Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
..., administrators can be and what they require, while limiting access to sensitive printer functions or outputs to only those users are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that only employees who knows... by the system. Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the document security...
..., administrators can be and what they require, while limiting access to sensitive printer functions or outputs to only those users are available to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that only employees who knows... by the system. Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific functions of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the document security...
Embedded Web Server Administrator's Guide
Page 6
... one or more groups. In order to accommodate users in sales and marketing use color every day. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be able to combine these components in the Embedded Web Server 6 How they are combined determines the type...
... one or more groups. In order to accommodate users in sales and marketing use color every day. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be able to combine these components in the Embedded Web Server 6 How they are combined determines the type...
Embedded Web Server Administrator's Guide
Page 9
...that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None... communicate with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. ...
...that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None... communicate with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. ...
Embedded Web Server Administrator's Guide
Page 11
Each configuration must have a unique name. • As with any form of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI...accounts reside. Notes: • LDAP+GSSAPI requires that relies on an external server, users will not be entered, separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups...
Each configuration must have a unique name. • As with any form of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI...accounts reside. Notes: • LDAP+GSSAPI requires that relies on an external server, users will not be entered, separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups...
Embedded Web Server Administrator's Guide
Page 13
... that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... conjunction with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel.
... that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that... conjunction with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel.
Embedded Web Server Administrator's Guide
Page 14
.... Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from the Time Zone drop-down list. An administrator can store only one used by selecting Log out on... the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on a supported device ...
.... Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the event of an outage that prevents the printer from the Time Zone drop-down list. An administrator can store only one used by selecting Log out on... the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on a supported device ...
Embedded Web Server Administrator's Guide
Page 16
... takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ... require No Security (the default), or to specific device functions using a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
... takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ... require No Security (the default), or to specific device functions using a password or PIN. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 17
... the names of up to 128 characters to create a security template. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... the names of up to 128 characters to create a security template. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
... accounts" on page 7. To delete an individual security template, select it from using it is not in use can be edited. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can assign a single password or PIN for that function, and then click Submit. however... be required to enter the correct code in order to gain access to a function controlled by that code. Scenario: Standalone or small office If your printer is selected.
... accounts" on page 7. To delete an individual security template, select it from using it is not in use can be edited. Scenarios Scenario: Printer in a public place If your printer is that anyone who knows a password or PIN can assign a single password or PIN for that function, and then click Submit. however... be required to enter the correct code in order to gain access to a function controlled by that code. Scenario: Standalone or small office If your printer is selected.
Embedded Web Server Administrator's Guide
Page 19
...On networks running Active Directory, administrators can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. User credentials and group designations can use groups, click Modify Groups, and then ...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as other network services. Users will be helpful to use a descriptive name, such as PINs and Passwords-do not support separate ...
...On networks running Active Directory, administrators can be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. User credentials and group designations can use groups, click Modify Groups, and then ...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as other network services. Users will be helpful to use a descriptive name, such as PINs and Passwords-do not support separate ...
Embedded Web Server Administrator's Guide
Page 20
... the Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... the Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... of the certificate are displayed in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... of the certificate are displayed in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...to browse back to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Disk encryption can be turned on the main Settings screen for Disk Wiping, choose Single Pass, or Multi-pass for ...disk wiping. Once the printer is stolen. This takes approximately one minute. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off...
...to browse back to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Disk encryption can be turned on the main Settings screen for Disk Wiping, choose Single Pass, or Multi-pass for ...disk wiping. Once the printer is stolen. This takes approximately one minute. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off...
Embedded Web Server Administrator's Guide
Page 25
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will be tagged with the same facility code to aid in the Embedded Web Server 25
..., type the IP address or hostname of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will be tagged with the same facility code to aid in the Embedded Web Server 25
Embedded Web Server Administrator's Guide
Page 26
... responses to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication ... Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order...
... responses to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication ... Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order...
Embedded Web Server Administrator's Guide
Page 27
... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to be accepted through 3. Setting up SNMP Simple Network Management Protocol (SNMP... asterisk (*) will be used in network management systems to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings.
... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to be accepted through 3. Setting up SNMP Simple Network Management Protocol (SNMP... asterisk (*) will be used in network management systems to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings.
Embedded Web Server Administrator's Guide
Page 29
... denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their copy jobs output in black and white. Controls the ability to print color from the... this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book...
... denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their copy jobs output in black and white. Controls the ability to print color from the... this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book...
Embedded Web Server Administrator's Guide
Page 30
... remote management tools. The Access Control for each Solution is installed in the device. Protects access to the Paper menu from the printer control panel. This applies only when an Option Card with configuration options is installed in the creation or configuration of the application or...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
... remote management tools. The Access Control for each Solution is installed in the device. Protects access to the Paper menu from the printer control panel. This applies only when an Option Card with configuration options is installed in the creation or configuration of the application or...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31