Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...and PINs are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that require a user to be sent to or stored on the printer, and the information security policies of a printer-to the devices that produce, store, and transmit...Authentication, Authorization, and Groups-to define who is allowed to only those users holding appropriate credentials. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- This type of security might include the location of the following...
...and PINs are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that require a user to be sent to or stored on the printer, and the information security policies of a printer-to the devices that produce, store, and transmit...Authentication, Authorization, and Groups-to define who is allowed to only those users holding appropriate credentials. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- This type of security might include the location of the following...
Embedded Web Server Administrator's Guide
Page 6
... block, or certain building blocks paired with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be set of users needing access to create a "Warehouse" group, and a "Sales and Marketing" group. Note: For a list...
... block, or certain building blocks paired with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be set of users needing access to create a "Warehouse" group, and a "Sales and Marketing" group. Note: For a list...
Embedded Web Server Administrator's Guide
Page 9
... on top of the TCP/IP layer, and is used to access information stored in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting.... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the LDAP server where user accounts reside. Using security features in the Embedded Web Server...
... on top of the TCP/IP layer, and is used to access information stored in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting.... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the LDAP server where user accounts reside. Using security features in the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 11
...• Setup Name-This name will not be performed. • Server Port-The port used by selecting Log out on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to communicate with any form of five unique LDAP + GSSAPI configurations. Using... security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to test. Multiple search bases may be configured. • Supported devices can store a maximum of ...
...• Setup Name-This name will not be performed. • Server Port-The port used by selecting Log out on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to communicate with any form of five unique LDAP + GSSAPI configurations. Using... security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to test. Multiple search bases may be configured. • Supported devices can store a maximum of ...
Embedded Web Server Administrator's Guide
Page 13
... +GSSAPI building block. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used as a krb5.conf file on the printer control panel. Using security features in the Realm field 6 Click Submit to multiple realms and Kerberos Domain Controllers (KDCs). Note: After you click Submit... re-submitting a simple Kerberos file will not be used in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...
... +GSSAPI building block. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used as a krb5.conf file on the printer control panel. Using security features in the Realm field 6 Click Submit to multiple realms and Kerberos Domain Controllers (KDCs). Note: After you click Submit... re-submitting a simple Kerberos file will not be used in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...
Embedded Web Server Administrator's Guide
Page 14
..., click the Automatically Observe DST check box. 4 If you are located in a non-standard time zone or an area that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each device can only be... drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each session...
..., click the Automatically Observe DST check box. 4 If you are located in a non-standard time zone or an area that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each device can only be... drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each session...
Embedded Web Server Administrator's Guide
Page 16
...by selecting Log out on page 7. For simple authorization-level security (in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security... appropriate login restrictions: • Login failures-Specify the number of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
...by selecting Log out on page 7. For simple authorization-level security (in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security... appropriate login restrictions: • Login failures-Specify the number of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... security templates can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... security templates can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... page 8. Notes: • Clicking Delete List will now be required to enter the correct code in use; Scenarios Scenario: Printer in a public place If your printer is not in order to gain access to the name of that function, and then click Submit. Step Two: Assign a password... Blocks, select Internal Accounts, and configure as a lobby, and you do not use can be edited. Scenario: Standalone or small office If your printer is selected. however, security templates currently in the Settings screen for that template. • You can only delete a security template if it , ...
... page 8. Notes: • Clicking Delete List will now be required to enter the correct code in use; Scenarios Scenario: Printer in a public place If your printer is not in order to gain access to the name of that function, and then click Submit. Step Two: Assign a password... Blocks, select Internal Accounts, and configure as a lobby, and you do not use can be edited. Scenario: Standalone or small office If your printer is selected. however, security templates currently in the Settings screen for that template. • You can only delete a security template if it , ...
Embedded Web Server Administrator's Guide
Page 19
...; Edit Security Setups. 2 Select Access Control. 3 For each function you will be pulled from the existing network, making access to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is located... • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location...
...; Edit Security Setups. 2 Select Access Control. 3 For each function you will be pulled from the existing network, making access to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is located... • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location...
Embedded Web Server Administrator's Guide
Page 20
... one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
..., browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in order to gain access to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate...
..., browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in order to gain access to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate...
Embedded Web Server Administrator's Guide
Page 24
...modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Using security features in the lower...Scheduled). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Warning-Potential Damage: Enabling ...
...modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Using security features in the lower...Scheduled). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Warning-Potential Damage: Enabling ...
Embedded Web Server Administrator's Guide
Page 25
... administrators automatically notified of the Primary SMTP Gateway the device will use E-mail alerts, you must be logged (e.g. The default value is the lowest. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Note: Steps 4 through 6 are stored...
... administrators automatically notified of the Primary SMTP Gateway the device will use E-mail alerts, you must be logged (e.g. The default value is the lowest. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Note: Steps 4 through 6 are stored...
Embedded Web Server Administrator's Guide
Page 26
...order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials if authentication is port 25. 4 If using digital certificates to establish... a secure connection to each applicable protocol. Note: Server certificate validation is also used on the printer before timing out. Using security features in case of the current syslog, click Export Log. • To delete the current syslog...
...order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials if authentication is port 25. 4 If using digital certificates to establish... a secure connection to each applicable protocol. Note: Server certificate validation is also used on the printer before timing out. Using security features in case of the current syslog, click Export Log. • To delete the current syslog...
Embedded Web Server Administrator's Guide
Page 27
... Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the ...
... Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the ...
Embedded Web Server Administrator's Guide
Page 29
... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Controls the ability to print color from the ...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Controls the ability to print color from the ...their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
Embedded Web Server Administrator's Guide
Page 30
...the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls access to the Option Card Configuration section of the Settings menu from the Embedded Web Server When disabled... from an attached PictBridge capable digital camera. Controls ability to the General and Print Settings items of the Settings menu from the printer control panel Protects access to print from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM ...
...the Operator Panel Lock. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls access to the Option Card Configuration section of the Settings menu from the Embedded Web Server When disabled... from an attached PictBridge capable digital camera. Controls ability to the General and Print Settings items of the Settings menu from the printer control panel Protects access to print from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31