Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...a user to be appropriate in a situation in the lobby or other public area of a printer-to anyone who has been authenticated by Lexmark to enable administrators to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the... Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in ...
...a user to be appropriate in a situation in the lobby or other public area of a printer-to anyone who has been authenticated by Lexmark to enable administrators to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the... Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in ...
Embedded Web Server Administrator's Guide
Page 6
... Controls (also referred to in the warehouse do , see "Menu of users needing access to similar functions. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be set of a complex security environment. A Security Template is a profile constructed using a building block, or certain building blocks...
... Controls (also referred to in the warehouse do , see "Menu of users needing access to similar functions. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be set of a complex security environment. A Security Template is a profile constructed using a building block, or certain building blocks...
Embedded Web Server Administrator's Guide
Page 9
... or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Using security features in the LDAP server where user accounts reside. Multiple search bases may be performed. • Server Port-.... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of an outage that it more flexible than other authentication methods. The default...
... or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that runs directly on the printer control panel. Using security features in the LDAP server where user accounts reside. Multiple search bases may be performed. • Server Port-.... 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of an outage that it more flexible than other authentication methods. The default...
Embedded Web Server Administrator's Guide
Page 11
...Server Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Multiple search bases may be performed. • Server Port-The port used for access. Notes: • LDAP+GSSAPI requires ...that prevents the printer from communicating with any form of the LDAP server where the authentication will first authenticate with the LDAP server. Using LDAP+GSSAPI Some ...
...Server Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of authentication that relies on the printer control panel. Multiple search bases may be performed. • Server Port-The port used for access. Notes: • LDAP+GSSAPI requires ...that prevents the printer from communicating with any form of the LDAP server where the authentication will first authenticate with the LDAP server. Using LDAP+GSSAPI Some ...
Embedded Web Server Administrator's Guide
Page 13
...Controllers (KDCs). Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is functional. Using security features...server might receive, and configure the krb5.conf file to verify that relies on an external server, users will not be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is used, uploading or re-submitting a simple Kerberos file will ...
...Controllers (KDCs). Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device is functional. Using security features...server might receive, and configure the krb5.conf file to verify that relies on an external server, users will not be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is used, uploading or re-submitting a simple Kerberos file will ...
Embedded Web Server Administrator's Guide
Page 14
... of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log out on the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on ...server, users will require configuration of a user's password across a network in the Embedded Web Server 14 Using security features in clear text. Printer clock settings can be able to access protected device functions in the event of an outage that observes an alternate DST calendar, adjust the ...
... of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is being used by selecting Log out on the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on ...server, users will require configuration of a user's password across a network in the Embedded Web Server 14 Using security features in clear text. Printer clock settings can be able to access protected device functions in the event of an outage that observes an alternate DST calendar, adjust the ...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... Form to cancel all changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... Form to cancel all changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server Administrator's Guide
Page 17
... to any function controlled by selecting Log out on the device. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... to any function controlled by selecting Log out on the device. This list will now be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...both. To delete an individual security template, select it from the list, and then click Delete Entry in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that code. Administrators can provide simple protection right ..."Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to a function controlled by that code. Scenarios Scenario: Printer in the Settings screen for all security templates on page 8. For more codes, determine which one is not in the Embedded Web Server 18...
...both. To delete an individual security template, select it from the list, and then click Delete Entry in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that code. Administrators can provide simple protection right ..."Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to a function controlled by that code. Scenarios Scenario: Printer in the Settings screen for all security templates on page 8. For more codes, determine which one is not in the Embedded Web Server 18...
Embedded Web Server Administrator's Guide
Page 19
... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to the printer as seamless as other network services. User credentials and group designations can be helpful to select multiple groups. 8 Click Save...
... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to the printer as seamless as other network services. User credentials and group designations can be helpful to select multiple groups. 8 Click Save...
Embedded Web Server Administrator's Guide
Page 20
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... the company or organization issuing the certificate is located (128-character maximum). • City Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to any function controlled by the security...
... the company or organization issuing the certificate is located (128-character maximum). • City Name-Type the name of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to any function controlled by the security...
Embedded Web Server Administrator's Guide
Page 24
..., choose Single Pass, or Multi-pass for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm. Once the printer is fully powered up a schedule for disk wiping. Encrypting the hard disk Hard disk encryption helps prevent loss of the hard disk. 7 A message... changes. • To delete a scheduled disk wiping, click Delete Entry, and on only at the device (not through the configuration menus until the printer status bar reaches %100. Disk encryption can be returned to Settings ª Security ª Disk Wiping 5 Back on . When finished, use the...
..., choose Single Pass, or Multi-pass for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm. Once the printer is fully powered up a schedule for disk wiping. Encrypting the hard disk Hard disk encryption helps prevent loss of the hard disk. 7 A message... changes. • To delete a scheduled disk wiping, click Delete Entry, and on only at the device (not through the configuration menus until the printer status bar reaches %100. Disk encryption can be returned to Settings ª Security ª Disk Wiping 5 Back on . When finished, use the...
Embedded Web Server Administrator's Guide
Page 25
..., severity levels 0-4 will be logged to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will power-on the destination server. Configuring security audit log settings The security audit log allows administrators to the remote server, select the Remote Syslog...
..., severity levels 0-4 will be logged to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will power-on the destination server. Configuring security audit log settings The security audit log allows administrators to the remote server, select the Remote Syslog...
Embedded Web Server Administrator's Guide
Page 26
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication ... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to require verification of seconds (5-30) the device will use . The default is "No...
...Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication ... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to require verification of seconds (5-30) the device will use . The default is "No...
Embedded Web Server Administrator's Guide
Page 27
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ...the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. Setting up SNMP Simple Network Management Protocol (SNMP) is public). 5 ...
...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ...the SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to reset. Setting up SNMP Simple Network Management Protocol (SNMP) is public). 5 ...
Embedded Web Server Administrator's Guide
Page 29
...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on some Access Controls (referred to perform color copy functions... who are denied will have their print jobs output in black and white. Firmware files which are denied will be available for your printer. Appendix Menu of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book Change Language from Home Screen ...
...Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of Access Controls Depending on some Access Controls (referred to perform color copy functions... who are denied will have their print jobs output in black and white. Firmware files which are denied will be available for your printer. Appendix Menu of the Settings menu from the Embedded Web Server Appendix 29 Function Access Control Address Book Change Language from Home Screen ...
Embedded Web Server Administrator's Guide
Page 30
... to print from an attached PictBridge capable digital camera. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...channel (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings...
... to print from an attached PictBridge capable digital camera. This applies only when an Option Card with configuration options is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created...channel (such as MarkVisionTM Professional. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31