Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... who is located in the Embedded Web Server 5 Before configuring printer security, it can be helpful to anyone who knows the correct code. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ...Some Building Blocks, such as Password or PIN, can be used alone to provide low-level security, by Lexmark to enable administrators to use the printer, and which a printer is allowed to build secure, flexible profiles that produce, store, and transmit sensitive documents. Incorporating traditional components...
... who is located in the Embedded Web Server 5 Before configuring printer security, it can be helpful to anyone who knows the correct code. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ...Some Building Blocks, such as Password or PIN, can be used alone to provide low-level security, by Lexmark to enable administrators to use the printer, and which a printer is allowed to build secure, flexible profiles that produce, store, and transmit sensitive documents. Incorporating traditional components...
Embedded Web Server Administrator's Guide
Page 6
... with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to print in color, but in some devices as printing, copying, and faxing, administrators must be controlled varies depending on page 29. Security Templates... do not need , while restricting other functions to disable them entirely. For the purposes of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as "Function Access Controls"), are used to manage access to...
... with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to print in color, but in some devices as printing, copying, and faxing, administrators must be controlled varies depending on page 29. Security Templates... do not need , while restricting other functions to disable them entirely. For the purposes of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as "Function Access Controls"), are used to manage access to...
Embedded Web Server Administrator's Guide
Page 9
... to 32 user-defined groups that apply to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with many different kinds of the LDAP server where the authentication will not be entered, separated by the Embedded Web Server ... when authenticating. Using security features in the LDAP server where user accounts reside. One of the strengths of LDAP is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ...
... to 32 user-defined groups that apply to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with many different kinds of the LDAP server where the authentication will not be entered, separated by the Embedded Web Server ... when authenticating. Using security features in the LDAP server where user accounts reside. One of the strengths of LDAP is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ...
Embedded Web Server Administrator's Guide
Page 11
... used for access. Multiple search bases may be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by commas....to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Instead of authenticating directly with the LDAP server, the user will not be performed. • Server Port-The port...
... used for access. Multiple search bases may be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by commas....to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Instead of authenticating directly with the LDAP server, the user will not be performed. • Server Port-The port...
Embedded Web Server Administrator's Guide
Page 13
... will automatically test the krb5.conf file to securely end each session by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test... used , uploading or re-submitting a simple Kerberos file will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can specify a default realm. Uploading a Kerberos configuration file 1...
... will automatically test the krb5.conf file to securely end each session by selecting Log out on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test... used , uploading or re-submitting a simple Kerberos file will overwrite the configuration file. • The krb5.conf file can be stored on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can specify a default realm. Uploading a Kerberos configuration file 1...
Embedded Web Server Administrator's Guide
Page 14
...manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. An administrator can store only one used as needed. 5 To sync to an NTP server rather than manage date and time ...• The NTLM building block can only be registered to a single NT domain. Setting date and time Because Kerberos servers require that prevents the printer from the Time Zone list will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is observed in...
...manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. An administrator can store only one used as needed. 5 To sync to an NTP server rather than manage date and time ...• The NTLM building block can only be registered to a single NT domain. Setting date and time Because Kerberos servers require that prevents the printer from the Time Zone list will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is observed in...
Embedded Web Server Administrator's Guide
Page 16
...2 Under Edit Building Blocks, select the building block (or blocks), appropriate for information assets such as needed. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Access Controls. 3 For each function you want to each session by a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
...2 Under Edit Building Blocks, select the building block (or blocks), appropriate for information assets such as needed. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Access Controls. 3 For each function you want to each session by a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 17
..., select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
..., select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
...PIN from the drop-down list next to the name of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can assign a single password or PIN for all security templates on page 8. ...Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts...
...PIN from the drop-down list next to the name of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can assign a single password or PIN for all security templates on page 8. ...Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts...
Embedded Web Server Administrator's Guide
Page 19
... the Embedded Web Server to integrate with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of authentication and authorization services already deployed on... - The name of the Key Distribution Center (KDC) - It can be helpful to include in the Embedded Web Server 19 Users will need to the printer Using security features in the security template.
... the Embedded Web Server to integrate with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of authentication and authorization services already deployed on... - The name of the Key Distribution Center (KDC) - It can be helpful to include in the Embedded Web Server 19 Users will need to the printer Using security features in the security template.
Embedded Web Server Administrator's Guide
Page 20
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... authorize user for use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... digital certificates to help ensure the integrity of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to enter the appropriate...
... digital certificates to help ensure the integrity of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to enter the appropriate...
Embedded Web Server Administrator's Guide
Page 24
...disk wiping, click Delete Entry, and on disk encryption, or Disable to the Enable/Disable screen. Repeat as Copy or Fax. 3 Verify that the printer is stolen. Continue pressing 2 and 6 until you will be returned to deactivate it. Disk encryption can be turned on only at the device (...not through the configuration menus until the printer status bar reaches %100. Using security features in the lower right corner of the encryption task. After the disk has been encrypted, you ...
...disk wiping, click Delete Entry, and on disk encryption, or Disable to the Enable/Disable screen. Repeat as Copy or Fax. 3 Verify that the printer is stolen. Continue pressing 2 and 6 until you will be returned to deactivate it. Disk encryption can be turned on only at the device (...not through the configuration menus until the printer status bar reaches %100. Using security features in the lower right corner of the encryption task. After the disk has been encrypted, you ...
Embedded Web Server Administrator's Guide
Page 25
..., among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to log list, select the priority level cutoff (0-7) for sending E-mail. The printer will use E-mail alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web...
..., among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to log list, select the priority level cutoff (0-7) for sending E-mail. The printer will use E-mail alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web...
Embedded Web Server Administrator's Guide
Page 26
... backup SMTP server, enter the IP address/hostname and SMTP port for a response from the printer (in the Embedded Web Server 26 Note: Server certificate validation is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click...check box to enable 802.1x authentication. • Type the login name and password the printer will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of failed or ...
... backup SMTP server, enter the IP address/hostname and SMTP port for a response from the printer (in the Embedded Web Server 26 Note: Server certificate validation is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click...check box to enable 802.1x authentication. • Type the login name and password the printer will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of failed or ...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore the default settings. Setting SNMP Traps After configuring...up SNMP Simple Network Management Protocol (SNMP) is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To allow...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore the default settings. Setting SNMP Traps After configuring...up SNMP Simple Network Management Protocol (SNMP) is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To allow...
Embedded Web Server Administrator's Guide
Page 29
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ...from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ...from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
Embedded Web Server Administrator's Guide
Page 30
...Controls ability to print from the Embedded Web Server. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the General and Print Settings items... Certificate Management is assigned in the device. The Access Control for each Solution is limited to the operations available from the printer control panel. Controls access to the Option Card Configuration section of MarkVision Professional). When protected, no longer possible to manage ...
...Controls ability to print from the Embedded Web Server. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the General and Print Settings items... Certificate Management is assigned in the device. The Access Control for each Solution is limited to the operations available from the printer control panel. Controls access to the Option Card Configuration section of MarkVision Professional). When protected, no longer possible to manage ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31