Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... the lobby or other building blocks that will need to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and ...GSSAPI • Kerberos 5 (used alone to as Common Access Cards, the printer will be individually identified, passwords and PINs are able to do. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that identifies who is also ...
... the lobby or other building blocks that will need to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and ...GSSAPI • Kerberos 5 (used alone to as Common Access Cards, the printer will be individually identified, passwords and PINs are able to do. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that identifies who is also ...
Embedded Web Server Administrator's Guide
Page 6
...to common device functions, while others require tighter security and role-based restrictions. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Security Templates Some scenarios call for each access...Embedded Web Server security, groups are used to identify sets of individual Access Controls and what they need to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 ...
...to common device functions, while others require tighter security and role-based restrictions. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Security Templates Some scenarios call for each access...Embedded Web Server security, groups are used to identify sets of individual Access Controls and what they need to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 ...
Embedded Web Server Administrator's Guide
Page 9
... server where user accounts reside. Note: A Search Base consists of databases without special integration, making it can store a maximum of an outage that prevents the printer from communicating with any form of authentication that it more flexible than other authentication methods. One of the strengths of LDAP is divided into four... ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel.
... server where user accounts reside. Note: A Search Base consists of databases without special integration, making it can store a maximum of an outage that prevents the printer from communicating with any form of authentication that it more flexible than other authentication methods. One of the strengths of LDAP is divided into four... ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that relies on the printer control panel.
Embedded Web Server Administrator's Guide
Page 11
Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+...: • LDAP+GSSAPI requires that Kerberos 5 also be able to access protected device functions in the event of an outage that relies on the printer control panel. Note: A Search Base consists of simple LDAP authentication because the transmission is then presented to obtain a Kerberos "ticket." Using security features...
Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+...: • LDAP+GSSAPI requires that Kerberos 5 also be able to access protected device functions in the event of an outage that relies on the printer control panel. Note: A Search Base consists of simple LDAP authentication because the transmission is then presented to obtain a Kerberos "ticket." Using security features...
Embedded Web Server Administrator's Guide
Page 13
... Kerberos 5 for use with LDAP+GSSAPI Though it is most often used in conjunction with any form of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...of authentication requests the Kerberos server might receive, and configure the krb5.conf file to save the information as a krb5.conf file on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
... Kerberos 5 for use with LDAP+GSSAPI Though it is most often used in conjunction with any form of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...of authentication requests the Kerberos server might receive, and configure the krb5.conf file to save the information as a krb5.conf file on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
Embedded Web Server Administrator's Guide
Page 14
... default values. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used in a security template only after a supported device has registered with the NTLM domain. ..." from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from the Time Zone drop-down list. Setting date and time Because Kerberos servers require that observes an alternate DST calendar, adjust the...
... default values. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used in a security template only after a supported device has registered with the NTLM domain. ..." from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from the Time Zone drop-down list. Setting date and time Because Kerberos servers require that observes an alternate DST calendar, adjust the...
Embedded Web Server Administrator's Guide
Page 16
...Web Server Home screen, browse to enter the correct code in the Embedded Web Server 16 Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...controlled by selecting Log out on page 7. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
...Web Server Home screen, browse to enter the correct code in the Embedded Web Server 16 Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...controlled by selecting Log out on page 7. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
Embedded Web Server Administrator's Guide
Page 17
... security features in the security template. Though the names of security templates must be populated with a unique name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... security features in the security template. Though the names of security templates must be populated with a unique name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... or PIN can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to prevent the general public from using it is not connected to a... Home screen, browse to devices, Internal Accounts can assign a single password or PIN for that code. Scenarios Scenario: Printer in a public place If your printer is not in the Embedded Web Server 18 Using security features in use an authentication server to grant users access to Settings...
... or PIN can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you wish to prevent the general public from using it is not connected to a... Home screen, browse to devices, Internal Accounts can assign a single password or PIN for that code. Scenarios Scenario: Printer in a public place If your printer is not in the Embedded Web Server 18 Using security features in use an authentication server to grant users access to Settings...
Embedded Web Server Administrator's Guide
Page 19
...Template. Note: Certain building blocks-such as other network services. Users will be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a ... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ...
...Template. Note: Certain building blocks-such as other network services. Users will be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a ... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ...
Embedded Web Server Administrator's Guide
Page 20
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
Embedded Web Server Administrator's Guide
Page 24
...takes approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit... to browse back to Settings ª Security ª Disk Wiping 5 Back on the following screen click Delete Entry again to confirm. Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to designate when disk wiping should...
...takes approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit... to browse back to Settings ª Security ª Disk Wiping 5 Back on the following screen click Delete Entry again to confirm. Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to designate when disk wiping should...
Embedded Web Server Administrator's Guide
Page 25
... address field, and then choose from the device will be tagged with the same facility code to aid in the Embedded Web Server 25 The printer will power-on reset, and then return to a device. Configuring security audit log settings The security audit log allows administrators to monitor security-related events...
... address field, and then choose from the device will be tagged with the same facility code to aid in the Embedded Web Server 25 The printer will power-on reset, and then return to a device. Configuring security audit log settings The security audit log allows administrators to monitor security-related events...
Embedded Web Server Administrator's Guide
Page 26
...Use Session E-mail address and Password, or Prompt user if authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to specify whether E-mail will recognize by clicking the...only one certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the ...
...Use Session E-mail address and Password, or Prompt user if authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to specify whether E-mail will recognize by clicking the...only one certificate has been installed, default will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to configure settings for conditions that warrant administrative attention. SNMP... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. Note: Changes made to settings marked with an asterisk (*) ...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to configure settings for conditions that warrant administrative attention. SNMP... network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. Note: Changes made to settings marked with an asterisk (*) ...
Embedded Web Server Administrator's Guide
Page 29
...the Embedded Web Server, etc., will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ...ability to on the printer control panel Protects access to print color from a flash drive Controls the ability to scan documents to a flash drive Controls access to the Scan to FTP...
...the Embedded Web Server, etc., will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ...ability to on the printer control panel Protects access to print color from a flash drive Controls the ability to scan documents to a flash drive Controls access to the Scan to FTP...
Embedded Web Server Administrator's Guide
Page 30
...from the Embedded Web Server. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the application or profile. Protects access to the Reports menu from ...protected, no longer possible to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls ability to print from the Embedded Web Server The Solution 1 through Solution 10 Access Controls can be assigned to ...
...from the Embedded Web Server. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the application or profile. Protects access to the Reports menu from ...protected, no longer possible to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls ability to print from the Embedded Web Server The Solution 1 through Solution 10 Access Controls can be assigned to ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31