Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... alone or in conjunction with physical security such as Common Access Cards, the printer will no longer be appropriate in a situation in which functions are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that will be used only in...that require a user to be and what they require, while limiting access to sensitive printer functions or outputs to only those users are ). This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's...
... alone or in conjunction with physical security such as Common Access Cards, the printer will no longer be appropriate in a situation in which functions are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that will be used only in...that require a user to be and what they require, while limiting access to sensitive printer functions or outputs to only those users are ). This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's...
Embedded Web Server Administrator's Guide
Page 6
... combined determines the type of security created: Building block Type of a complex security environment. How they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to disable them entirely. Individually, building blocks, groups, and access...
... combined determines the type of security created: Building block Type of a complex security environment. How they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to disable them entirely. Individually, building blocks, groups, and access...
Embedded Web Server Administrator's Guide
Page 9
...setup 1 From the Embedded Web Server Home screen, browse to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of multiple attributes-such as cn (common name), ou (organizational unit), o (... where user accounts reside. Notes: • Supported devices can interact with many different kinds of an outage that relies on the printer control panel. One of the strengths of LDAP is used by the Embedded Web Server to communicate with the authenticating server. •...
...setup 1 From the Embedded Web Server Home screen, browse to each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of multiple attributes-such as cn (common name), ou (organizational unit), o (... where user accounts reside. Notes: • Supported devices can interact with many different kinds of an outage that relies on the printer control panel. One of the strengths of LDAP is used by the Embedded Web Server to communicate with the authenticating server. •...
Embedded Web Server Administrator's Guide
Page 11
... form of authentication that relies on an external server, users will be performed. • Server Port-The port used by selecting Log out on the printer control panel. Each configuration must have a unique name. • As with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely...
... form of authentication that relies on an external server, users will be performed. • Server Port-The port used by selecting Log out on the printer control panel. Each configuration must have a unique name. • As with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely...
Embedded Web Server Administrator's Guide
Page 13
... 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to save the information as a krb5.conf file on the printer control panel. Note: After you click Submit, the Embedded Web Server will not be used by itself for user authentication, Kerberos 5 is most often used..., then the first realm specified will be used as the default realm for authentication. • As with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset ...
... 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to save the information as a krb5.conf file on the printer control panel. Note: After you click Submit, the Embedded Web Server will not be used by itself for user authentication, Kerberos 5 is most often used..., then the first realm specified will be used as the default realm for authentication. • As with any form of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to reset ...
Embedded Web Server Administrator's Guide
Page 14
...in clear text. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Notes: • Entering manual settings automatically disables use the "Install auth keys" link... will require configuration of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • The NTLM building block can store only one used as part of a security template. • As with...
...in clear text. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Notes: • Entering manual settings automatically disables use the "Install auth keys" link... will require configuration of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • The NTLM building block can store only one used as part of a security template. • As with...
Embedded Web Server Administrator's Guide
Page 16
...as needed. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
...as needed. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...
Embedded Web Server Administrator's Guide
Page 17
.... This list will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of up to 128 characters to create a security template. Hold down list next to the name of Access Controls" on...
.... This list will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of up to 128 characters to create a security template. Hold down list next to the name of Access Controls" on...
Embedded Web Server Administrator's Guide
Page 18
...you do not use can access any functions protected by that code. For more information on page 8. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can be protected, and then: 1 From the Embedded Web Server Home screen, browse to ...After creating one is not connected to a network, or you wish to enter the correct code in use; Scenarios Scenario: Printer in a public place If your printer is selected. Step One: Set up internal accounts" on configuring individual user accounts, see the relevant section(s) under "Configuring building...
...you do not use can access any functions protected by that code. For more information on page 8. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can be protected, and then: 1 From the Embedded Web Server Home screen, browse to ...After creating one is not connected to a network, or you wish to enter the correct code in use; Scenarios Scenario: Printer in a public place If your printer is selected. Step One: Set up internal accounts" on configuring individual user accounts, see the relevant section(s) under "Configuring building...
Embedded Web Server Administrator's Guide
Page 19
... can be pulled from the drop-down the Ctrl key to use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 The name of the Kerberos file on the network. It can be helpful to select multiple...
... can be pulled from the drop-down the Ctrl key to use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19 The name of the Kerberos file on the network. It can be helpful to select multiple...
Embedded Web Server Administrator's Guide
Page 20
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... Device Certificate Management. 3 Select a certificate from the list. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate...
... Device Certificate Management. 3 Select a certificate from the list. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate...
Embedded Web Server Administrator's Guide
Page 24
...Single Pass, or Multi-pass for disk wiping. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear in the drop-down menus). • To change ...standard home screen icons such as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Encrypting the hard disk Hard disk ...
...Single Pass, or Multi-pass for disk wiping. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear in the drop-down menus). • To change ...standard home screen icons such as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Encrypting the hard disk Hard disk ...
Embedded Web Server Administrator's Guide
Page 25
... security features in the Admin's e-mail address field, and then choose from the device will be transmitted to a network syslog server for sending E-mail. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. The default value is port...
... security features in the Admin's e-mail address field, and then choose from the device will be transmitted to a network syslog server for sending E-mail. The printer will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. The default value is port...
Embedded Web Server Administrator's Guide
Page 26
... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to each applicable protocol. Note: If using an encrypted link. ...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . The default value is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS (Tunneled ...
... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to each applicable protocol. Note: If using an encrypted link. ...1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . The default value is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS (Tunneled ...
Embedded Web Server Administrator's Guide
Page 27
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c ...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP Version 1, 2c ...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
Embedded Web Server Administrator's Guide
Page 29
...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Controls the ability to... from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some devices as Function Access Controls) may not be ignored (flushed...
...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29 Controls the ability to... from the Bookmark Setup section of the Settings menu in black and white Controls the ability to use the Color Dropout feature for your printer. Appendix Menu of Access Controls Depending on device type and installed options, some devices as Function Access Controls) may not be ignored (flushed...
Embedded Web Server Administrator's Guide
Page 30
... the Paper menu from the Embedded Web Server When disabled, all device settings changes requested by LDSS. Certificate Management is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created ... Settings items of MarkVision Professional). When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server The Solution 1 through a ...
... the Paper menu from the Embedded Web Server When disabled, all device settings changes requested by LDSS. Certificate Management is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created ... Settings items of MarkVision Professional). When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server The Solution 1 through a ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31