Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...soft configuration features alone or in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as Common Access Cards, the printer will be identified, or both identified and authorized. The Embedded Web Server handles authentication and authorization using one or more of the ... specific functions of the printer and whether non-authorized persons have access to that area, sensitive documents that will no longer be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality ...
...soft configuration features alone or in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as Common Access Cards, the printer will be identified, or both identified and authorized. The Embedded Web Server handles authentication and authorization using one or more of the ... specific functions of the printer and whether non-authorized persons have access to that area, sensitive documents that will no longer be used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality ...
Embedded Web Server Administrator's Guide
Page 6
... makes sense to only authorized users. Access Controls By default, all users the functions they need to be protected. Using security features in some multifunction printers, over 40 individual menus and functions can be used in some devices as PIN-protected access to create very specific profiles-or roles-for only...
... makes sense to only authorized users. Access Controls By default, all users the functions they need to be protected. Using security features in some multifunction printers, over 40 individual menus and functions can be used in some devices as PIN-protected access to create very specific profiles-or roles-for only...
Embedded Web Server Administrator's Guide
Page 9
... information directory. Each configuration must have a unique name. • Administrators can create up to 32 user-defined groups that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure ...; Supported devices can interact with many different kinds of five unique LDAP configurations. One of the strengths of LDAP is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting ...
... information directory. Each configuration must have a unique name. • Administrators can create up to 32 user-defined groups that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure ...; Supported devices can interact with many different kinds of five unique LDAP configurations. One of the strengths of LDAP is that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting ...
Embedded Web Server Administrator's Guide
Page 11
...attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ... of authentication that Kerberos 5 also be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP ...
...attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security ... of authentication that Kerberos 5 also be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP ...
Embedded Web Server Administrator's Guide
Page 13
Notes: • Because only one Kerberos configuration file (krb5.conf) can apply to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset ... file. While only one krb5.conf file is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel. An administrator must thus anticipate the different types of an outage that it can specify a default realm. Uploading a Kerberos configuration file 1 From ...
Notes: • Because only one Kerberos configuration file (krb5.conf) can apply to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset ... file. While only one krb5.conf file is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel. An administrator must thus anticipate the different types of an outage that it can specify a default realm. Uploading a Kerberos configuration file 1 From ...
Embedded Web Server Administrator's Guide
Page 14
... drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a..., or Reset Form to automatically sync with the NTLM domain. • The NTLM building block cannot be in the Embedded Web Server 14 Printer clock settings can only be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from communicating with the...
... drop-down list. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a..., or Reset Form to automatically sync with the NTLM domain. • The NTLM building block cannot be in the Embedded Web Server 14 Printer clock settings can only be updated manually, or set to use of NTP. • Choosing "(UTC+user) Custom" from communicating with the...
Embedded Web Server Administrator's Guide
Page 16
...Access Control), can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... 4 Click Submit to save changes, or Reset Form to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
...Access Control), can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... 4 Click Submit to save changes, or Reset Form to any of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls...
Embedded Web Server Administrator's Guide
Page 17
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in the security template. This list will be populated...
... Groups, and then select one or more groups to include in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in the security template. This list will be populated...
Embedded Web Server Administrator's Guide
Page 18
..., and then click Delete Entry in order to gain access to a function controlled by that code. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can be created... and stored within the Embedded Web Server for all security templates on page 7. Scenarios Scenario: Printer in use can assign a single password or PIN for authentication, authorization, or both. The key to remember is not in a public place If...
..., and then click Delete Entry in order to gain access to a function controlled by that code. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can be created... and stored within the Embedded Web Server for all security templates on page 7. Scenarios Scenario: Printer in use can assign a single password or PIN for authentication, authorization, or both. The key to remember is not in a public place If...
Embedded Web Server Administrator's Guide
Page 19
... Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with... the device. 6 To use groups, click Modify Groups, and then select one or more groups to include in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...
... Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with... the device. 6 To use groups, click Modify Groups, and then select one or more groups to include in order to gain access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •...
Embedded Web Server Administrator's Guide
Page 20
... the Embedded Web Server 20 For more information on configuring LDAP+GSSAPI, see"Using LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list.
... the Embedded Web Server 20 For more information on configuring LDAP+GSSAPI, see"Using LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to your LDAP+GSSAPI Group Names list.
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security...
Embedded Web Server Administrator's Guide
Page 24
...Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will indicate the progress of the touch screen. Once the printer is stolen. Encryption takes approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server).... 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. Note: On some devices the button will...
...Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will indicate the progress of the touch screen. Once the printer is stolen. Encryption takes approximately two minutes, and a status bar will appear in the drop-down arrow to scroll through the Embedded Web Server).... 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. Note: On some devices the button will...
Embedded Web Server Administrator's Guide
Page 25
...: E-mail log cleared alert-When the Delete Log button is clicked E-mail log wrapped alert-When the log becomes full and begins to a device. The printer will use E-mail alerts, you must be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on...
...: E-mail log cleared alert-When the Delete Log button is clicked E-mail log wrapped alert-When the log becomes full and begins to a device. The printer will use E-mail alerts, you must be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on...
Embedded Web Server Administrator's Guide
Page 26
... E-mail address and Password, or Prompt user if authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in order to specify whether E-mail will wait for your SMTP server requires user credentials, select an authentication method from the SMTP...verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to the...
... E-mail address and Password, or Prompt user if authentication is 30 seconds. 6 To receive responses to messages sent from the printer (in order to specify whether E-mail will wait for your SMTP server requires user credentials, select an authentication method from the SMTP...verification of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to the...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
Embedded Web Server Administrator's Guide
Page 29
... Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their print jobs output in the Embedded Web Server Controls... to the Scan to Email function Controls access to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from any installed eSF applications Controls access to the Scan to...
... Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will have their print jobs output in the Embedded Web Server Controls... to the Scan to Email function Controls access to the configuration of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from any installed eSF applications Controls access to the Scan to...
Embedded Web Server Administrator's Guide
Page 30
... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 ...properly configured installation of MarkVision Professional). When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings...
... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 ...properly configured installation of MarkVision Professional). When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31