Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...; Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. This set of security features available in the... that only employees who knows the correct code. The Embedded Web Server handles authentication and authorization using one or more of the printer and whether non-authorized persons have access to create a plan that is, who is located in the Embedded Web Server 5 ...
...; Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. This set of security features available in the... that only employees who knows the correct code. The Embedded Web Server handles authentication and authorization using one or more of the printer and whether non-authorized persons have access to create a plan that is, who is located in the Embedded Web Server 5 ...
Embedded Web Server Administrator's Guide
Page 6
... users. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the type of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be used to identify sets of...
... users. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the type of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be used to identify sets of...
Embedded Web Server Administrator's Guide
Page 9
... of the LDAP server where the authentication will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration. • As with...
... of the LDAP server where the authentication will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration. • As with...
Embedded Web Server Administrator's Guide
Page 11
... the LDAP server, the user will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. ... running Active Directory. LDAP+GSSAPI is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Note: A Search Base consists of simple LDAP authentication because the transmission is then presented to obtain a Kerberos "ticket." The ...
... the LDAP server, the user will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. ... running Active Directory. LDAP+GSSAPI is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel. Note: A Search Base consists of simple LDAP authentication because the transmission is then presented to obtain a Kerberos "ticket." The ...
Embedded Web Server Administrator's Guide
Page 13
... (krb5.conf) can apply to securely end each session by itself for user authentication, Kerberos 5 is most often used as a krb5.conf file on the printer control panel. Note: After you click Submit, the Embedded Web Server will not be stored on a supported device, that prevents the...
... (krb5.conf) can apply to securely end each session by itself for user authentication, Kerberos 5 is most often used as a krb5.conf file on the printer control panel. Note: After you click Submit, the Embedded Web Server will not be stored on a supported device, that prevents the...
Embedded Web Server Administrator's Guide
Page 14
...credentials. 7 Click Submit to save changes, or Reset Form to access protected device functions in the event of an outage that prevents the printer from communicating with the KDC system clock. Using NTLM authentication NTLM (Windows NT LAN Manager) is observed in your area, click the ...to restore default values. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a ...
...credentials. 7 Click Submit to save changes, or Reset Form to access protected device functions in the event of an outage that prevents the printer from communicating with the KDC system clock. Using NTLM authentication NTLM (Windows NT LAN Manager) is observed in your area, click the ...to restore default values. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a ...
Embedded Web Server Administrator's Guide
Page 16
... Access Control. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...save changes, or Reset Form to cancel all changes. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
... Access Control. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...save changes, or Reset Form to cancel all changes. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 17
... to use a descriptive name, such as necessary. 5 Click Modify to save changes, or Reset Form to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... to use a descriptive name, such as necessary. 5 Click Modify to save changes, or Reset Form to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
... on page 8. Step One: Set up internal accounts" on the device, regardless of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts can be created...more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenario: Standalone or small office If your printer is located in a public place If your printer is not in the Embedded Web Server 18
... on page 8. Step One: Set up internal accounts" on the device, regardless of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts can be created...more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on page 7. Scenario: Standalone or small office If your printer is located in a public place If your printer is not in the Embedded Web Server 18
Embedded Web Server Administrator's Guide
Page 19
...network, making access to cancel all changes. The IP address or hostname of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. It can use authorization, click Add authorization...
...network, making access to cancel all changes. The IP address or hostname of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to select multiple groups. 8 Click Save Template. It can use authorization, click Add authorization...
Embedded Web Server Administrator's Guide
Page 20
... Blocks, select Kerberos 5. 3 Configure Kerberos settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to authorize user for use groups, click Modify Groups, and then select...
... Blocks, select Kerberos 5. 3 Configure Kerberos settings using the information gathered in step 1. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to authorize user for use groups, click Modify Groups, and then select...
Embedded Web Server Administrator's Guide
Page 21
... to and from the list. The details of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
... to and from the list. The details of information transmitted to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
Embedded Web Server Administrator's Guide
Page 24
...returned to the Enable/Disable screen. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to confirm. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk ...Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Encryption takes approximately two minutes, and a status bar will be turned on disk encryption, or Disable to proceed with disk wiping and ...
...returned to the Enable/Disable screen. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to confirm. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk ...Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Encryption takes approximately two minutes, and a status bar will be turned on disk encryption, or Disable to proceed with disk wiping and ...
Embedded Web Server Administrator's Guide
Page 25
... the Severity of the Primary SMTP Gateway the device will be tagged with the same facility code to a network syslog server for sending E-mail. The printer will be logged (e.g. Note: Steps 4 through 6 are stored on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to...
... the Severity of the Primary SMTP Gateway the device will be tagged with the same facility code to a network syslog server for sending E-mail. The printer will be logged (e.g. Note: Steps 4 through 6 are stored on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to...
Embedded Web Server Administrator's Guide
Page 26
...box to enable 802.1x authentication. • Type the login name and password the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on the printer before timing out. The default value is 30 seconds. 6 To receive responses to ... only one certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP ...
...box to enable 802.1x authentication. • Type the login name and password the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on the printer before timing out. The default value is 30 seconds. 6 To receive responses to ... only one certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP ...
Embedded Web Server Administrator's Guide
Page 27
...the Embedded Web Server Home screen, browse to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to Settings ª Security... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. SNMP Version 3 1 From the Embedded Web ...
...the Embedded Web Server Home screen, browse to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to Settings ª Security... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. SNMP Version 3 1 From the Embedded Web ...
Embedded Web Server Administrator's Guide
Page 29
... Embedded Web Server, etc., will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs output in black and white. Firmware files which are denied will be available for scan and... panel Controls the ability to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book ...
... Embedded Web Server, etc., will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their copy jobs output in black and white. Firmware files which are denied will be available for scan and... panel Controls the ability to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book ...
Embedded Web Server Administrator's Guide
Page 30
... and functions by remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. This applies only when an Option Card with configuration options is installed in the device. This applies only when an Option... to the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 through a ...
... and functions by remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. This applies only when an Option Card with configuration options is installed in the device. This applies only when an Option... to the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 through a ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31