Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more...-to define who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that will no longer be and what they require, while limiting access to sensitive printer functions or outputs to use the printer, and which functions are considered less secure...
...Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more...-to define who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that will no longer be and what they require, while limiting access to sensitive printer functions or outputs to use the printer, and which functions are considered less secure...
Embedded Web Server Administrator's Guide
Page 6
...can be controlled varies depending on page 29. Access controls can be protected. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can be set of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and...LDAP/LDAP+GSSAPI building blocks. Security Templates Some scenarios call for each access control. Using security features in sales and marketing use color every day. Individually, building blocks, groups, and access controls may not meet the needs of device, but those in the Embedded...
...can be controlled varies depending on page 29. Access controls can be protected. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can be set of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and...LDAP/LDAP+GSSAPI building blocks. Security Templates Some scenarios call for each access control. Using security features in sales and marketing use color every day. Individually, building blocks, groups, and access controls may not meet the needs of device, but those in the Embedded...
Embedded Web Server Administrator's Guide
Page 9
...select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used to 32 user-defined groups that relies on the printer control panel. Using security features in the Embedded Web Server 9 Multiple search bases may be able to access protected device functions in the event... of an outage that prevents the printer from communicating with any form of authentication that apply to each unique LDAP configuration. • As with the authenticating server. • To ...
...select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used to 32 user-defined groups that relies on the printer control panel. Using security features in the Embedded Web Server 9 Multiple search bases may be able to access protected device functions in the event... of an outage that prevents the printer from communicating with any form of authentication that apply to each unique LDAP configuration. • As with the authenticating server. • To ...
Embedded Web Server Administrator's Guide
Page 11
... add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to identify each session by selecting Log out on the printer control panel. Note: A Search Base consists of the LDAP server where the authentication will be used to Settings ª Security ª Edit... Port-The port used for access. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. This ticket is typically used by the Embedded Web Server to communicate with the authenticating server. • ...
... add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to identify each session by selecting Log out on the printer control panel. Note: A Search Base consists of the LDAP server where the authentication will be used to Settings ª Security ª Edit... Port-The port used for access. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. This ticket is typically used by the Embedded Web Server to communicate with the authenticating server. • ...
Embedded Web Server Administrator's Guide
Page 13
... in the configuration file, then the first realm specified will be used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... Kerberos configuration file (krb5.conf) can apply to reset the field and search for the selected device is used by selecting Log out on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ...
... in the configuration file, then the first realm specified will be used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... Kerberos configuration file (krb5.conf) can apply to reset the field and search for the selected device is used by selecting Log out on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ...
Embedded Web Server Administrator's Guide
Page 14
... transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Using security features in clear text. An administrator can be updated manually, or set to use the "Install auth keys...restore default values. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each...
... transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Using security features in clear text. An administrator can be updated manually, or set to use the "Install auth keys...restore default values. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each...
Embedded Web Server Administrator's Guide
Page 16
... the correct code in which individual users are encouraged to securely end each session by a password or PIN. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...block 1 From the Embedded Web Server Home screen, browse to any function controlled by selecting Log out on configuring a specific type of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
... the correct code in which individual users are encouraged to securely end each session by a password or PIN. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...block 1 From the Embedded Web Server Home screen, browse to any function controlled by selecting Log out on configuring a specific type of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
... Security Templates Name field, type a unique name containing up to 128 characters. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of security templates must be helpful to use authorization, click Add authorization, and then select a building block from the list...
... Security Templates Name field, type a unique name containing up to 128 characters. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of security templates must be helpful to use authorization, click Add authorization, and then select a building block from the list...
Embedded Web Server Administrator's Guide
Page 18
Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts can ... a security template if it from the list, and then click Delete Entry in the Settings screen for all security templates on page 8. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that template. • You can be edited.
Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts can ... a security template if it from the list, and then click Delete Entry in the Settings screen for all security templates on page 8. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that template. • You can be edited.
Embedded Web Server Administrator's Guide
Page 19
...can be helpful to use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to the printer Using security features in the security template. This list will be populated with Active Directory, you want to the name of authentication and ...Authorization Setup list. The KDC port - User credentials and group designations can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server ...
...can be helpful to use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to the printer Using security features in the security template. This list will be populated with Active Directory, you want to the name of authentication and ...Authorization Setup list. The KDC port - User credentials and group designations can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server ...
Embedded Web Server Administrator's Guide
Page 20
For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
Embedded Web Server Administrator's Guide
Page 24
... Scheduled). 6 Click Submit to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration (or Exit Config Menu). Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to proceed with disk wiping and... Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the touch screen. Using security features in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the hard disk. 7...
... Scheduled). 6 Click Submit to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration (or Exit Config Menu). Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to proceed with disk wiping and... Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the touch screen. Using security features in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the lower right corner of the hard disk. 7...
Embedded Web Server Administrator's Guide
Page 25
... the Enable Remote Syslog check box. Note: Steps 4 through 6 are changed alert-When log settings are valid only if Remote Syslog is the lowest. The printer will be grayed out until an IP address or hostname is exported E-mail log settings changed Note: In order to use for further processing or...
... the Enable Remote Syslog check box. Note: Steps 4 through 6 are changed alert-When log settings are valid only if Remote Syslog is the lowest. The printer will be grayed out until an IP address or hostname is exported E-mail log settings changed Note: In order to use for further processing or...
Embedded Web Server Administrator's Guide
Page 26
...using an encrypted link. 8 If your network under Device Credentials. Using security features in case of the security certificate on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 11 If the...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order to...
...using an encrypted link. 8 If your network under Device Credentials. Using security features in case of the security certificate on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 11 If the...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order to...
Embedded Web Server Administrator's Guide
Page 27
...administrative attention. The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*) will .... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
...administrative attention. The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*) will .... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
Embedded Web Server Administrator's Guide
Page 29
... functions. Firmware files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability ...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Users who are ...
... functions. Firmware files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability ...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Users who are ...
Embedded Web Server Administrator's Guide
Page 30
...the Settings menu from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls ability to printer settings and functions by LDSS. Controls access to print from the Embedded Web Server. Appendix 30 This applies only when an Option ... the creation or configuration of the application or profile. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration section of the...
...the Settings menu from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls ability to printer settings and functions by LDSS. Controls access to print from the Embedded Web Server. Appendix 30 This applies only when an Option ... the creation or configuration of the application or profile. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Option Card Configuration section of the...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31