Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...and Authorization Authentication is the method by which a system securely identifies a user (that is also referred to or stored on the printer, and the information security policies of your organization. Authorization specifies which functions those users are allowed to only those users holding appropriate ... one or more of security might include the location of a printer-to the devices that identifies who you are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ...
...and Authorization Authentication is the method by which a system securely identifies a user (that is also referred to or stored on the printer, and the information security policies of your organization. Authorization specifies which functions those users are allowed to only those users holding appropriate ... one or more of security might include the location of a printer-to the devices that identifies who you are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe ...
Embedded Web Server Administrator's Guide
Page 6
Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Individually, building blocks, groups, and access controls may not meet the needs of device, but those ...
Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Individually, building blocks, groups, and access controls may not meet the needs of device, but those ...
Embedded Web Server Administrator's Guide
Page 9
...external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Each configuration must submit when authenticating. Note: A Search Base consists of LDAP is the node in the LDAP ... 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will be entered, separated by ...
...external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Each configuration must submit when authenticating. Note: A Search Base consists of LDAP is the node in the LDAP ... 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the LDAP server. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will be entered, separated by ...
Embedded Web Server Administrator's Guide
Page 11
...Interface (GSSAPI) instead of simple LDAP authentication because the transmission is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Multiple search bases may... will be performed. • Server Port-The port used for access. This ticket is typically used by selecting Log out on the printer control panel. Each configuration must have a unique name. • As with the LDAP server. Note: A Search Base consists of multiple...
...Interface (GSSAPI) instead of simple LDAP authentication because the transmission is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Multiple search bases may... will be performed. • Server Port-The port used for access. This ticket is typically used by selecting Log out on the printer control panel. Each configuration must have a unique name. • As with the LDAP server. Note: A Search Base consists of multiple...
Embedded Web Server Administrator's Guide
Page 13
... used by selecting Log out on an external server, users will not be used as a krb5.conf file on a supported device, that relies on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can apply to access... file to view the Kerberos configuration file for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to handle all such requests.
... used by selecting Log out on an external server, users will not be used as a krb5.conf file on a supported device, that relies on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can apply to access... file to view the Kerberos configuration file for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to handle all such requests.
Embedded Web Server Administrator's Guide
Page 14
... used by selecting Log out on an external server, users will not be able to access protected device functions in the Embedded Web Server 14 Printer clock settings can be used as needed. 5 To sync to an NTP server rather than manage date and time settings manually, click the Enable ... settings as part of a security template. • As with the KDC system clock. Using security features in the event of an outage that prevents the printer from the Time Zone drop-down list. An administrator can only be registered to Settings ª Security ª Set Date and Time. 2 To manage ...
... used by selecting Log out on an external server, users will not be able to access protected device functions in the Embedded Web Server 14 Printer clock settings can be used as needed. 5 To sync to an NTP server rather than manage date and time settings manually, click the Enable ... settings as part of a security template. • As with the KDC system clock. Using security features in the event of an outage that prevents the printer from the Time Zone drop-down list. An administrator can only be registered to Settings ª Security ª Set Date and Time. 2 To manage ...
Embedded Web Server Administrator's Guide
Page 16
... security can control access to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...Using security features in order to gain access to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
... security can control access to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...Using security features in order to gain access to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... groups to include in order to gain access to securely end each session by the security template. Though the names of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
... groups to include in order to gain access to securely end each session by the security template. Though the names of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use authorization, click Add authorization, and then...
Embedded Web Server Administrator's Guide
Page 18
... configure as needed . Users will delete all authorized users of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you want to protect, select a password or PIN from the drop-down list next to... to devices, Internal Accounts can be created and stored within the Embedded Web Server for that code. Scenario: Standalone or small office If your printer is not in use can be edited. Step One: Set up internal accounts" on the device, regardless of that function, and then click ...
... configure as needed . Users will delete all authorized users of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you want to protect, select a password or PIN from the drop-down list next to... to devices, Internal Accounts can be created and stored within the Embedded Web Server for that code. Scenario: Standalone or small office If your printer is not in use can be edited. Step One: Set up internal accounts" on the device, regardless of that function, and then click ...
Embedded Web Server Administrator's Guide
Page 19
...select multiple groups. 8 Click Save Template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location...of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Step 2: Create a ...
...select multiple groups. 8 Click Save Template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location...of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Step 2: Create a ...
Embedded Web Server Administrator's Guide
Page 20
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... 1 From the Embedded Web Server Home screen, browse to any function controlled by the security template. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use the hostname for the device. • Organization Name...
... 1 From the Embedded Web Server Home screen, browse to any function controlled by the security template. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to use the hostname for the device. • Organization Name...
Embedded Web Server Administrator's Guide
Page 24
... Yes to confirm the action: Contents will appear asking you to proceed with disk wiping and encryption. Using security features in the event your printer-or its hard disk-is stolen. Disk encryption can be returned to confirm. 3 If you have enabled Manual mode and wish to set up... ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will be turned on . Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the...
... Yes to confirm the action: Contents will appear asking you to proceed with disk wiping and encryption. Using security features in the event your printer-or its hard disk-is stolen. Disk encryption can be returned to confirm. 3 If you have enabled Manual mode and wish to set up... ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will be turned on . Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the...
Embedded Web Server Administrator's Guide
Page 25
..., severity levels 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. All events...
..., severity levels 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. All events...
Embedded Web Server Administrator's Guide
Page 26
... verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or... Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. If only one ...
... verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or... Session E-mail address and Password, or Prompt user if authentication is required. 11 If the device must configure them on the printer before timing out. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. If only one ...
Embedded Web Server Administrator's Guide
Page 27
...Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in network management systems to ...Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring...
...Embedded Web server allows administrators to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in network management systems to ...Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring...
Embedded Web Server Administrator's Guide
Page 29
...Scan to Email functions Controls access to the Change Language feature from a flash drive. Firmware files which are denied will be available for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs output in black and white Controls the ability... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
...Scan to Email functions Controls access to the Change Language feature from a flash drive. Firmware files which are denied will be available for your printer. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs output in black and white Controls the ability... access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to print color from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Embedded Web Server Administrator's Guide
Page 30
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Controls access to manage certificates using ... PictBridge capable digital camera. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the printer control panel. Appendix 30 Protects access to release (print) Held Faxes. Controls the ability to the Paper menu from the ...
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. Controls access to manage certificates using ... PictBridge capable digital camera. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the printer control panel. Appendix 30 Protects access to release (print) Held Faxes. Controls the ability to the Paper menu from the ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
