Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... who the users will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today...
... who the users will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today...
Embedded Web Server Administrator's Guide
Page 6
...as "Function Access Controls"), are used to identify sets of users needing access to similar functions. Using security features in sales and marketing use color every day. For example, in Company A, employees in the warehouse do , see "Menu of a complex security environment. Access Controls By...scenarios call for each access control. Note: For a list of individual Access Controls and what they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to common device functions, while ...
...as "Function Access Controls"), are used to identify sets of users needing access to similar functions. Using security features in sales and marketing use color every day. For example, in Company A, employees in the warehouse do , see "Menu of a complex security environment. Access Controls By...scenarios call for each access control. Note: For a list of individual Access Controls and what they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to common device functions, while ...
Embedded Web Server Administrator's Guide
Page 9
...Access Protocol (LDAP) is the node in the LDAP server where user accounts reside. Note: A Search Base consists of authentication that prevents the printer from communicating with the LDAP server. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª..., or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used by the Embedded Web Server to communicate with the ...
...Access Protocol (LDAP) is the node in the LDAP server where user accounts reside. Note: A Search Base consists of authentication that prevents the printer from communicating with the LDAP server. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª..., or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used by the Embedded Web Server to communicate with the ...
Embedded Web Server Administrator's Guide
Page 11
... server, users will not be configured. • Supported devices can store a maximum of an outage that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Instead of authenticating directly with the LDAP server,... a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with any form ...
... server, users will not be configured. • Supported devices can store a maximum of an outage that relies on the printer control panel. Using security features in the LDAP server where user accounts reside. Instead of authenticating directly with the LDAP server,... a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with any form ...
Embedded Web Server Administrator's Guide
Page 13
... stored on an external server, users will overwrite the configuration file. • The krb5.conf file can be used by selecting Log out on the printer control panel. However, if a realm is not specified in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file... selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the LDAP +GSSAPI building block.
... stored on an external server, users will overwrite the configuration file. • The krb5.conf file can be used by selecting Log out on the printer control panel. However, if a realm is not specified in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file... selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the LDAP +GSSAPI building block.
Embedded Web Server Administrator's Guide
Page 14
...the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used as needed. 5 To sync to automatically sync with a trusted clock-typically ...across a network in sync or closely aligned with the KDC system clock. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in the Embedded Web Server 14 Using ...
...the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used as needed. 5 To sync to automatically sync with a trusted clock-typically ...across a network in sync or closely aligned with the KDC system clock. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in the Embedded Web Server 14 Using ...
Embedded Web Server Administrator's Guide
Page 16
... Control), can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... that function. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
... Control), can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... that function. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... function. 4 Click Submit to save changes, or Cancel to retain previously configured values. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... function. 4 Click Submit to save changes, or Cancel to retain previously configured values. Users will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... Internal Accounts can be protected, and then: 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenarios Scenario: Printer in use ; Using security features in order to gain access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks,... to protect individual functions. Step One: Set up internal accounts" on page 7. however, security templates currently in a public place If your printer is not connected to a network, or you wish to prevent the general public from the list, and then click Delete Entry in the ...
... Internal Accounts can be protected, and then: 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenarios Scenario: Printer in use ; Using security features in order to gain access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks,... to protect individual functions. Step One: Set up internal accounts" on page 7. however, security templates currently in a public place If your printer is not connected to a network, or you wish to prevent the general public from the list, and then click Delete Entry in the ...
Embedded Web Server Administrator's Guide
Page 19
...IP address or hostname of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _...Web Server to integrate with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in order to gain access to cancel all changes. The KDC port - Hold down list next to select multiple groups...
...IP address or hostname of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _...Web Server to integrate with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in order to gain access to cancel all changes. The KDC port - Hold down list next to select multiple groups...
Embedded Web Server Administrator's Guide
Page 20
... setup. 6 Click Add authorization, and then select the name given to use with LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... setup. 6 Click Add authorization, and then select the name given to use with LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
Embedded Web Server Administrator's Guide
Page 24
...scheduled settings, modify the time and day as needed to schedule additional times for disk wiping. Using security features in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the encryption task. When...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. This takes approximately one minute. After the disk has been encrypted, you will be returned to proceed with disk wiping and encryption....
...scheduled settings, modify the time and day as needed to schedule additional times for disk wiping. Using security features in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the encryption task. When...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. This takes approximately one minute. After the disk has been encrypted, you will be returned to proceed with disk wiping and encryption....
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on reset, and then return to a device. Configuring security audit log settings The security audit log allows administrators to monitor security-related events ...
The printer will power-on reset, and then return to a device. Configuring security audit log settings The security audit log allows administrators to monitor security-related events ...
Embedded Web Server Administrator's Guide
Page 26
... to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to each applicable protocol. Note: Server certificate validation is also used on the... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings. 3...
... to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to each applicable protocol. Note: Server certificate validation is also used on the... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings. 3...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 29
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ...from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
... not be ignored (flushed) when this function is protected. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware ...from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the...
Embedded Web Server Administrator's Guide
Page 30
... using remote management tools. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls access to installed eSF applications and/or profiles created by incoming print jobs are ignored. The Access ...Control for each Solution is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration item of the...
... using remote management tools. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls access to installed eSF applications and/or profiles created by incoming print jobs are ignored. The Access ...Control for each Solution is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration item of the...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31