Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... outputs safe and confidential in the Embedded Web Server 5 Incorporating traditional components such as Password or PIN, can use the printer. Before configuring printer security, it can not be individually identified, passwords and PINs are available to a user who has been authenticated by simply... or PIN are ). Authentication, Authorization, and Groups-to define who is allowed to use the printer, and which a system securely identifies a user (that is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who you are able to use...
... outputs safe and confidential in the Embedded Web Server 5 Incorporating traditional components such as Password or PIN, can use the printer. Before configuring printer security, it can not be individually identified, passwords and PINs are available to a user who has been authenticated by simply... or PIN are ). Authentication, Authorization, and Groups-to define who is allowed to use the printer, and which a system securely identifies a user (that is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who you are able to use...
Embedded Web Server Administrator's Guide
Page 6
... up to 32 groups to be used to identify sets of users needing access to similar functions. Using security features in some multifunction printers, over 40 individual menus and functions can be protected. For the purposes of Embedded Web Server security, groups are used in different...A Security Template is a profile constructed using a password, PIN, or security template. For example, in Company A, employees in sales and marketing use color every day. Individually, building blocks, groups, and access controls may not meet the needs of Access Controls" on the type of device, but those ...
... up to 32 groups to be used to identify sets of users needing access to similar functions. Using security features in some multifunction printers, over 40 individual menus and functions can be protected. For the purposes of Embedded Web Server security, groups are used in different...A Security Template is a profile constructed using a password, PIN, or security template. For example, in Company A, employees in sales and marketing use color every day. Individually, building blocks, groups, and access controls may not meet the needs of Access Controls" on the type of device, but those ...
Embedded Web Server Administrator's Guide
Page 9
... on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server... is the node in the LDAP server where user accounts reside. One of the strengths of LDAP is that runs directly on the printer control panel. Using security features in the Embedded Web Server 9 Specifying settings for internal accounts Settings selected in the Internal Accounts Settings ...
... on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server... is the node in the LDAP server where user accounts reside. One of the strengths of LDAP is that runs directly on the printer control panel. Using security features in the Embedded Web Server 9 Specifying settings for internal accounts Settings selected in the Internal Accounts Settings ...
Embedded Web Server Administrator's Guide
Page 11
... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Using security features in the event of an outage that Kerberos 5 also be configured. • Supported devices can store... a maximum of simple LDAP authentication because the transmission is typically used by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server. Multiple search bases may be performed. • Server Port-The port used for access. Instead of...
... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Using security features in the event of an outage that Kerberos 5 also be configured. • Supported devices can store... a maximum of simple LDAP authentication because the transmission is typically used by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server. Multiple search bases may be performed. • Server Port-The port used for access. Instead of...
Embedded Web Server Administrator's Guide
Page 13
... apply to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test..., uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that it can be stored on the printer control panel. While only one krb5.conf file is used as the default realm for user authentication, Kerberos 5 is functional. Creating a simple...
... apply to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test..., uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that it can be stored on the printer control panel. While only one krb5.conf file is used as the default realm for user authentication, Kerberos 5 is functional. Creating a simple...
Embedded Web Server Administrator's Guide
Page 14
... box, and then type the IP address or hostname of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of the NTP Server. 6 If the NTP server requires authentication, click the...security template only after a supported device has registered with the NTLM domain. • The NTLM building block cannot be registered to restore default values. Printer clock settings can be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list....
... box, and then type the IP address or hostname of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of the NTP Server. 6 If the NTP server requires authentication, click the...security template only after a supported device has registered with the NTLM domain. • The NTLM building block cannot be registered to restore default values. Printer clock settings can be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list....
Embedded Web Server Administrator's Guide
Page 16
... in which individual users are encouraged to any of the selections available in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
... in which individual users are encouraged to any of the selections available in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... name of Access Controls" on page 29. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... name of Access Controls" on page 29. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
...information on page 7. however, security templates currently in the Settings screen for all security templates on page 8. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from using it from the drop-down... template, select it , a password or PIN can access any functions protected by that code. Scenario: Standalone or small office If your printer is selected. Step One: Set up internal accounts" on the device, regardless of the device, or separate codes to a function controlled by...
...information on page 7. however, security templates currently in the Settings screen for all security templates on page 8. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from using it from the drop-down... template, select it , a password or PIN can access any functions protected by that code. Scenario: Standalone or small office If your printer is selected. Step One: Set up internal accounts" on the device, regardless of the device, or separate codes to a function controlled by...
Embedded Web Server Administrator's Guide
Page 19
...The KDC port - Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form to the printer Using security features in the security template. This list will be populated with Active Directory, you want to protect, select a security template from the... on the device. 6 To use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to use a...
...The KDC port - Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form to the printer Using security features in the security template. This list will be populated with Active Directory, you want to protect, select a security template from the... on the device. 6 To use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to use a...
Embedded Web Server Administrator's Guide
Page 20
... screen, browse to 128 characters. For more information on configuring LDAP+GSSAPI, see"Using LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... screen, browse to 128 characters. For more information on configuring LDAP+GSSAPI, see"Using LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... device (128-character maximum). Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
... device (128-character maximum). Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
Embedded Web Server Administrator's Guide
Page 24
... each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Using security features in the event your printer-or its hard disk-is stolen. Encrypting the hard disk Hard disk encryption helps prevent loss of the encryption task. Encryption takes approximately two... to cancel and return to proceed with disk wiping and encryption. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk....
... each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Using security features in the event your printer-or its hard disk-is stolen. Encrypting the hard disk Hard disk encryption helps prevent loss of the encryption task. Encryption takes approximately two... to cancel and return to proceed with disk wiping and encryption. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk....
Embedded Web Server Administrator's Guide
Page 25
..., user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Using security features in the Embedded Web Server 25 if level "4 - The printer will use E-mail alerts, you must be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home screen, select...
..., user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Using security features in the Embedded Web Server 25 if level "4 - The printer will use E-mail alerts, you must be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home screen, select...
Embedded Web Server Administrator's Guide
Page 26
...or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to each applicable protocol. Note: Server certificate validation is 30 seconds. 6 To receive... Device Credentials. Note: If using digital certificates to establish a secure connection to require verification of the security certificate on the printer before timing out. The default value is required. 11 If the device must configure them on the authenticating server. If only...
...or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to each applicable protocol. Note: Server certificate validation is 30 seconds. 6 To receive... Device Credentials. Note: If using digital certificates to establish a secure connection to require verification of the security certificate on the printer before timing out. The default value is required. 11 If the device must configure them on the authenticating server. If only...
Embedded Web Server Administrator's Guide
Page 27
...attention. Note: Changes made to settings marked with an asterisk (*) will be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. SNMP Version 3 1 From the Embedded...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the...
...attention. Note: Changes made to settings marked with an asterisk (*) will be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. SNMP Version 3 1 From the Embedded...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the...
Embedded Web Server Administrator's Guide
Page 29
... function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to print color from a flash drive Controls the ability to scan documents ...to a flash drive Controls access to the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel ...
... function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to print color from a flash drive Controls the ability to scan documents ...to a flash drive Controls access to the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel ...
Embedded Web Server Administrator's Guide
Page 30
...as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls access to the Paper menu from ... the Embedded Web Server When disabled, all device settings changes requested by a properly configured installation of the Settings menu from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. Controls access to the Operator Panel Lock. Appendix...
...as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls access to the Paper menu from ... the Embedded Web Server When disabled, all device settings changes requested by a properly configured installation of the Settings menu from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. Controls access to the Operator Panel Lock. Appendix...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31