Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
..., administrators can be used only in the lobby or other building blocks that require a user to use the printer. This set of authorized functions is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who you are allowed to use the... printer, and which functions are able to access. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe...
..., administrators can be used only in the lobby or other building blocks that require a user to use the printer. This set of authorized functions is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who you are allowed to use the... printer, and which functions are able to access. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe...
Embedded Web Server Administrator's Guide
Page 6
... purposes of Embedded Web Server security, groups are combined determines the type of security created: Building block Type of device, but those in some multifunction printers, over 40 individual menus and functions can be able to combine these components in association with Groups Authentication and authorization Password Authorization only PIN Authorization...
... purposes of Embedded Web Server security, groups are combined determines the type of security created: Building block Type of device, but those in some multifunction printers, over 40 individual menus and functions can be able to combine these components in association with Groups Authentication and authorization Password Authorization only PIN Authorization...
Embedded Web Server Administrator's Guide
Page 9
Each configuration must have a unique name. • Administrators can create up to 32 user-defined groups that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... where user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address...
Each configuration must have a unique name. • Administrators can create up to 32 user-defined groups that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... where user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address...
Embedded Web Server Administrator's Guide
Page 11
... server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with any form of authentication that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª...
... server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with any form of authentication that relies on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª...
Embedded Web Server Administrator's Guide
Page 13
... Web Server 13 Notes: • Click Delete File to remove the Kerberos configuration file from communicating with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset the...) used by itself for user authentication, Kerberos 5 is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel.
... Web Server 13 Notes: • Click Delete File to remove the Kerberos configuration file from communicating with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset the...) used by itself for user authentication, Kerberos 5 is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel.
Embedded Web Server Administrator's Guide
Page 14
...cannot be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Printer clock settings can be used in a security template only after a supported device has registered with the KDC system clock. Setting date and time Because...then choose from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on the user's password. Notes: • Entering manual settings automatically...
...cannot be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Printer clock settings can be used in a security template only after a supported device has registered with the KDC system clock. Setting date and time Because...then choose from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on the user's password. Notes: • Entering manual settings automatically...
Embedded Web Server Administrator's Guide
Page 16
...-Specify how long a user may be required to enter the correct code in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
...-Specify how long a user may be required to enter the correct code in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
... security templates must be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... security templates must be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
...you do not use can assign a single password or PIN for authentication, authorization, or both. Scenario: Standalone or small office If your printer is that function, and then click Submit. For more information on the device, regardless of that anyone who knows a password or PIN... can provide simple protection right at the device. Scenarios Scenario: Printer in order to gain access to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each access control After...
...you do not use can assign a single password or PIN for authentication, authorization, or both. Scenario: Standalone or small office If your printer is that function, and then click Submit. For more information on the device, regardless of that anyone who knows a password or PIN... can provide simple protection right at the device. Scenarios Scenario: Printer in order to gain access to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each access control After...
Embedded Web Server Administrator's Guide
Page 19
... - Scenario: Network running Active Directory On networks running Active Directory, administrators can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify Groups, and then select one or... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to cancel all changes. Users will be required to use authorization, click Add authorization, and...
... - Scenario: Network running Active Directory On networks running Active Directory, administrators can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use groups, click Modify Groups, and then select one or... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to cancel all changes. Users will be required to use authorization, click Add authorization, and...
Embedded Web Server Administrator's Guide
Page 20
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... maximum). • Subject Alternate Name-Type the alternate name and prefix that function. 4 Click Submit to save changes, or Reset Form to and from your printer, including authentication and group information, as well as document outputs. Using security features in the appropriate fields: • Friendly Name-Type a name for the certificate...
... maximum). • Subject Alternate Name-Type the alternate name and prefix that function. 4 Click Submit to save changes, or Reset Form to and from your printer, including authentication and group information, as well as document outputs. Using security features in the appropriate fields: • Friendly Name-Type a name for the certificate...
Embedded Web Server Administrator's Guide
Page 24
...on disk encryption, or Disable to deactivate it. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. This takes approximately one minute. Note: On some devices the button will appear as "Exit Config Menu... disk. 7 A message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
...on disk encryption, or Disable to deactivate it. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. This takes approximately one minute. Note: On some devices the button will appear as "Exit Config Menu... disk. 7 A message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
Embedded Web Server Administrator's Guide
Page 25
... then follow the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. The printer will use E-mail alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web...
... then follow the Setup E-mail Server link to configure SMTP settings. 10 Click Submit to save changes, or Reset Form to restore default values. The printer will use E-mail alerts, you must be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web...
Embedded Web Server Administrator's Guide
Page 26
... ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to messages sent from the printer (in the Embedded Web Server 26 Note: Server certificate validation is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), ... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP...
... ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to messages sent from the printer (in the Embedded Web Server 26 Note: Server certificate validation is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), ... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the SMTP...
Embedded Web Server Administrator's Guide
Page 27
...Protocol (SNMP) is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server ... Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
...Protocol (SNMP) is public). 5 To facilitate the automatic installation of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server ... Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
Embedded Web Server Administrator's Guide
Page 29
...(flushed) when this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book... to perform address book searches in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
...(flushed) when this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book... to perform address book searches in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Embedded Web Server Administrator's Guide
Page 30
... Appendix 30 Controls access to manage certificates using remote management tools. Controls the ability to the Operator Panel Lock. Controls access to printer settings and functions by a properly configured installation of the Settings menu from the Embedded Web Server The Solution 1 through a secured ... in the device. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes...
... Appendix 30 Controls access to manage certificates using remote management tools. Controls the ability to the Operator Panel Lock. Controls access to printer settings and functions by a properly configured installation of the Settings menu from the Embedded Web Server The Solution 1 through a secured ... in the device. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31