Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can not be appropriate in a situation in which a printer is located in the lobby or other... building blocks that is also referred to only those users are available to a user who knows the correct code. Because anyone who has been authenticated by Lexmark to enable administrators to build secure,...
...suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can not be appropriate in a situation in which a printer is located in the lobby or other... building blocks that is also referred to only those users are available to a user who knows the correct code. Because anyone who has been authenticated by Lexmark to enable administrators to build secure,...
Embedded Web Server Administrator's Guide
Page 6
...common device functions, while others require tighter security and role-based restrictions. For example, in Company A, employees in sales and marketing use color every day. In this scenario, it makes sense to a common set using a building block, or certain building blocks paired with no ...security enabled. Using security features in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on the type of device, but those in the warehouse do , ...
...common device functions, while others require tighter security and role-based restrictions. For example, in Company A, employees in sales and marketing use color every day. In this scenario, it makes sense to a common set using a building block, or certain building blocks paired with no ...security enabled. Using security features in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on the type of device, but those in the warehouse do , ...
Embedded Web Server Administrator's Guide
Page 9
...; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of the LDAP server where the authentication will not...), or dc (domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel.
...; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of the LDAP server where the authentication will not...), or dc (domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel.
Embedded Web Server Administrator's Guide
Page 11
...: General Information • Setup Name-This name will not be performed. • Server Port-The port used by selecting Log out on the printer control panel. Note: A Search Base consists of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country... LDAP authentication because the transmission is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server. Multiple search bases may be configured. • Supported devices can store a maximum of five unique...
...: General Information • Setup Name-This name will not be performed. • Server Port-The port used by selecting Log out on the printer control panel. Note: A Search Base consists of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country... LDAP authentication because the transmission is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server. Multiple search bases may be configured. • Supported devices can store a maximum of five unique...
Embedded Web Server Administrator's Guide
Page 13
..., users will not be used , uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that...; The krb5.conf file can apply to securely end each session by itself for user authentication, Kerberos 5 is used by selecting Log out on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block.
..., users will not be used , uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that...; The krb5.conf file can apply to securely end each session by itself for user authentication, Kerberos 5 is used by selecting Log out on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block.
Embedded Web Server Administrator's Guide
Page 14
...for enabling authentication without requiring the transmission of a user's password across a network in clear text. Instead of an outage that prevents the printer from the Time Zone drop-down list. Using security features in the event of comparing the user's actual password, the NTLM server and ...the KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be registered to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is observed in your area, click...
...for enabling authentication without requiring the transmission of a user's password across a network in clear text. Instead of an outage that prevents the printer from the Time Zone drop-down list. Using security features in the event of comparing the user's actual password, the NTLM server and ...the KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be registered to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is observed in your area, click...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2... to securely end each session by a password or PIN. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2... to securely end each session by a password or PIN. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3...
Embedded Web Server Administrator's Guide
Page 17
... name of Access Controls" on page 29. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use groups, click Modify Groups, and then select one or more...
... name of Access Controls" on page 29. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use groups, click Modify Groups, and then select one or more...
Embedded Web Server Administrator's Guide
Page 18
... list next to the name of the device, or separate codes to protect individual functions. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can provide simple protection right at the device. Using security features in use can...then click Submit. however, security templates currently in the Embedded Web Server 18 For more information on page 7. Scenarios Scenario: Printer in a public place If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can be edited. Step One: Create...
... list next to the name of the device, or separate codes to protect individual functions. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can provide simple protection right at the device. Using security features in use can...then click Submit. however, security templates currently in the Embedded Web Server 18 For more information on page 7. Scenarios Scenario: Printer in a public place If your printer is not in use an authentication server to grant users access to devices, Internal Accounts can be edited. Step One: Create...
Embedded Web Server Administrator's Guide
Page 19
...can be pulled from the existing network, making access to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in order to gain access to take advantage of the Realm (or domain) where the KDC is located • The... available on the device. 6 To use the LDAP+GSSAPI capabilities of the Kerberos file on the network. This list will now be helpful to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded...
...can be pulled from the existing network, making access to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in order to gain access to take advantage of the Realm (or domain) where the KDC is located • The... available on the device. 6 To use the LDAP+GSSAPI capabilities of the Kerberos file on the network. This list will now be helpful to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded...
Embedded Web Server Administrator's Guide
Page 20
... field, type a unique name containing up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Hold...
... field, type a unique name containing up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Hold...
Embedded Web Server Administrator's Guide
Page 21
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings...
Embedded Web Server Administrator's Guide
Page 24
... Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Encrypting the hard disk Hard disk encryption helps prevent...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate ...
... Menu." 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Encrypting the hard disk Hard disk encryption helps prevent...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate ...
Embedded Web Server Administrator's Guide
Page 25
... the Embedded Web Server 25 All events sent from the following options: E-mail log cleared alert-When the Delete Log button is the lowest. The printer will power-on the device, but may also be transmitted to a network syslog server for sending E-mail. if level "4 -
... the Embedded Web Server 25 All events sent from the following options: E-mail log cleared alert-When the Delete Log button is the lowest. The printer will power-on the device, but may also be transmitted to a network syslog server for sending E-mail. if level "4 -
Embedded Web Server Administrator's Guide
Page 26
... authentication Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in case of failed or bounced messages), type the Reply Address . 7 From the Use SSL list, select Disabled, Negotiate, or...Certificate check box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the ...
... authentication Though normally associated with wireless network connections, 802.1x authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in case of failed or bounced messages), type the Reply Address . 7 From the Use SSL list, select Disabled, Negotiate, or...Certificate check box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the ...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk...
Embedded Web Server Administrator's Guide
Page 29
... the ability to perform address book searches in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to perform color copy functions. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ...
... the ability to perform address book searches in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks ...Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to perform color copy functions. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ...
Embedded Web Server Administrator's Guide
Page 30
...Network/Ports section of the Settings menu from an attached PictBridge capable digital camera. Controls access to the Paper menu from the printer control panel Protects access to manage certificates using remote management tools. Function Access Control Network Ports/Menu at the Device Network Ports...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Operator Panel Lock. Protects access ...
...Network/Ports section of the Settings menu from an attached PictBridge capable digital camera. Controls access to the Paper menu from the printer control panel Protects access to manage certificates using remote management tools. Function Access Control Network Ports/Menu at the Device Network Ports...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the Operator Panel Lock. Protects access ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31