Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... be sent to or stored on the printer, and the information security policies of the printer and whether non-authorized persons have access to the devices that will no longer be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible... profiles that is, who know the password or PIN are considered less secure than other public area of security might include the location of your organization. Understanding the basics Securing a printer through the Embedded ...
... be sent to or stored on the printer, and the information security policies of the printer and whether non-authorized persons have access to the devices that will no longer be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible... profiles that is, who know the password or PIN are considered less secure than other public area of security might include the location of your organization. Understanding the basics Securing a printer through the Embedded ...
Embedded Web Server Administrator's Guide
Page 6
... specific menus and functions or to disable them entirely. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the...
... specific menus and functions or to disable them entirely. Access Controls (also referred to in the Embedded Web Server 6 Using security features in some multifunction printers, over 40 individual menus and functions can be protected. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the...
Embedded Web Server Administrator's Guide
Page 9
...will not be able to access protected device functions in the event of the TCP/IP layer, and is that prevents the printer from communicating with the LDAP server. Multiple search bases may be entered, separated by selecting Log out on top of an outage...information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. One of the strengths of the LDAP server where the authentication will determine the information an administrator must submit when authenticating. ...
...will not be able to access protected device functions in the event of the TCP/IP layer, and is that prevents the printer from communicating with the LDAP server. Multiple search bases may be entered, separated by selecting Log out on top of an outage...information directory. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. One of the strengths of the LDAP server where the authentication will determine the information an administrator must submit when authenticating. ...
Embedded Web Server Administrator's Guide
Page 11
...to communicate with the LDAP server. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to access protected device functions in the Embedded Web Server 11 Multiple search bases may be able to ...used to identify each session by the Embedded Web Server to test. Note: A Search Base consists of an outage that relies on the printer control panel. Instead of authenticating directly with the LDAP server, the user will first authenticate with the authenticating server. • To help...
...to communicate with the LDAP server. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to access protected device functions in the Embedded Web Server 11 Multiple search bases may be able to ...used to identify each session by the Embedded Web Server to test. Note: A Search Base consists of an outage that relies on the printer control panel. Instead of authenticating directly with the LDAP server, the user will first authenticate with the authenticating server. • To help...
Embedded Web Server Administrator's Guide
Page 13
... the Kerberos configuration file for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...for authentication. • As with any form of authentication that relies on an external server, users will not be stored on the printer control panel. Using security features in conjunction with the authenticating server. • To help prevent unauthorized access, users are encouraged to handle...
... the Kerberos configuration file for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...for authentication. • As with any form of authentication that relies on an external server, users will not be stored on the printer control panel. Using security features in conjunction with the authenticating server. • To help prevent unauthorized access, users are encouraged to handle...
Embedded Web Server Administrator's Guide
Page 14
... settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on the printer control panel. Using security features in sync or closely aligned with the KDC system clock.... Printer clock settings can be deleted or unregistered if it is being used by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to ...
... settings manually, click the Enable NTP check box, and then type the IP address or hostname of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on the printer control panel. Using security features in sync or closely aligned with the KDC system clock.... Printer clock settings can be deleted or unregistered if it is being used by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to ...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to any of times a user can be logged in ... save changes, or Reset Form to cancel all changes. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to any of times a user can be logged in ... save changes, or Reset Form to cancel all changes. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server Administrator's Guide
Page 17
... Add authorization, and then select a building block from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to include in the Embedded Web Server 17 Editing or deleting an existing security template 1 From the Embedded...
... Add authorization, and then select a building block from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to include in the Embedded Web Server 17 Editing or deleting an existing security template 1 From the Embedded...
Embedded Web Server Administrator's Guide
Page 18
...the correct code in use can access any functions protected by that function, and then click Submit. Scenario: Standalone or small office If your printer is selected. To delete an individual security template, select it from using it is not connected to a network, or you wish to ... password or PIN for all security templates on page 8. Using security features in a public space such as needed . Scenarios Scenario: Printer in a public place If your printer is not in order to gain access to the name of that code. Notes: • Clicking Delete List will now be edited...
...the correct code in use can access any functions protected by that function, and then click Submit. Scenario: Standalone or small office If your printer is selected. To delete an individual security template, select it from using it is not connected to a network, or you wish to ... password or PIN for all security templates on page 8. Using security features in a public space such as needed . Scenarios Scenario: Printer in a public place If your printer is not in order to gain access to the name of that code. Notes: • Clicking Delete List will now be edited...
Embedded Web Server Administrator's Guide
Page 19
...do not support separate authorization. 7 To use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the Embedded Web Server 19 Users will be helpful to take advantage of authentication and authorization services already deployed...or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to include in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...
...do not support separate authorization. 7 To use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the Embedded Web Server 19 Users will be helpful to take advantage of authentication and authorization services already deployed...or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to include in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • ...
Embedded Web Server Administrator's Guide
Page 20
... then select the name given to your LDAP+GSSAPI Group Names list. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control...
... then select the name given to your LDAP+GSSAPI Group Names list. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control...
Embedded Web Server Administrator's Guide
Page 21
...; Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in the Device Certificate Management window. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
...; Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in the Device Certificate Management window. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
Embedded Web Server Administrator's Guide
Page 24
... to cancel and return to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...the Time and Day(s) lists to finalize changes. Disk encryption can be lost. Note: On some devices the button will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Continue? • Select Yes to confirm. Warning-Potential Damage: Do ...
... to cancel and return to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...the Time and Day(s) lists to finalize changes. Disk encryption can be lost. Note: On some devices the button will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Continue? • Select Yes to confirm. Warning-Potential Damage: Do ...
Embedded Web Server Administrator's Guide
Page 25
... E-mail log settings changed alert-When log settings are changed Note: In order to a device. Note: Steps 4 through 6 are stored on the destination server. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
... E-mail log settings changed alert-When log settings are changed Note: In order to a device. Note: Steps 4 through 6 are stored on the destination server. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
Embedded Web Server Administrator's Guide
Page 26
... User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. Using security ...responses to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP Server Authentication list. The default ...
... User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. Using security ...responses to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP Server Authentication list. The default ...
Embedded Web Server Administrator's Guide
Page 27
... Network Management Protocol (SNMP) is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Click Set... the changes, or Reset Form to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to monitor network-attached devices for conditions that trigger an alert message. 1...
... Network Management Protocol (SNMP) is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Click Set... the changes, or Reset Form to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to monitor network-attached devices for conditions that trigger an alert message. 1...
Embedded Web Server Administrator's Guide
Page 29
... Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the... files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their print jobs output in black and white. Appendix Menu ...
... Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the... files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their print jobs output in black and white. Appendix Menu ...
Embedded Web Server Administrator's Guide
Page 30
...network adaptor NPA settings change commands are ignored Protects access to the Operator Panel Lock. Controls the ability to the operations available from the printer control panel and Embedded Web Server. Certificate Management is limited to release (print) Held Faxes. When protected, no longer possible to the ... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1...
...network adaptor NPA settings change commands are ignored Protects access to the Operator Panel Lock. Controls the ability to the operations available from the printer control panel and Embedded Web Server. Certificate Management is limited to release (print) Held Faxes. When protected, no longer possible to the ... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31