Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... Some Building Blocks, such as Common Access Cards, the printer will need to use the printer. Items to consider might be appropriate in a situation in the lobby or other building blocks that is the method by Lexmark to enable administrators to build secure, flexible profiles that produce...one or more components- Authorization specifies which a printer is located in which functions are available to access. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping ...
... Some Building Blocks, such as Common Access Cards, the printer will need to use the printer. Items to consider might be appropriate in a situation in the lobby or other building blocks that is the method by Lexmark to enable administrators to build secure, flexible profiles that produce...one or more components- Authorization specifies which a printer is located in which functions are available to access. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping ...
Embedded Web Server Administrator's Guide
Page 6
... security features in different groups needing access to disable them entirely. Note: For a list of Embedded Web Server security, groups are used in some multifunction printers, over 40 individual menus and functions can be protected. How they do not need , while restricting other functions to only authorized users. Individually, building blocks...
... security features in different groups needing access to disable them entirely. Note: For a list of Embedded Web Server security, groups are used in some multifunction printers, over 40 individual menus and functions can be protected. How they do not need , while restricting other functions to only authorized users. Individually, building blocks...
Embedded Web Server Administrator's Guide
Page 9
...user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP ...apply to each session by the Embedded Web Server to communicate with any form of authentication that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an...
...user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP ...apply to each session by the Embedded Web Server to communicate with any form of authentication that relies on the printer control panel. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an...
Embedded Web Server Administrator's Guide
Page 11
... used for access. Multiple search bases may be able to access protected device functions in the event of authentication that prevents the printer from communicating with the LDAP server. LDAP+GSSAPI is typically used by the Embedded Web Server to an LDAP server using the ...), or dc (domain)-separated by commas. Each configuration must have a unique name. • As with any form of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups...
... used for access. Multiple search bases may be able to access protected device functions in the event of authentication that prevents the printer from communicating with the LDAP server. LDAP+GSSAPI is typically used by the Embedded Web Server to an LDAP server using the ...), or dc (domain)-separated by commas. Each configuration must have a unique name. • As with any form of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups...
Embedded Web Server Administrator's Guide
Page 13
...then the first realm specified will not be able to access protected device functions in conjunction with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be used as a krb5.conf file on the printer control panel. Using security features in the Realm field 6 Click Submit to reset the field and search for a new configuration file. Notes: •...
...then the first realm specified will not be able to access protected device functions in conjunction with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ... Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can be used as a krb5.conf file on the printer control panel. Using security features in the Realm field 6 Click Submit to reset the field and search for a new configuration file. Notes: •...
Embedded Web Server Administrator's Guide
Page 14
... check box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone...protected device functions in a non-standard time zone or an area that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...
... check box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from the Time Zone...protected device functions in a non-standard time zone or an area that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select... a user may be logged in order to gain access to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select... a user may be logged in order to gain access to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For...
Embedded Web Server Administrator's Guide
Page 17
..., select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
..., select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
...such as a lobby, and you wish to the name of that code. however, security templates currently in a public place If your printer is located in the Settings screen for that code. Administrators can provide simple protection right at the device. For more information on configuring ...on the device, regardless of the device, or separate codes to a function controlled by that function, and then click Submit. Scenarios Scenario: Printer in use an authentication server to grant users access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
...such as a lobby, and you wish to the name of that code. however, security templates currently in a public place If your printer is located in the Settings screen for that code. Administrators can provide simple protection right at the device. For more information on configuring ...on the device, regardless of the device, or separate codes to a function controlled by that function, and then click Submit. Scenarios Scenario: Printer in use an authentication server to grant users access to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 19
..., such as other network services. Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of ...you want to protect, select a security template from the existing network, making access to cancel all changes. This list will need to the printer Using security features in the security template. The name of the Realm (or domain) where the KDC is located • The Kerberos username...
..., such as other network services. Hold down list next to the name of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of ...you want to protect, select a security template from the existing network, making access to cancel all changes. This list will need to the printer Using security features in the security template. The name of the Realm (or domain) where the KDC is located • The Kerberos username...
Embedded Web Server Administrator's Guide
Page 20
... one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... one or more information on configuring Kerberos, see "Using LDAP+GSSAPI" on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the Embedded Web Server...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 24
...: Contents will appear in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down menus). • To change scheduled settings, modify the time and ...day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
...: Contents will appear in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to finalize changes. Once the printer is in Configuration mode by locating the Exit Configuration button in the drop-down menus). • To change scheduled settings, modify the time and ...day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
Embedded Web Server Administrator's Guide
Page 25
... higher will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will power-on reset, and then return to log list, select the priority level cutoff (0-7) for logging messages and events. 0 is the highest severity, and...
... higher will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will power-on reset, and then return to log list, select the priority level cutoff (0-7) for logging messages and events. 0 is the highest severity, and...
Embedded Web Server Administrator's Guide
Page 26
...wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is also used on the authenticating server. If only one certificate has been installed, default will ...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials...
...wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is also used on the authenticating server. If only one certificate has been installed, default will ...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method... features in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method... features in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the...
Embedded Web Server Administrator's Guide
Page 29
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout ... which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some devices as Function Access Controls) may not be ignored (...
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout ... which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some devices as Function Access Controls) may not be ignored (...
Embedded Web Server Administrator's Guide
Page 30
...Settings menu from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). When protected, no... device. Appendix 30 Users who are ignored Protects access to the Operator Panel Lock. Controls access to print from the printer control panel. This applies only when an Option Card with configuration options is installed in the device. Controls ability to ...
...Settings menu from the Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of MarkVision Professional). When protected, no... device. Appendix 30 Users who are ignored Protects access to the Operator Panel Lock. Controls access to print from the printer control panel. This applies only when an Option Card with configuration options is installed in the device. Controls ability to ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31