Embedded Web Server Administrator's Guide
Page 10
... Group Names • Configure Groups-Administrators can define up to previous values. the administrator can associate as many as part of the print server(s). • MFP Password-Enter the password for those groups under the Group Search Base list. To delete an existing LDAP setup 1 From the Embedded Web Server Home... template. Device Credentials • Anonymous LDAP Bind-If selected, the Embedded Web Server will bind with the LDAP server anonymously, and the Distinguished Name and MFP Password fields will also be searched. • Custom Object Class-Click to previous values.
... Group Names • Configure Groups-Administrators can define up to previous values. the administrator can associate as many as part of the print server(s). • MFP Password-Enter the password for those groups under the Group Search Base list. To delete an existing LDAP setup 1 From the Embedded Web Server Home... template. Device Credentials • Anonymous LDAP Bind-If selected, the Embedded Web Server will bind with the LDAP server anonymously, and the Distinguished Name and MFP Password fields will also be searched. • Custom Object Class-Click to previous values.
Embedded Web Server Administrator's Guide
Page 12
... Identifier must provide when attempting to access a function protected by entering identifiers for the print server(s). Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for those groups under the Group Search Base list. Using security features in the list...
... Identifier must provide when attempting to access a function protected by entering identifiers for the print server(s). Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for those groups under the Group Search Base list. Using security features in the list...
Common Criteria Installation Supplement and Administrator Guide
Page 4
...feature" Held Jobs error message 43 "Unable to use 39 Login screen does not appear when a SmartCard is inserted 39 "The KDC and MFP clocks are printing out immediately...44 Appendix A: Using the touch screen 45 Appendix B: Acronyms 47 Appendix C: Description of Access Controls 48 Appendix ...D: Using Common Access Cards 51 Notices 53 Index 56 check the MFP's date and time" error message...40 "Kerberos configuration file has not been uploaded" error message 40 Users are unable to authenticate...40 "The...
...feature" Held Jobs error message 43 "Unable to use 39 Login screen does not appear when a SmartCard is inserted 39 "The KDC and MFP clocks are printing out immediately...44 Appendix A: Using the touch screen 45 Appendix B: Acronyms 47 Appendix C: Description of Access Controls 48 Appendix ...D: Using Common Access Cards 51 Notices 53 Index 56 check the MFP's date and time" error message...40 "Kerberos configuration file has not been uploaded" error message 40 Users are unable to authenticate...40 "The...
Common Criteria Installation Supplement and Administrator Guide
Page 5
... • Lexmark X464 • Lexmark X466 • Lexmark X651 • Lexmark X652 • Lexmark X654 • Lexmark X656 • Lexmark X658 • Lexmark X734 • Lexmark X736 • Lexmark X738 • Lexmark X860 • Lexmark X862 • Lexmark X864 Operating environment The instructions provided in this guide. Using this guide are based on page 45. For information about physically setting up the MFP or...
... • Lexmark X464 • Lexmark X466 • Lexmark X651 • Lexmark X652 • Lexmark X654 • Lexmark X656 • Lexmark X658 • Lexmark X734 • Lexmark X736 • Lexmark X738 • Lexmark X860 • Lexmark X862 • Lexmark X864 Operating environment The instructions provided in this guide. Using this guide are based on page 45. For information about physically setting up the MFP or...
Common Criteria Installation Supplement and Administrator Guide
Page 6
...of lock port found on most laptop computers, and can normally be no optional interfaces are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. • Authorized administrators are ..., under Device Information, locate Base =, and Network =. 7 Contact your Lexmark representative to -date. Note: USB ports that perform document processing functions are installed • Verify the firmware • Attach a lock to the MFP • Encrypt the hard disk (if installed) Verifying physical interfaces and installed...
...of lock port found on most laptop computers, and can normally be no optional interfaces are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. • Authorized administrators are ..., under Device Information, locate Base =, and Network =. 7 Contact your Lexmark representative to -date. Note: USB ports that perform document processing functions are installed • Verify the firmware • Attach a lock to the MFP • Encrypt the hard disk (if installed) Verifying physical interfaces and installed...
