Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...might be and what they require, while limiting access to sensitive printer functions or outputs to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ... templates are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that is located in the document security chain. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components-...
...might be and what they require, while limiting access to sensitive printer functions or outputs to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ... templates are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that is located in the document security chain. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components-...
Embedded Web Server Administrator's Guide
Page 6
... the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls By default, all users the functions they need to print in color, but in different groups needing access to common device functions, while others require tighter security and role-based restrictions. Note: For ...can be protected. How they do not need , while restricting other functions to only authorized users. Using security features in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to identify sets of users needing access to...
... the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls By default, all users the functions they need to print in color, but in different groups needing access to common device functions, while others require tighter security and role-based restrictions. Note: For ...can be protected. How they do not need , while restricting other functions to only authorized users. Using security features in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to identify sets of users needing access to...
Embedded Web Server Administrator's Guide
Page 9
...separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure ...user credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log ...
...separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure ...user credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log ...
Embedded Web Server Administrator's Guide
Page 11
...be able to test. Instead of five unique LDAP + GSSAPI configurations. Note: A Search Base consists of an outage that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+...GSSAPI requires that relies on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." The default LDAP port is 389. • ...
...be able to test. Instead of five unique LDAP + GSSAPI configurations. Note: A Search Base consists of an outage that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Notes: • LDAP+...GSSAPI requires that relies on the printer control panel. Using LDAP+GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." The default LDAP port is 389. • ...
Embedded Web Server Administrator's Guide
Page 13
...the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ...reset the field and search for the selected device is functional. However, if a realm is most often used by selecting Log out on the printer control panel. An administrator must thus anticipate the different types of an outage that the Kerberos configuration file for a new configuration file. Note:...
...the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ...reset the field and search for the selected device is functional. However, if a realm is most often used by selecting Log out on the printer control panel. An administrator must thus anticipate the different types of an outage that the Kerberos configuration file for a new configuration file. Note:...
Embedded Web Server Administrator's Guide
Page 14
... the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time... Zone drop-down list. Instead of a user's password across a network in the Embedded Web Server 14 Printer clock settings can only be registered to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting...
... the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time... Zone drop-down list. Instead of a user's password across a network in the Embedded Web Server 14 Printer clock settings can only be registered to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting...
Embedded Web Server Administrator's Guide
Page 16
... will now be assigned to each function you want to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to securely end...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
... will now be assigned to each function you want to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to securely end...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
... and Pins-do , see "Menu of Access Controls" on the device. Hold down list next to the name of that have been configured on the printer control panel. • For a list of up to 128 characters to create a security template. Using security features in the security template. It can be required...
... and Pins-do , see "Menu of Access Controls" on the device. Hold down list next to the name of that have been configured on the printer control panel. • For a list of up to 128 characters to create a security template. Using security features in the security template. It can be required...
Embedded Web Server Administrator's Guide
Page 18
...enter the correct code in order to gain access to a function controlled by that code. however, security templates currently in a public place If your printer is not connected to a network, or you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select...any functions protected by that code. Administrators can provide simple protection right at the device. Scenario: Standalone or small office If your printer is that function, and then click Submit. The key to remember is located in the Embedded Web Server 18 To delete an ...
...enter the correct code in order to gain access to a function controlled by that code. however, security templates currently in a public place If your printer is not connected to a network, or you wish to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select...any functions protected by that code. Administrators can provide simple protection right at the device. Scenario: Standalone or small office If your printer is that function, and then click Submit. The key to remember is located in the Embedded Web Server 18 To delete an ...
Embedded Web Server Administrator's Guide
Page 19
...Kerberos file on the device. User credentials and group designations can be pulled from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 The KDC port - It can be helpful to integrate with the authorization ...security template. Users will now be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _ ...
...Kerberos file on the device. User credentials and group designations can be pulled from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 The KDC port - It can be helpful to integrate with the authorization ...security template. Users will now be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _ ...
Embedded Web Server Administrator's Guide
Page 20
... Settings 1 From the Embedded Web Server Home screen, browse to 128 characters. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Settings 1 From the Embedded Web Server Home screen, browse to 128 characters. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... template from the drop-down list next to the name of that conforms to RFC 2459. Users will now be required to and from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
... template from the drop-down list next to the name of that conforms to RFC 2459. Users will now be required to and from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
Embedded Web Server Administrator's Guide
Page 24
...additional times for disk wiping. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, ...Server 24 Repeat as needed to confirm. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª ...
...additional times for disk wiping. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, ...Server 24 Repeat as needed to confirm. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Changing or deleting scheduled disk wiping 1 From the Embedded Web Server Home screen, browse to Settings ª ...
Embedded Web Server Administrator's Guide
Page 25
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
Embedded Web Server Administrator's Guide
Page 26
...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing ..., or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of seconds (5-30) the device will recognize by clicking the ...
...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing ..., or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for that server. 5 For SMTP Timeout, type the number of seconds (5-30) the device will recognize by clicking the ...
Embedded Web Server Administrator's Guide
Page 27
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which alerts...
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which alerts...
Embedded Web Server Administrator's Guide
Page 29
... black and white. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan ...in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from a flash drive. Controls the ability to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
... black and white. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan ...in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from a flash drive. Controls the ability to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Embedded Web Server Administrator's Guide
Page 30
...menu from the Embedded Web Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). Certificate Management is no...attached PictBridge capable digital camera. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device ...
...menu from the Embedded Web Server. When disabled, all network adaptor NPA settings change commands are ignored Protects access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). Certificate Management is no...attached PictBridge capable digital camera. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31