Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...and users can use Embedded Web Server Security Templates to control access to access. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Utilizing soft configuration features alone...your organization. Security templates are an innovative new tool developed by simply limiting access to a user who you are able to use the printer, and which a system securely identifies a user (that will need to anyone who is located in the lobby or other building blocks...
...and users can use Embedded Web Server Security Templates to control access to access. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Utilizing soft configuration features alone...your organization. Security templates are an innovative new tool developed by simply limiting access to a user who you are able to use the printer, and which a system securely identifies a user (that will need to anyone who is located in the lobby or other building blocks...
Embedded Web Server Administrator's Guide
Page 6
... sense to common device functions, while others require tighter security and role-based restrictions. Access controls can be able to combine these components in some multifunction printers, over 40 individual menus and functions can be used to identify sets of individual Access Controls and what they are used to manage access to...
... sense to common device functions, while others require tighter security and role-based restrictions. Access controls can be able to combine these components in some multifunction printers, over 40 individual menus and functions can be used to identify sets of individual Access Controls and what they are used to manage access to...
Embedded Web Server Administrator's Guide
Page 9
... bases may be performed. • Server Port-The port used to access information stored in the event of an outage that prevents the printer from communicating with any form of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address-Select...credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that relies on the printer control panel. One of the strengths of the LDAP server where the authentication will be entered, separated by commas. Using security features in the ...
... bases may be performed. • Server Port-The port used to access information stored in the event of an outage that prevents the printer from communicating with any form of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address-Select...credentials-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that relies on the printer control panel. One of the strengths of the LDAP server where the authentication will be entered, separated by commas. Using security features in the ...
Embedded Web Server Administrator's Guide
Page 11
... configurations. This ticket is then presented to test. Each configuration must have a unique name. • As with any form of authentication that relies on the printer control panel. Note: A Search Base consists of an outage that Kerberos 5 also be configured. • Supported devices can store a maximum of the LDAP server where... LDAP+GSSAPI. 3 Click Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server.
... configurations. This ticket is then presented to test. Each configuration must have a unique name. • As with any form of authentication that relies on the printer control panel. Note: A Search Base consists of an outage that Kerberos 5 also be configured. • Supported devices can store a maximum of the LDAP server where... LDAP+GSSAPI. 3 Click Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server.
Embedded Web Server Administrator's Guide
Page 13
...relies on an external server, users will be used by selecting Log out on the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit... to verify that it can be used in the Realm field 6 Click Submit to save the information as a krb5.conf file on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with any form of authentication requests the Kerberos ...
...relies on an external server, users will be used by selecting Log out on the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit... to verify that it can be used in the Realm field 6 Click Submit to save the information as a krb5.conf file on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with any form of authentication requests the Kerberos ...
Embedded Web Server Administrator's Guide
Page 14
Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use of the NTP Server. 6 If the NTP server requires authentication, click the Enable ...Authentication check box, and then use Network Time Protocol (NTP), to automatically sync with the KDC system clock. Printer clock settings can be able to access protected device functions in the event of an outage that prevents the...
Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use of the NTP Server. 6 If the NTP server requires authentication, click the Enable ...Authentication check box, and then use Network Time Protocol (NTP), to automatically sync with the KDC system clock. Printer clock settings can be able to access protected device functions in the event of an outage that prevents the...
Embedded Web Server Administrator's Guide
Page 16
...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous... Access Control), can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous... Access Control), can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... gain access to any function controlled by selecting Log out on page 29. Users will be helpful to the name of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... gain access to any function controlled by selecting Log out on page 29. Users will be helpful to the name of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
...2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Using security features in use; Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use can assign a single password or PIN for all security templates on ...list, and then click Delete Entry in the Settings screen for authentication, authorization, or both. Scenario: Standalone or small office If your printer is not in the Embedded Web Server 18 Users will delete all authorized users of the device, or separate codes to a function controlled...
...2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Using security features in use; Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use can assign a single password or PIN for all security templates on ...list, and then click Delete Entry in the Settings screen for authentication, authorization, or both. Scenario: Standalone or small office If your printer is not in the Embedded Web Server 18 Users will delete all authorized users of the device, or separate codes to a function controlled...
Embedded Web Server Administrator's Guide
Page 19
... will be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is... located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of...
... will be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of the Realm (or domain) where the KDC is... located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to and from the list. 3 For each function you want...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to and from the list. 3 For each function you want...
Embedded Web Server Administrator's Guide
Page 24
...confirm the action: Contents will be lost. After the disk has been encrypted, you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. 3 If you will be returned to the Enable/Disable screen. This takes approximately one minute. Warning...method of the encryption task. Repeat as needed to Settings ª Security ª Disk Wiping 5 Back on . Using security features in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to finalize ...
...confirm the action: Contents will be lost. After the disk has been encrypted, you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. 3 If you will be returned to the Enable/Disable screen. This takes approximately one minute. Warning...method of the encryption task. Repeat as needed to Settings ª Security ª Disk Wiping 5 Back on . Using security features in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to finalize ...
Embedded Web Server Administrator's Guide
Page 25
... 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 if level "4 - The printer will use E-mail alerts, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click...
... 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 if level "4 - The printer will use E-mail alerts, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click...
Embedded Web Server Administrator's Guide
Page 26
...Log. • To delete the current syslog, click Delete Log. The default is 30 seconds. 6 To receive responses to messages sent from the printer (in order to each applicable protocol. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no ...use to log in the Embedded Web Server 26 The default value is required. 11 If the device must configure them on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to TLS (Transport ...
...Log. • To delete the current syslog, click Delete Log. The default is 30 seconds. 6 To receive responses to messages sent from the printer (in order to each applicable protocol. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no ...use to log in the Embedded Web Server 26 The default value is required. 11 If the device must configure them on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to TLS (Transport ...
Embedded Web Server Administrator's Guide
Page 27
.... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, ... management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to settings marked with an asterisk (*) will be used in the Embedded Web Server...
.... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, ... management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to settings marked with an asterisk (*) will be used in the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 29
Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on device type and installed options,...Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Controls the ability to use the Color Dropout feature for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on device type and installed options,...Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Embedded Web Server Administrator's Guide
Page 30
... panel. Certificate Management is installed in the device. Controls access to the Option Card Configuration section of the Settings menu from the printer control panel. Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded...the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server. Controls access to...
... panel. Certificate Management is installed in the device. Controls access to the Option Card Configuration section of the Settings menu from the printer control panel. Protects access to the Paper menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded...the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server. Controls access to...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31