensitive printer functions or outputs to the devices that only employees who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will... need to be sent to as Password or PIN, can use the printer. Because anyone who you are). Authentication and...
...user (that will no longer be and what they require, while limiting access to sensitive printer functions or outputs to the devices that only employees who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will... need to be sent to as Password or PIN, can use the printer. Because anyone who you are). Authentication and...
Embedded Web Server Administrator's Guide
Page 6
... accommodate users in different groups needing access to combine these components in sales and marketing use color every day. Using security features in some multifunction printers, over 40 individual menus and functions can be set of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication only...
... accommodate users in different groups needing access to combine these components in sales and marketing use color every day. Using security features in some multifunction printers, over 40 individual menus and functions can be set of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication only...
Embedded Web Server Administrator's Guide
Page 9
...security features in the Embedded Web Server 9 The default LDAP port is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...-such as the information a user must submit when authenticating. Note: A Search Base consists of an outage that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is 389. • Use SSL/TLS-From the drop-down menu select ...
...security features in the Embedded Web Server 9 The default LDAP port is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...-such as the information a user must submit when authenticating. Note: A Search Base consists of an outage that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is 389. • Use SSL/TLS-From the drop-down menu select ...
Embedded Web Server Administrator's Guide
Page 11
Multiple search bases may be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when ... server where user accounts reside. This ticket is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel.
Multiple search bases may be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when ... server where user accounts reside. This ticket is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel.
Embedded Web Server Administrator's Guide
Page 13
..., the Embedded Web Server will not be used by itself for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to access protected device functions in the KDC... types of the port (between 1-88) used as a krb5.conf file on the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
..., the Embedded Web Server will not be used by itself for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to access protected device functions in the KDC... types of the port (between 1-88) used as a krb5.conf file on the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
Embedded Web Server Administrator's Guide
Page 14
...box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Using security features in YYYY-MM-DD HH:MM format, and then choose from the Time Zone drop-down list. Notes:...supported device because each device can only be registered to restore default values. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or...
...box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Using security features in YYYY-MM-DD HH:MM format, and then choose from the Time Zone drop-down list. Notes:...supported device because each device can only be registered to restore default values. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or...
Embedded Web Server Administrator's Guide
Page 16
... long a user may be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access... Access Controls. 3 For each function you want to specific device functions using a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
... long a user may be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access... Access Controls. 3 For each function you want to specific device functions using a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
... Server Home screen, browse to 140 security templates. Though the names of security templates must be populated with a unique name of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to Settings ª Security ª Edit Security Setups...
... Server Home screen, browse to 140 security templates. Though the names of security templates must be populated with a unique name of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do, see "Menu of up to Settings ª Security ª Edit Security Setups...
Embedded Web Server Administrator's Guide
Page 18
... configure as needed . Step Two: Assign a password or PIN to each function you wish to be edited. Scenarios Scenario: Printer in a public place If your printer is not in the Settings screen for authentication, authorization, or both. Administrators can assign a single password or PIN for all ..., see the relevant section(s) under "Configuring building blocks" on the device, regardless of that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from the drop-down list...
... configure as needed . Step Two: Assign a password or PIN to each function you wish to be edited. Scenarios Scenario: Printer in a public place If your printer is not in the Settings screen for authentication, authorization, or both. Administrators can assign a single password or PIN for all ..., see the relevant section(s) under "Configuring building blocks" on the device, regardless of that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from the drop-down list...
Embedded Web Server Administrator's Guide
Page 19
... be helpful to use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to...advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. Users will be pulled from the Authorization Setup...
... be helpful to use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to...advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. Users will be pulled from the Authorization Setup...
Embedded Web Server Administrator's Guide
Page 20
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to 128 characters. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web ...
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to 128 characters. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web ...
Embedded Web Server Administrator's Guide
Page 21
... name of the company or organization issuing the certificate (128-character maximum). • Unit Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use of digital certificates to help ensure the integrity...
... name of the company or organization issuing the certificate (128-character maximum). • Unit Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use of digital certificates to help ensure the integrity...
Embedded Web Server Administrator's Guide
Page 24
...times for disk wiping. Note: On some devices the button will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... finish, press Back, and then Exit Configuration (or Exit Config Menu). 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the lower right...
...times for disk wiping. Note: On some devices the button will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... finish, press Back, and then Exit Configuration (or Exit Config Menu). 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the lower right...
Embedded Web Server Administrator's Guide
Page 25
... changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to a device. The printer will use E-mail alerts, you must be logged to on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded...
... changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to a device. The printer will use E-mail alerts, you must be logged to on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded...
Embedded Web Server Administrator's Guide
Page 26
..., or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the... printer will use . Using security features in case of the security certificate on the printer before timing out. Note: Server certificate validation is port 25. 4 If using a secondary or backup ...
..., or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the... printer will use . Using security features in case of the security certificate on the printer before timing out. Note: Server certificate validation is port 25. 4 If using a secondary or backup ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 29
... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending ...
... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending ...
Embedded Web Server Administrator's Guide
Page 30
... Paper menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded...as MarkVisionTM Professional. The Access Control for each Solution is assigned in the device. Protects access to the Paper menu from the printer control panel and Embedded Web Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to the ...
... Paper menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from the Embedded...as MarkVisionTM Professional. The Access Control for each Solution is assigned in the device. Protects access to the Paper menu from the printer control panel and Embedded Web Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to the ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31