Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... a situation in which a printer is allowed to use the printer. Security templates are an innovative new tool developed by the system. Items to consider might be individually identified, passwords and PINs are ). Because anyone who has been authenticated by Lexmark to enable administrators to build secure... the location of the printer and whether non-authorized persons have access to that area, sensitive documents that require a user to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents...
... a situation in which a printer is allowed to use the printer. Security templates are an innovative new tool developed by the system. Items to consider might be individually identified, passwords and PINs are ). Because anyone who has been authenticated by Lexmark to enable administrators to build secure... the location of the printer and whether non-authorized persons have access to that area, sensitive documents that require a user to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents...
Embedded Web Server Administrator's Guide
Page 6
...Web Server security, groups are combined determines the type of security created: Building block Type of device, but those in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to similar functions. Access Controls (also referred...while others require tighter security and role-based restrictions. Using security features in some devices as PIN-protected access to in sales and marketing use color every day. How they do not need , while restricting other functions to create a "Warehouse" group, and a "Sales and Marketing" ...
...Web Server security, groups are combined determines the type of security created: Building block Type of device, but those in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be used to similar functions. Access Controls (also referred...while others require tighter security and role-based restrictions. Using security features in some devices as PIN-protected access to in sales and marketing use color every day. How they do not need , while restricting other functions to create a "Warehouse" group, and a "Sales and Marketing" ...
Embedded Web Server Administrator's Guide
Page 9
Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (... configuration. • As with any form of databases without special integration, making it can create up to 32 user-defined groups that relies on the printer control panel.
Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (... configuration. • As with any form of databases without special integration, making it can create up to 32 user-defined groups that relies on the printer control panel.
Embedded Web Server Administrator's Guide
Page 11
... in the event of an outage that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. LDAP+GSSAPI is then presented to obtain a Kerberos "ticket." Each configuration must have a unique name. • As with any...simple LDAP authentication because the transmission is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to an LDAP server using the GSSAPI ...
... in the event of an outage that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. LDAP+GSSAPI is then presented to obtain a Kerberos "ticket." Each configuration must have a unique name. • As with any...simple LDAP authentication because the transmission is the node in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to an LDAP server using the GSSAPI ...
Embedded Web Server Administrator's Guide
Page 13
...authentication, Kerberos 5 is not specified in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be able to access protected device functions in the Realm... server in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...
...authentication, Kerberos 5 is not specified in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be able to access protected device functions in the Realm... server in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test...
Embedded Web Server Administrator's Guide
Page 14
...features in clear text. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on the user's password. Notes: ...solution for enabling authentication without requiring the transmission of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings manually,...
...features in clear text. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on the user's password. Notes: ...solution for enabling authentication without requiring the transmission of NTP. • Choosing "(UTC+user) Custom" from the Time Zone drop-down list. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings manually,...
Embedded Web Server Administrator's Guide
Page 16
...and configure as workstations and servers. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit...Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
...and configure as workstations and servers. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit...Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
Embedded Web Server Administrator's Guide
Page 17
... Modify Groups, and then select one another, building blocks and security templates can support up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... Modify Groups, and then select one another, building blocks and security templates can support up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... selected. Using security features in the Settings screen for all security templates on page 7. Scenario: Standalone or small office If your printer is located in use an authentication server to grant users access to devices, Internal Accounts can assign a single password or PIN for that code. Administrators ...
... selected. Using security features in the Settings screen for all security templates on page 7. Scenario: Standalone or small office If your printer is located in use an authentication server to grant users access to devices, Internal Accounts can assign a single password or PIN for that code. Administrators ...
Embedded Web Server Administrator's Guide
Page 19
...of the Kerberos file on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory...any function controlled by a security template. This list will now be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings...
...of the Kerberos file on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory...any function controlled by a security template. This list will now be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings...
Embedded Web Server Administrator's Guide
Page 20
... 1. Hold down the Ctrl key to your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to 128 characters.
... 1. Hold down the Ctrl key to your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to 128 characters.
Embedded Web Server Administrator's Guide
Page 21
... transmitted to cancel all changes. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the appropriate fields: •...
... transmitted to cancel all changes. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the appropriate fields: •...
Embedded Web Server Administrator's Guide
Page 24
...Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you will appear asking you to confirm. Using security features in the drop-down... arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. Encrypting the hard disk Hard disk encryption ...
...Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on only at the device (not through the configuration menus until the printer status bar reaches %100. After the disk has been encrypted, you will appear asking you to confirm. Using security features in the drop-down... arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. Encrypting the hard disk Hard disk encryption ...
Embedded Web Server Administrator's Guide
Page 25
... of the Primary SMTP Gateway the device will use E-mail alerts, you must be tagged with the same facility code to normal operating mode. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
... of the Primary SMTP Gateway the device will use E-mail alerts, you must be tagged with the same facility code to normal operating mode. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. Configuring security audit log settings...
Embedded Web Server Administrator's Guide
Page 26
... Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. If only one certificate has been installed, default will use . For more information on configuring digital certificates, see...box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication...
... Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. If only one certificate has been installed, default will use . For more information on configuring digital certificates, see...box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to configure settings for conditions that warrant administrative attention. ...the changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. SNMP Version 1, 2c 1 From the Embedded Web Server Home screen,...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to configure settings for conditions that warrant administrative attention. ...the changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. SNMP Version 1, 2c 1 From the Embedded Web Server Home screen,...
Embedded Web Server Administrator's Guide
Page 29
... function Controls access to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Bookmark Setup section of the Settings menu in black and white. Firmware files which are denied ...function Controls the ability to create new bookmarks from the printer control panel Controls the ability to perform color copy functions. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create ...
... function Controls access to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Bookmark Setup section of the Settings menu in black and white. Firmware files which are denied ...function Controls the ability to create new bookmarks from the printer control panel Controls the ability to perform color copy functions. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create ...
Embedded Web Server Administrator's Guide
Page 30
...manage certificates using remote management tools. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls the ability to the Paper menu from the Embedded Web Server. When protected, no longer possible to the ... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the General and Print Settings items of the...
...manage certificates using remote management tools. When disabled, all network adaptor NPA settings change commands are denied access cannot enable or disable the printer control panel lock. Controls the ability to the Paper menu from the Embedded Web Server. When protected, no longer possible to the ... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to the General and Print Settings items of the...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31