Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...anyone who you are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that will no longer be sent to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs ...other building blocks that only employees who know the password or PIN are available to a user who is allowed to use the printer. The Embedded Web Server handles authentication and authorization using one or more of the following, also referred to access. Using security ...
...anyone who you are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that will no longer be sent to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs ...other building blocks that only employees who know the password or PIN are available to a user who is allowed to use the printer. The Embedded Web Server handles authentication and authorization using one or more of the following, also referred to access. Using security ...
Embedded Web Server Administrator's Guide
Page 6
... authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be able to combine these components in some multifunction printers, over 40 individual menus and functions can be set of a complex security environment. Individually, building blocks, groups, and access controls may not meet the needs...
... authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be able to combine these components in some multifunction printers, over 40 individual menus and functions can be set of a complex security environment. Individually, building blocks, groups, and access controls may not meet the needs...
Embedded Web Server Administrator's Guide
Page 9
... name. • Administrators can create up to 32 user-defined groups that apply to each session by selecting Log out on the printer control panel. The default LDAP port is the node in the Embedded Web Server 9 One of the strengths of databases without special integration...the LDAP server where the authentication will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration...
... name. • Administrators can create up to 32 user-defined groups that apply to each session by selecting Log out on the printer control panel. The default LDAP port is the node in the Embedded Web Server 9 One of the strengths of databases without special integration...the LDAP server where the authentication will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration...
Embedded Web Server Administrator's Guide
Page 11
...access. This ticket is the node in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to the LDAP server using Generic... Security Services Application Programming Interface (GSSAPI) instead of an outage that prevents the printer from communicating with any form of authentication that Kerberos 5 also be configured. • Supported devices can store a maximum of the LDAP ...
...access. This ticket is the node in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to the LDAP server using Generic... Security Services Application Programming Interface (GSSAPI) instead of an outage that prevents the printer from communicating with any form of authentication that Kerberos 5 also be configured. • Supported devices can store a maximum of the LDAP ...
Embedded Web Server Administrator's Guide
Page 13
An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that ... by the Kerberos server in the Embedded Web Server 13 Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional.
An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that ... by the Kerberos server in the Embedded Web Server 13 Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional.
Embedded Web Server Administrator's Guide
Page 14
...calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that relies on the printer control panel. An administrator can store only one used by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to securely end...with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from the Time Zone drop-down list. Notes: • The NTLM building block can only be updated manually, or set to use the "...
...calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that relies on the printer control panel. An administrator can store only one used by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to securely end...with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from the Time Zone drop-down list. Notes: • The NTLM building block can only be updated manually, or set to use the "...
Embedded Web Server Administrator's Guide
Page 16
... Submit to save changes, or Reset Form to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...Controls, select Access Controls. 3 For each Access Control. Only one method of the selections available in the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
... Submit to save changes, or Reset Form to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...Controls, select Access Controls. 3 For each Access Control. Only one method of the selections available in the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
Embedded Web Server Administrator's Guide
Page 17
..., click Add authorization, and then select a building block from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
..., click Add authorization, and then select a building block from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...up individual user accounts 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenarios Scenario: Printer in a public place If your printer is selected. Step One: Set up internal accounts" on page 8. For more codes, determine which one or more information on... password or PIN can access any functions protected by that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in the Embedded Web Server 18 Users will delete all authorized users of which device ...
...up individual user accounts 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenarios Scenario: Printer in a public place If your printer is selected. Step One: Set up internal accounts" on page 8. For more codes, determine which one or more information on... password or PIN can access any functions protected by that function, and then click Submit. Scenario: Standalone or small office If your printer is not in use; however, security templates currently in the Embedded Web Server 18 Users will delete all authorized users of which device ...
Embedded Web Server Administrator's Guide
Page 19
...krb5.conf file) • If creating a Simple Kerberos Setup: - Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location... services. It can be helpful to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the security template. The name of the Key Distribution Center (KDC) - User credentials and group designations...
...krb5.conf file) • If creating a Simple Kerberos Setup: - Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location... services. It can be helpful to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the security template. The name of the Key Distribution Center (KDC) - User credentials and group designations...
Embedded Web Server Administrator's Guide
Page 20
... Add an LDAP+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Add an LDAP+GSSAPI Setup. 4 Configure LDAP+GSSAPI settings using the information gathered in step 1. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... want to protect, select the newly created security template from the drop-down list next to the name of that conforms to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
... want to protect, select the newly created security template from the drop-down list next to the name of that conforms to and from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
Embedded Web Server Administrator's Guide
Page 24
.... 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...Configuration (or Exit Config Menu). Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Warning-Potential Damage:...
.... 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...Configuration (or Exit Config Menu). Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Warning-Potential Damage:...
Embedded Web Server Administrator's Guide
Page 25
... network monitoring or intrusion detection software. if level "4 - The default value is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 By default, security...
... network monitoring or intrusion detection software. if level "4 - The default value is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 By default, security...
Embedded Web Server Administrator's Guide
Page 26
...Use Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. Note: If using digital certificates to establish a secure connection to specify whether E-mail will wait for that server... of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To ...
...Use Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. Note: If using digital certificates to establish a secure connection to specify whether E-mail will wait for that server... of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ...SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
Embedded Web Server Administrator's Guide
Page 29
...their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their print jobs output in the Embedded Web Server Controls the...to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...from the printer control panel Controls the ability to create new bookmarks from any installed eSF applications ...
...their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their print jobs output in the Embedded Web Server Controls the...to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...from the printer control panel Controls the ability to create new bookmarks from any installed eSF applications ...
Embedded Web Server Administrator's Guide
Page 30
... Settings menu from the Embedded Web Server When disabled, all device settings changes requested by LDSS. Controls ability to print from the printer control panel and Embedded Web Server. Controls the ability to release (print) Held Faxes. Certificate Management is limited to the operations...at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...
... Settings menu from the Embedded Web Server When disabled, all device settings changes requested by LDSS. Controls ability to print from the printer control panel and Embedded Web Server. Controls the ability to release (print) Held Faxes. Certificate Management is limited to the operations...at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31