Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that is also referred to do. Authorization specifies which a system securely identifies a user ...(that provide end users the functionality they will need to as "permissions." Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Security templates are ). Using security features in the Embedded ...
... • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that is also referred to do. Authorization specifies which a system securely identifies a user ...(that provide end users the functionality they will need to as "permissions." Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Security templates are ). Using security features in the Embedded ...
Embedded Web Server Administrator's Guide
Page 6
... with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls By default, all users the functions they need to in some multifunction printers, over 40 individual menus and functions can be protected. Security Templates Some scenarios call for each access control. How they do not need , while restricting...
... with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls By default, all users the functions they need to in some multifunction printers, over 40 individual menus and functions can be protected. Security Templates Some scenarios call for each access control. How they do not need , while restricting...
Embedded Web Server Administrator's Guide
Page 9
... as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel. One of the strengths of LDAP is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each...
... as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel. One of the strengths of LDAP is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each...
Embedded Web Server Administrator's Guide
Page 11
... selecting Log out on an external server, users will first authenticate with any form of authentication that relies on the printer control panel. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server, the user will not be able to test. To validate an existing LDAP setup...
... selecting Log out on an external server, users will first authenticate with any form of authentication that relies on the printer control panel. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server, the user will not be able to test. To validate an existing LDAP setup...
Embedded Web Server Administrator's Guide
Page 13
...As with any form of authentication that relies on an external server, users will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... must thus anticipate the different types of an outage that it can apply to save the information as a krb5.conf file on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is...
...As with any form of authentication that relies on an external server, users will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... must thus anticipate the different types of an outage that it can apply to save the information as a krb5.conf file on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is...
Embedded Web Server Administrator's Guide
Page 14
... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same...a single NT domain. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in YYYY-MM-DD HH:MM format, and then choose from communicating with the authenticating server. • To help prevent ...
... to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same...a single NT domain. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in YYYY-MM-DD HH:MM format, and then choose from communicating with the authenticating server. • To help prevent ...
Embedded Web Server Administrator's Guide
Page 16
...Specify how long a user may be required to enter the correct code in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to each session by a password... Web Server administrators should verify that function. 4 Click Submit to save changes, or Reset Form to cancel all changes. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls,...
...Specify how long a user may be required to enter the correct code in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to each session by a password... Web Server administrators should verify that function. 4 Click Submit to save changes, or Reset Form to cancel all changes. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls,...
Embedded Web Server Administrator's Guide
Page 17
... the device. 6 To use groups, click Modify Groups, and then select one or more groups to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... the device. 6 To use groups, click Modify Groups, and then select one or more groups to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
...Delete List will now be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenarios Scenario: Printer in a public place If your printer is not in a public space such as a lobby, and you do not use ; Administrators can assign a single password...a password or PIN 1 From the Embedded Web Server Home screen, browse to protect individual functions. Scenario: Standalone or small office If your printer is selected. Users will delete all authorized users of which device functions need to Settings ª Security ª Edit Security Setups. 2...
...Delete List will now be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenarios Scenario: Printer in a public place If your printer is not in a public space such as a lobby, and you do not use ; Administrators can assign a single password...a password or PIN 1 From the Embedded Web Server Home screen, browse to protect individual functions. Scenario: Standalone or small office If your printer is selected. Users will delete all authorized users of which device functions need to Settings ª Security ª Edit Security Setups. 2...
Embedded Web Server Administrator's Guide
Page 19
... and then select a building block from the Authorization Setup list. This list will now be pulled from the drop-down the Ctrl key to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 The KDC port - Step 3: Assign security templates to access controls 1 From the Embedded ...
... and then select a building block from the Authorization Setup list. This list will now be pulled from the drop-down the Ctrl key to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 The KDC port - Step 3: Assign security templates to access controls 1 From the Embedded ...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use of ...
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use of ...
Embedded Web Server Administrator's Guide
Page 24
...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen. Continue? • Select Yes ... asking you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on . Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to the Enable/Disable screen. 8...
...designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen. Continue? • Select Yes ... asking you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on . Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to the Enable/Disable screen. 8...
Embedded Web Server Administrator's Guide
Page 25
... the remote server, select the Remote Syslog non-logged events check box. 9 To have administrators automatically notified of events to on the destination server. The printer will power-on reset, and then return to aid in sorting and filtering by commas) in the Admin's e-mail address field, and then choose from...
... the remote server, select the Remote Syslog non-logged events check box. 9 To have administrators automatically notified of events to on the destination server. The printer will power-on reset, and then return to aid in sorting and filtering by commas) in the Admin's e-mail address field, and then choose from...
Embedded Web Server Administrator's Guide
Page 26
... • Select the Active check box to each applicable protocol. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. If only one certificate has been installed, default will be sent using an encrypted link. 8 If your network under Device... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the...
... • Select the Active check box to each applicable protocol. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. If only one certificate has been installed, default will be sent using an encrypted link. 8 If your network under Device... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home ...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home ...
Embedded Web Server Administrator's Guide
Page 29
...Embedded Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive. Users who are denied will ...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on some Access Controls (referred to update firmware from Home ...
...Embedded Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive. Users who are denied will ...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on some Access Controls (referred to update firmware from Home ...
Embedded Web Server Administrator's Guide
Page 30
... the Embedded Web Server When disabled, all device settings changes requested by a properly configured installation of the Settings menu from the printer control panel. When protected, no longer possible to manage certificates using remote management tools. The Access Control for each Solution is ...profiles created by remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes...
... the Embedded Web Server When disabled, all device settings changes requested by a properly configured installation of the Settings menu from the printer control panel. When protected, no longer possible to manage certificates using remote management tools. The Access Control for each Solution is ...profiles created by remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31