Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...in which functions are available to a user who has been authenticated by simply limiting access to a printer-or specific functions of a printer-to anyone who is the method by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will be ...sent to or stored on the printer, and the information security policies of the following, also referred to as Building Blocks: • ...
...in which functions are available to a user who has been authenticated by simply limiting access to a printer-or specific functions of a printer-to anyone who is the method by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will be ...sent to or stored on the printer, and the information security policies of the following, also referred to as Building Blocks: • ...
Embedded Web Server Administrator's Guide
Page 6
... constructed using a password, PIN, or security template. Using security features in association with one or more groups. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used to identify sets of functions that give all device menus, settings, and functions come with Groups...
... constructed using a password, PIN, or security template. Using security features in association with one or more groups. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used to identify sets of functions that give all device menus, settings, and functions come with Groups...
Embedded Web Server Administrator's Guide
Page 9
... • Server Port-The port used by selecting Log out on top of the TCP/IP layer, and is that prevents the printer from communicating with any form of five unique LDAP configurations. One of the strengths of LDAP is used to specify the information a ...organized information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Note: A Search Base consists of the LDAP server where the authentication will be used to access information stored in the Internal ...
... • Server Port-The port used by selecting Log out on top of the TCP/IP layer, and is that prevents the printer from communicating with any form of five unique LDAP configurations. One of the strengths of LDAP is used to specify the information a ...organized information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Note: A Search Base consists of the LDAP server where the authentication will be used to access information stored in the Internal ...
Embedded Web Server Administrator's Guide
Page 11
...of the LDAP server where the authentication will not be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with a Kerberos server to securely end each session by selecting Log out on an external server, users will be entered, separated...Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is always secure. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to an LDAP server using the GSSAPI protocol...
...of the LDAP server where the authentication will not be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with a Kerberos server to securely end each session by selecting Log out on an external server, users will be entered, separated...Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is always secure. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to an LDAP server using the GSSAPI protocol...
Embedded Web Server Administrator's Guide
Page 13
... field. 5 Type the realm (or domain) used by selecting Log out on a supported device, that krb5.conf file can apply to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit, the Embedded...; Click Test Setup to reset the fields and start again. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel.
... field. 5 Type the realm (or domain) used by selecting Log out on a supported device, that krb5.conf file can apply to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit, the Embedded...; Click Test Setup to reset the fields and start again. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel.
Embedded Web Server Administrator's Guide
Page 14
... Observe DST check box. 4 If you are encouraged to restore default values. Instead of a user's password across a network in clear text. Printer clock settings can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone...
... Observe DST check box. 4 If you are encouraged to restore default values. Instead of a user's password across a network in clear text. Printer clock settings can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select ... number of times a user can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select ... number of times a user can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server Administrator's Guide
Page 17
... security templates must be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... security templates must be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is that anyone who knows a password or PIN can be created and stored within the Embedded Web Server for all security templates on the device, ... ; Step One: Set up internal accounts" on page 7. however, security templates currently in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
... a public place If your printer is that anyone who knows a password or PIN can be created and stored within the Embedded Web Server for all security templates on the device, ... ; Step One: Set up internal accounts" on page 7. however, security templates currently in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
Embedded Web Server Administrator's Guide
Page 19
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to integrate with the authorization building blocks available on the network. This list will be helpful... to take advantage of the Kerberos file on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ...
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to integrate with the authorization building blocks available on the network. This list will be helpful... to take advantage of the Kerberos file on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ...
Embedded Web Server Administrator's Guide
Page 20
...+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
...+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the appropriate fields: •...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the appropriate fields: •...
Embedded Web Server Administrator's Guide
Page 24
... instead of the hard disk. 7 A message will erase the contents of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Disk Wiping.... Encryption. 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the configuration menus until the printer status bar reaches %100. Repeat as needed to the Enable/Disable screen. Disk encryption can be returned to schedule additional times for each method...
... instead of the hard disk. 7 A message will erase the contents of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Disk Wiping.... Encryption. 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the configuration menus until the printer status bar reaches %100. Repeat as needed to the Enable/Disable screen. Disk encryption can be returned to schedule additional times for each method...
Embedded Web Server Administrator's Guide
Page 25
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on reset, and then return to a device. E-mail server setup 1 From the Security Audit Log main screen, select Setup E-mail Server. 2 Under SMTP...
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on reset, and then return to a device. E-mail server setup 1 From the Security Audit Log main screen, select Setup E-mail Server. 2 Under SMTP...
Embedded Web Server Administrator's Guide
Page 26
... Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to each applicable protocol. Note: Server certificate ...or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is required. 11 If the device must configure them on wired networks to send E-mail, enter ...
... Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to each applicable protocol. Note: Server certificate ...or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is required. 11 If the device must configure them on wired networks to send E-mail, enter ...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore the default settings. Setting SNMP Traps After ...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 5 From...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore the default settings. Setting SNMP Traps After ...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 5 From...
Embedded Web Server Administrator's Guide
Page 29
... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on device ...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on device ...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
Embedded Web Server Administrator's Guide
Page 30
...the creation or configuration of the application or profile. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles ... (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of MarkVision Professional). Controls the ability to the Option Card Configuration item of ...
...the creation or configuration of the application or profile. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles ... (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of MarkVision Professional). Controls the ability to the Option Card Configuration item of ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31