Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...the devices that is allowed to use Embedded Web Server Security Templates to control access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded ..., or both identified and authorized. Authentication, Authorization, and Groups-to define who knows the correct code. Authorization specifies which a printer is also referred to only those users are available to access. This set of authorized functions is located in conjunction with LDAP+GSSAPI...
...the devices that is allowed to use Embedded Web Server Security Templates to control access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded ..., or both identified and authorized. Authentication, Authorization, and Groups-to define who knows the correct code. Authorization specifies which a printer is also referred to only those users are available to access. This set of authorized functions is located in conjunction with LDAP+GSSAPI...
Embedded Web Server Administrator's Guide
Page 6
... "Menu of functions that give all device menus, settings, and functions come with one or more groups. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used to manage access to specific menus and functions or to disable them entirely. Access controls can...
... "Menu of functions that give all device menus, settings, and functions come with one or more groups. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be used to manage access to specific menus and functions or to disable them entirely. Access controls can...
Embedded Web Server Administrator's Guide
Page 9
... LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. One of the strengths of LDAP is that it more flexible than other authentication methods. The default LDAP port... a maximum of five unique LDAP configurations. Specifying settings for internal accounts Settings selected in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...
... LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. One of the strengths of LDAP is that it more flexible than other authentication methods. The default LDAP port... a maximum of five unique LDAP configurations. Specifying settings for internal accounts Settings selected in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...
Embedded Web Server Administrator's Guide
Page 11
... Generic Security Services Application Programming Interface (GSSAPI) instead of the LDAP server where the authentication will be entered, separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under... protocol for networks running Active Directory. Using security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to test.
... Generic Security Services Application Programming Interface (GSSAPI) instead of the LDAP server where the authentication will be entered, separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under... protocol for networks running Active Directory. Using security features in the LDAP server where user accounts reside. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to test.
Embedded Web Server Administrator's Guide
Page 13
... to reset the fields and start again. Note: After you click Submit, the Embedded Web Server will be used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 ... the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
... to reset the fields and start again. Note: After you click Submit, the Embedded Web Server will be used as a krb5.conf file on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 ... the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
Embedded Web Server Administrator's Guide
Page 14
... adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be in sync or closely aligned with the KDC system clock. An administrator can store only one used...LAN Manager) is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in the Embedded Web Server 14 Printer clock settings can be used as needed. 5 To sync to an NTP server rather than manage date and time settings manually, click the Enable NTP...
... adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be in sync or closely aligned with the KDC system clock. An administrator can store only one used...LAN Manager) is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in the Embedded Web Server 14 Printer clock settings can be used as needed. 5 To sync to an NTP server rather than manage date and time settings manually, click the Enable NTP...
Embedded Web Server Administrator's Guide
Page 16
...Specify the duration of lockout. • Panel Login Timeout-Specify how long a user may be logged in the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...the name of that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
...Specify the duration of lockout. • Panel Login Timeout-Specify how long a user may be logged in the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...the name of that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... name of Access Controls" on the device. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... name of Access Controls" on the device. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is selected. The key to remember is that anyone who knows a password or PIN can provide simple protection right at the device. Using security features ... up individual user accounts 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenario: Standalone or small office If your printer is not in use an authentication server to grant users access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
... a public place If your printer is selected. The key to remember is that anyone who knows a password or PIN can provide simple protection right at the device. Using security features ... up individual user accounts 1 From the Embedded Web Server Home screen, browse to the name of that code. Scenario: Standalone or small office If your printer is not in use an authentication server to grant users access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either...
Embedded Web Server Administrator's Guide
Page 19
This list will now be required to enter the appropriate credentials in order to gain access to the printer as seamless as other network services. Scenario: Network running Active Directory On networks running Active Directory, administrators can use ...Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Note: Certain building blocks-such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From ...
This list will now be required to enter the appropriate credentials in order to gain access to the printer as seamless as other network services. Scenario: Network running Active Directory On networks running Active Directory, administrators can use ...Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Note: Certain building blocks-such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From ...
Embedded Web Server Administrator's Guide
Page 20
... Home screen, browse to select multiple groups. 8 Click Save Template. Using security features in step 1. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Home screen, browse to select multiple groups. 8 Click Save Template. Using security features in step 1. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
... encryption, or Disable to deactivate it. This takes approximately one minute. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Encryption takes approximately two minutes, and a status bar will be turned on . Disk encryption can ...disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Repeat as needed to finalize changes. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when ...
... encryption, or Disable to deactivate it. This takes approximately one minute. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Encryption takes approximately two minutes, and a status bar will be turned on . Disk encryption can ...disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Repeat as needed to finalize changes. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when ...
Embedded Web Server Administrator's Guide
Page 25
... Server. 2 Under SMTP Setup, type the IP address or hostname of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are...
... Server. 2 Under SMTP Setup, type the IP address or hostname of the Remote Syslog Server, and then select the Enable Remote Syslog check box. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are...
Embedded Web Server Administrator's Guide
Page 26
... 5 For SMTP Timeout, type the number of the destination server. Note: Server certificate validation is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to TLS... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, ...
... 5 For SMTP Timeout, type the number of the destination server. Note: Server certificate validation is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is integral to TLS... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, ...
Embedded Web Server Administrator's Guide
Page 27
...for the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To allow remote installation...SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
...for the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To allow remote installation...SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
Embedded Web Server Administrator's Guide
Page 29
... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents... to create new profiles Controls access to the Scan to Email function Controls access to the configuration of the Settings menu on the printer control panel Protects access to update firmware from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the ...
... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents... to create new profiles Controls access to the Scan to Email function Controls access to the configuration of the Settings menu on the printer control panel Protects access to update firmware from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the ...
Embedded Web Server Administrator's Guide
Page 30
...Card Configuration section of the application or profile. When disabled, all network adaptor NPA settings change commands are ignored Protects access to printer settings and functions by LDSS. Appendix 30 When protected, no longer possible to installed eSF applications and/or profiles created by ...remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes ...
...Card Configuration section of the application or profile. When disabled, all network adaptor NPA settings change commands are ignored Protects access to printer settings and functions by LDSS. Appendix 30 When protected, no longer possible to installed eSF applications and/or profiles created by ...remote management tools such as that provided by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31