Common Criteria Installation Supplement and Administrator Guide
Page 7
...the contents of sensitive data in the lower right corner of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on the numeric keypad while turning the device back on.... This section applies only to boot into the Configuration menu. Once the MFP is fully powered up, the touch screen should display a list of functions, instead of the touch screen. 4 Scroll through the configuration menus to locate...
...the contents of sensitive data in the lower right corner of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on the numeric keypad while turning the device back on.... This section applies only to boot into the Configuration menu. Once the MFP is fully powered up, the touch screen should display a list of functions, instead of the touch screen. 4 Scroll through the configuration menus to locate...
Common Criteria Installation Supplement and Administrator Guide
Page 8
... lost. 7 A message will be displayed asking you to complete. 8 To finish, press Back, and then Exit Config Menu. After the disk has been encrypted, the MFP will power-on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the left to set the... Buffer to normal operating mode. Continue? • Select Yes to the Enable/Disable screen. Doing so may result in loss of the encryption task. The MFP will return to proceed with disk wiping and encryption.
... lost. 7 A message will be displayed asking you to complete. 8 To finish, press Back, and then Exit Config Menu. After the disk has been encrypted, the MFP will power-on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the left to set the... Buffer to normal operating mode. Continue? • Select Yes to the Enable/Disable screen. Doing so may result in loss of the encryption task. The MFP will return to proceed with disk wiping and encryption.
Common Criteria Installation Supplement and Administrator Guide
Page 10
... for Internal Accounts screen, select Add Entry. 6 For the Name, type Authenticated_Users. 7 Touch Next, to use device functions, and access the Reports menu 10 The MFP supports a maximum of these groups when configuring security templates, and then apply a security template to each device function, to control access to each user, but...
... for Internal Accounts screen, select Add Entry. 6 For the Name, type Authenticated_Users. 7 Touch Next, to use device functions, and access the Reports menu 10 The MFP supports a maximum of these groups when configuring security templates, and then apply a security template to each device function, to control access to each user, but...
Common Criteria Installation Supplement and Administrator Guide
Page 11
... one or more groups, as follows: • For users who should now be listed. 11 Repeat steps as needed to add additional users. 11 The MFP will return to the Internal Accounts screen. 3 From the Internal Accounts screen, select Add Entry. 4 Type the user's account name (example: "Jack Smith"), and then...
... one or more groups, as follows: • For users who should now be listed. 11 Repeat steps as needed to add additional users. 11 The MFP will return to the Internal Accounts screen. 3 From the Internal Accounts screen, select Add Entry. 4 Type the user's account name (example: "Jack Smith"), and then...
Common Criteria Installation Supplement and Administrator Guide
Page 14
... access only Any valid setting Not applicable - all remote access disabled Disabling home screen icons The final step is to remove unneeded icons from the MFP home screen: 1 From the home screen, touch Menus > Settings > General Settings. 2 Scroll to locate Home Screen Customization. 3 Set FTP, FTP Shortcuts, and USB Drive to...
... access only Any valid setting Not applicable - all remote access disabled Disabling home screen icons The final step is to remove unneeded icons from the MFP home screen: 1 From the home screen, touch Menus > Settings > General Settings. 2 Scroll to locate Home Screen Customization. 3 Set FTP, FTP Shortcuts, and USB Drive to...
Common Criteria Installation Supplement and Administrator Guide
Page 15
... after making any needed changes, to return your device to the evaluated configuration. Using the Embedded Web Server Access to the home screen. 7 Reboot the MFP by turning it off and back on network-attached devices. Once a device is disabled as part of the evaluated configuration on using the EWS 1 From...
... after making any needed changes, to return your device to the evaluated configuration. Using the Embedded Web Server Access to the home screen. 7 Reboot the MFP by turning it off and back on network-attached devices. Once a device is disabled as part of the evaluated configuration on using the EWS 1 From...
