Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... PINs are ). Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are able to provide... building blocks that identifies who has been authenticated by simply limiting access to a printer-or specific functions of your organization. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in...
... PINs are ). Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that will be and what they require, while limiting access to sensitive printer functions or outputs to only those users are able to provide... building blocks that identifies who has been authenticated by simply limiting access to a printer-or specific functions of your organization. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in...
Embedded Web Server Administrator's Guide
Page 6
... that can be set of functions that give all device menus, settings, and functions come with no security enabled. Using security features in some multifunction printers, over 40 individual menus and functions can be used in some devices as PIN-protected access to common device functions, while others require tighter security...
... that can be set of functions that give all device menus, settings, and functions come with no security enabled. Using security features in some multifunction printers, over 40 individual menus and functions can be used in some devices as PIN-protected access to common device functions, while others require tighter security...
Embedded Web Server Administrator's Guide
Page 9
... be entered, separated by commas. Notes: • Supported devices can interact with the LDAP server. The default LDAP port is that runs directly on the printer control panel. Multiple search bases may be able to access protected device functions in the event of an outage that prevents the... printer from communicating with any form of five unique LDAP configurations. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ...
... be entered, separated by commas. Notes: • Supported devices can interact with the LDAP server. The default LDAP port is that runs directly on the printer control panel. Multiple search bases may be able to access protected device functions in the event of an outage that prevents the... printer from communicating with any form of five unique LDAP configurations. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ...
Embedded Web Server Administrator's Guide
Page 11
...or the Host Name of the LDAP server where the authentication will be entered, separated by commas. Instead of authentication that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (... that Kerberos 5 also be performed. • Server Port-The port used by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to access protected device functions in the event of simple LDAP authentication because the transmission is typically used to identify...
...or the Host Name of the LDAP server where the authentication will be entered, separated by commas. Instead of authentication that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (... that Kerberos 5 also be performed. • Server Port-The port used by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with a Kerberos server to access protected device functions in the event of simple LDAP authentication because the transmission is typically used to identify...
Embedded Web Server Administrator's Guide
Page 13
....conf file on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... configuration file for the selected device is functional. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to reset the field and search for...
....conf file on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... configuration file for the selected device is functional. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to reset the field and search for...
Embedded Web Server Administrator's Guide
Page 14
...servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users...Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Printer clock settings can be updated manually, or set to use of the NTP Server. 6 If the NTP server requires authentication, ...
...servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users...Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Printer clock settings can be updated manually, or set to use of the NTP Server. 6 If the NTP server requires authentication, ...
Embedded Web Server Administrator's Guide
Page 16
...user may be assigned to cancel all changes. For simple authorization-level security (in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...
...user may be assigned to cancel all changes. For simple authorization-level security (in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...Controls, select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...
Embedded Web Server Administrator's Guide
Page 17
... _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
.... 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Using security features in a public place If your printer is that anyone who knows a password or PIN can be edited. For more information on configuring individual user accounts, see the relevant section(s) ...Accounts, and configure as needed . however, security templates currently in use can access any functions protected by that code. Scenarios Scenario: Printer in the Embedded Web Server 18 Notes: • Clicking Delete List will now be required to enter the correct code in the ...
.... 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Using security features in a public place If your printer is that anyone who knows a password or PIN can be edited. For more information on configuring individual user accounts, see the relevant section(s) ...Accounts, and configure as needed . however, security templates currently in use can access any functions protected by that code. Scenarios Scenario: Printer in the Embedded Web Server 18 Notes: • Clicking Delete List will now be required to enter the correct code in the ...
Embedded Web Server Administrator's Guide
Page 19
...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ...
...Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block... the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ...
Embedded Web Server Administrator's Guide
Page 20
For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... all changes. The details of that conforms to RFC 2459. 3 For each function you want to protect, select the newly created security template from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the Embedded Web Server...
... all changes. The details of that conforms to RFC 2459. 3 For each function you want to protect, select the newly created security template from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 24
...Continue? • Select Yes to the Enable/Disable screen. