Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
..., Authorization, and Groups-to define who enters the correct password or PIN receives the same privileges and users can use the printer, and which a printer is , who the users will need to as authentication and group permissions, administrators can not be identified, or both identified ...and authorized. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web ...
..., Authorization, and Groups-to define who enters the correct password or PIN receives the same privileges and users can use the printer, and which a printer is , who the users will need to as authentication and group permissions, administrators can not be identified, or both identified ...and authorized. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web ...
Embedded Web Server Administrator's Guide
Page 6
... functions they are used in the Embedded Web Server 6 Security Templates Some scenarios call for each access control. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Groups Administrators can designate up to 140 security templates, allowing administrators...
... functions they are used in the Embedded Web Server 6 Security Templates Some scenarios call for each access control. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Groups Administrators can designate up to 140 security templates, allowing administrators...
Embedded Web Server Administrator's Guide
Page 9
Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on top of the TCP...User ID and Password to specify the information a user must have a unique name. • Administrators can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration. • As with...
Multiple search bases may be entered, separated by selecting Log out on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on top of the TCP...User ID and Password to specify the information a user must have a unique name. • Administrators can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP configuration. • As with...
Embedded Web Server Administrator's Guide
Page 11
...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Note: A Search Base consists of an outage that Kerberos 5 also be able to the LDAP server using Generic... Services Application Programming Interface (GSSAPI) instead of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server, the...
...Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Note: A Search Base consists of an outage that Kerberos 5 also be able to the LDAP server using Generic... Services Application Programming Interface (GSSAPI) instead of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server, the...
Embedded Web Server Administrator's Guide
Page 13
...krb5.conf file to save the information as the default realm for authentication. • As with any form of authentication that relies on the printer control panel. However, if a realm is functional. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. ...(or domain) used , uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is used by selecting Log out...
...krb5.conf file to save the information as the default realm for authentication. • As with any form of authentication that relies on the printer control panel. However, if a realm is functional. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. ...(or domain) used , uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is used by selecting Log out...
Embedded Web Server Administrator's Guide
Page 14
... in a security template only after a supported device has registered with a trusted clock-typically the same one NTLM configuration on the printer control panel. Printer clock settings can store only one used by selecting Log out on a supported device because each device can be used as needed....Web Server 14 Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication...
... in a security template only after a supported device has registered with a trusted clock-typically the same one NTLM configuration on the printer control panel. Printer clock settings can store only one used by selecting Log out on a supported device because each device can be used as needed....Web Server 14 Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication...
Embedded Web Server Administrator's Guide
Page 16
... authenticated), administrators can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit... Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
... authenticated), administrators can be set to require No Security (the default), or to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit... Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
..., click Add authorization, and then select a building block from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
..., click Add authorization, and then select a building block from the drop-down the Ctrl key to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... Step Two: Assign a password or PIN to each function you wish to protect individual functions. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for authentication, authorization, or both. Users will delete...delete an individual security template, select it is selected. Step One: Set up internal accounts" on page 7. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal ...
... Step Two: Assign a password or PIN to each function you wish to protect individual functions. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for authentication, authorization, or both. Users will delete...delete an individual security template, select it is selected. Step One: Set up internal accounts" on page 7. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal ...
Embedded Web Server Administrator's Guide
Page 19
... 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Users will need to cancel all changes. The KDC port - Hold down list next to the... name of the Key Distribution Center (KDC) - It can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block ...
... 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Users will need to cancel all changes. The KDC port - Hold down list next to the... name of the Key Distribution Center (KDC) - It can be pulled from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block ...
Embedded Web Server Administrator's Guide
Page 20
... the Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... the Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. The details of the certificate are displayed in the Embedded Web Server 21 Creating a new ...
Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. The details of the certificate are displayed in the Embedded Web Server 21 Creating a new ...
Embedded Web Server Administrator's Guide
Page 24
... task. After the disk has been encrypted, you will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will be lost. Changing or deleting scheduled disk wiping 1... to schedule additional times for disk wiping. Disk encryption can be returned to the Enable/Disable screen. Using security features in the event your printer-or its hard disk-is stolen. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6...
... task. After the disk has been encrypted, you will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will be lost. Changing or deleting scheduled disk wiping 1... to schedule additional times for disk wiping. Disk encryption can be returned to the Enable/Disable screen. Using security features in the event your printer-or its hard disk-is stolen. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6...
Embedded Web Server Administrator's Guide
Page 25
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on reset, and then return to a device. By default, security logs are valid only if Remote Syslog is chosen, severity levels 0-4 will be...
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will power-on reset, and then return to a device. By default, security logs are valid only if Remote Syslog is chosen, severity levels 0-4 will be...
Embedded Web Server Administrator's Guide
Page 26
... view or save a text file of the destination server. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Note: If using an encrypted link. 8 If your network under Device Credentials. Using security features in to the ... wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: Server certificate validation is port 25. 4 If using a secondary or backup SMTP server, enter the IP ...
... view or save a text file of the destination server. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Note: If using an encrypted link. 8 If your network under Device Credentials. Using security features in to the ... wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: Server certificate validation is port 25. 4 If using a secondary or backup SMTP server, enter the IP ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ... The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or ...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ... The Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c or ...
Embedded Web Server Administrator's Guide
Page 29
... Setup section of the Settings menu in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to print color from a flash drive. Controls the ability to update firmware from a flash drive Controls the ability...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of any installed eSF applications Controls access to the Scan to Fax function Controls the ...
... Setup section of the Settings menu in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to print color from a flash drive. Controls the ability to update firmware from a flash drive Controls the ability...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of any installed eSF applications Controls access to the Scan to Fax function Controls the ...
Embedded Web Server Administrator's Guide
Page 30
...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option Card with...and/or profiles created by LDSS. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel. Controls access to release (print) Held Faxes. When protected, no longer possible to the Network/Ports section of the ...
...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option Card with...and/or profiles created by LDSS. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel. Controls access to release (print) Held Faxes. When protected, no longer possible to the Network/Ports section of the ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31