Common Criteria Installation Supplement and Administrator Guide
Page 16
..., see "Using the Embedded Web Server" on the left to access configuration and report menus. After the network setup page prints, the MFP will return to use the device hostname as the Common Name. • Organization Name-Type the name of the company or organization issuing ...controller verification, and for a network-attached device. Note: Leave this field blank to the home screen. Settings for network-attached devices After attaching the MFP to a network, you have finished using the secure version of the page (with the address beginning "https://"). 2 Use the navigation menu on page...
..., see "Using the Embedded Web Server" on the left to access configuration and report menus. After the network setup page prints, the MFP will return to use the device hostname as the Common Name. • Organization Name-Type the name of the company or organization issuing ...controller verification, and for a network-attached device. Note: Leave this field blank to the home screen. Settings for network-attached devices After attaching the MFP to a network, you have finished using the secure version of the page (with the address beginning "https://"). 2 Use the navigation menu on page...
Common Criteria Installation Supplement and Administrator Guide
Page 18
... the PKI Authentication application. 1 From the EWS, click Settings > Security > Certificate Management > Certificate Authority Management. Your browser will connect to the MFP. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on client devices that will return to the EWS main page....and then one of the numbered Host fields. 8 Type the IP address of the file should be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on page 15. It does not handle authentication or restrict access. 1 From the EWS, click Settings >Security ...
... the PKI Authentication application. 1 From the EWS, click Settings > Security > Certificate Management > Certificate Authority Management. Your browser will connect to the MFP. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on client devices that will return to the EWS main page....and then one of the numbered Host fields. 8 Type the IP address of the file should be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on page 15. It does not handle authentication or restrict access. 1 From the EWS, click Settings >Security ...
Common Criteria Installation Supplement and Administrator Guide
Page 19
... the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP. If they are empty. The MFP will return to the NetWare screen. b From the Std Network Setup screen, select LexLink > Activate. The MFP will return to the AppleTalk screen. Note: It might be disabled. Using the touch screen 1 To disable...
... the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP. If they are empty. The MFP will return to the NetWare screen. b From the Std Network Setup screen, select LexLink > Activate. The MFP will return to the AppleTalk screen. Note: It might be disabled. Using the touch screen 1 To disable...
Common Criteria Installation Supplement and Administrator Guide
Page 20
...Protocol Use Network Time Protocol (NTP), to the LexLink screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using a network connection. For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 1 From the ...; UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. d Touch Submit. The MFP will return to automatically sync MFP date and time settings with a trusted clock, so that NTP settings are not automatically provided by the DHCP server before manually configuring ...
...Protocol Use Network Time Protocol (NTP), to the LexLink screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using a network connection. For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 1 From the ...; UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. d Touch Submit. The MFP will return to automatically sync MFP date and time settings with a trusted clock, so that NTP settings are not automatically provided by the DHCP server before manually configuring ...
Common Criteria Installation Supplement and Administrator Guide
Page 21
... Enable Authentication to disable HTTP and HTTPS access after you have finished using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must be using the EWS. 2 Select the Enable NTP check box, and then type the IP address or hostname of the NTP Server. 3 If...
... Enable Authentication to disable HTTP and HTTPS access after you have finished using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must be using the EWS. 2 Select the Enable NTP check box, and then type the IP address or hostname of the NTP Server. 3 If...
Common Criteria Installation Supplement and Administrator Guide
Page 23
... of certain log events, type one or more E-mail addresses (separated by commas) in the Admin's e-mail address field. 9 If you want the MFP to automatically notify administrators of certain log events, type one or more E-mail addresses (separated by commas) in the Admin's e-mail address field, and... to configure SMTP settings. 9 Click Submit. Notice. The chosen severity level and anything higher (0-4) will be logged. 11 If you want the MFP to send all events regardless of severity to the remote server, select Remote Syslog non-logged events. 8 To have the log file Wrap over ...
