Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
..., administrators can be sent to provide low-level security, by the system. Items to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web...
..., administrators can be sent to provide low-level security, by the system. Items to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web...
Embedded Web Server Administrator's Guide
Page 6
... all device menus, settings, and functions come with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to disable them entirely. Access Controls (also referred to in...
... all device menus, settings, and functions come with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to disable them entirely. Access Controls (also referred to in...
Embedded Web Server Administrator's Guide
Page 9
...is that it more flexible than other authentication methods. Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will not be able to access protected ...device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by ...
...is that it more flexible than other authentication methods. Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will not be able to access protected ...device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by ...
Embedded Web Server Administrator's Guide
Page 11
...the LDAP server where the authentication will be able to access protected device functions in the event of an outage that relies on the printer control panel. Multiple search bases may be configured. • Supported devices can store a maximum of five unique LDAP + GSSAPI ... that Kerberos 5 also be entered, separated by the Embedded Web Server to communicate with any form of authentication that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Using LDAP+GSSAPI Some...
...the LDAP server where the authentication will be able to access protected device functions in the event of an outage that relies on the printer control panel. Multiple search bases may be configured. • Supported devices can store a maximum of five unique LDAP + GSSAPI ... that Kerberos 5 also be entered, separated by the Embedded Web Server to communicate with any form of authentication that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Using LDAP+GSSAPI Some...
Embedded Web Server Administrator's Guide
Page 13
... to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must thus anticipate the different types of authentication that relies on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. •... the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
... to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must thus anticipate the different types of authentication that relies on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. •... the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
Embedded Web Server Administrator's Guide
Page 14
... KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if ... with any form of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the ...
... KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the NTLM domain. • The NTLM building block cannot be deleted or unregistered if ... with any form of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the ...
Embedded Web Server Administrator's Guide
Page 16
...login restrictions for information assets such as needed. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ... appropriate login restrictions: • Login failures-Specify the number of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
...login restrictions for information assets such as needed. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ... appropriate login restrictions: • Login failures-Specify the number of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... list will now be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as Passwords and...
... list will now be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as Passwords and...
Embedded Web Server Administrator's Guide
Page 18
...of the device, or separate codes to protect individual functions. Using security features in the Embedded Web Server 18 Scenarios Scenario: Printer in a public place If your printer is not in use can be edited. The key to remember is located in a public space such as a lobby,... internal accounts" on the device, regardless of that code. however, security templates currently in use ; Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that function, and then click Submit. Administrators can assign a...
...of the device, or separate codes to protect individual functions. Using security features in the Embedded Web Server 18 Scenarios Scenario: Printer in a public place If your printer is not in use can be edited. The key to remember is located in a public space such as a lobby,... internal accounts" on the device, regardless of that code. however, security templates currently in use ; Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that function, and then click Submit. Administrators can assign a...
Embedded Web Server Administrator's Guide
Page 19
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building... block from the existing network, making access to the printer Using security features in the security template. Users will be helpful to 128 characters. The IP address or hostname of the Kerberos file...
... of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building... block from the existing network, making access to the printer Using security features in the security template. Users will be helpful to 128 characters. The IP address or hostname of the Kerberos file...
Embedded Web Server Administrator's Guide
Page 20
... Web Server Home screen, browse to select multiple groups. 8 Click Save Template. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Web Server Home screen, browse to select multiple groups. 8 Click Save Template. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... maximum). • Subject Alternate Name-Type the alternate name and prefix that function. 4 Click Submit to save changes, or Reset Form to and from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to cancel all changes. Users will now be required to...
... maximum). • Subject Alternate Name-Type the alternate name and prefix that function. 4 Click Submit to save changes, or Reset Form to and from your printer, including authentication and group information, as well as document outputs. The details of information transmitted to cancel all changes. Users will now be required to...
Embedded Web Server Administrator's Guide
Page 24
... Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on the following screen click Delete Entry again to confirm. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping ...list of functions, instead of the hard disk. 7 A message will appear asking you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue? • Select Yes to schedule additional times for each method of the encryption task. Using...
... Select Disk Encryption. 6 From the Disk Encryption menu, select Enable to turn on the following screen click Delete Entry again to confirm. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping ...list of functions, instead of the hard disk. 7 A message will appear asking you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue? • Select Yes to schedule additional times for each method of the encryption task. Using...
Embedded Web Server Administrator's Guide
Page 25
The printer will be logged (e.g. The default value is port 514. 5 From the Remote Syslog Method list, select Normal UDP (to restore default values. E-mail server setup 1 ...
The printer will be logged (e.g. The default value is port 514. 5 From the Remote Syslog Method list, select Normal UDP (to restore default values. E-mail server setup 1 ...
Embedded Web Server Administrator's Guide
Page 26
...in order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use to log in to the authentication server. • Select the Validate Server Certificate check box to use. For more ... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to each applicable protocol. The default is "No authentication required." 9 From the Device-Initiated E-...
...in order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use to log in to the authentication server. • Select the Validate Server Certificate check box to use. For more ... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to each applicable protocol. The default is "No authentication required." 9 From the Device-Initiated E-...
Embedded Web Server Administrator's Guide
Page 27
The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked...
The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked...
Embedded Web Server Administrator's Guide
Page 29
...the Embedded Web Server Appendix 29 Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will have their copy ...jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
...the Embedded Web Server Appendix 29 Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will have their copy ...jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Scan to Fax and ...
Embedded Web Server Administrator's Guide
Page 30
...menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls the ability to printer settings and functions by remote management tools such as that provided by a properly configured installation of the application or profile. ...Control for each Solution is assigned in the creation or configuration of MarkVision Professional). Protects access to the Paper menu from the printer control panel. Controls access to release (print) Held Faxes. Appendix 30 Protects access to the Paper menu from the Embedded Web...
...menu from an attached PictBridge capable digital camera. Controls ability to print from the Embedded Web Server. Controls the ability to printer settings and functions by remote management tools such as that provided by a properly configured installation of the application or profile. ...Control for each Solution is assigned in the creation or configuration of MarkVision Professional). Protects access to the Paper menu from the printer control panel. Controls access to release (print) Held Faxes. Appendix 30 Protects access to the Paper menu from the Embedded Web...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31