... of certain log events, type one or more E-mail addresses (separated by commas) in the Admin's e-mail address field. 9 If you want the MFP to automatically notify administrators of certain log events, type one or more E-mail addresses (separated by commas) in the Admin's e-mail address field, and... to configure SMTP settings. 9 Click Submit. Notice. The chosen severity level and anything higher (0-4) will be logged. 11 If you want the MFP to send all events regardless of severity to the remote server, select Remote Syslog non-logged events. 8 To have the log file Wrap over ...
Common Criteria Installation Supplement and Administrator Guide
Page 24
... "/". • Base file name image-must be blank. • Web Link-must be parsed or viewed. • Select Digitally sign exports if you want the MFP to automatically notify administrators of certain log events, adjust the following settings as needed: • To send an E-mail when the Delete Log button is... On. • To send an E-mail when log storage space reaches a specified percentage of log storage space that server. 24 12 If you want the MFP to add a digital signature to E-mail alerts. 13 Touch Submit. Note: In order to use for that must also configure SMTP settings.
... "/". • Base file name image-must be blank. • Web Link-must be parsed or viewed. • Select Digitally sign exports if you want the MFP to automatically notify administrators of certain log events, adjust the following settings as needed: • To send an E-mail when the Delete Log button is... On. • To send an E-mail when log storage space reaches a specified percentage of log storage space that server. 24 12 If you want the MFP to add a digital signature to E-mail alerts. 13 Touch Submit. Note: In order to use for that must also configure SMTP settings.
Common Criteria Installation Supplement and Administrator Guide
Page 25
...specify whether E-mail will be sent using an encrypted link. 8 If the SMTP server requires user credentials, select an authentication method from the MFP (in order to send E-mail, enter the information appropriate for SMTP Server Authentication. 9 Set Device-Initiated E-mail to Use Device SMTP Credentials...be sent using an encrypted link. 8 If the SMTP server requires user credentials, select a method for your network/server environment. 11 If the MFP must provide credentials in case of failed or bounced messages), type a Reply Address. 7 Set Use SSL to Disabled, Negotiate, or Required to...
...specify whether E-mail will be sent using an encrypted link. 8 If the SMTP server requires user credentials, select an authentication method from the MFP (in order to send E-mail, enter the information appropriate for SMTP Server Authentication. 9 Set Device-Initiated E-mail to Use Device SMTP Credentials...be sent using an encrypted link. 8 If the SMTP server requires user credentials, select a method for your network/server environment. 11 If the MFP must provide credentials in case of failed or bounced messages), type a Reply Address. 7 Set Use SSL to Disabled, Negotiate, or Required to...
Common Criteria Installation Supplement and Administrator Guide
Page 26
... 1 From the home screen, touch Menus > Settings > Fax Settings > Analog Fax Setup > Fax Receive Settings. 2 Scroll to send E-mail, enter the information appropriate for your MFP includes fax capabilities and is attached to a phone line, you have finished using the EWS. 2 Under Fax Receive Settings, click Holding Faxes. 3 Set Held Fax... in the Device Userid, Device password, and Kerberos 5 Realm or NTLM Domain fields. 12 Touch Submit. Fax If your network/server environment. 11 If the MFP must disable fax forwarding, enable held faxes, and disable driver to fax.
... 1 From the home screen, touch Menus > Settings > Fax Settings > Analog Fax Setup > Fax Receive Settings. 2 Scroll to send E-mail, enter the information appropriate for your MFP includes fax capabilities and is attached to a phone line, you have finished using the EWS. 2 Under Fax Receive Settings, click Holding Faxes. 3 Set Held Fax... in the Device Userid, Device password, and Kerberos 5 Realm or NTLM Domain fields. 12 Touch Submit. Fax If your network/server environment. 11 If the MFP must disable fax forwarding, enable held faxes, and disable driver to fax.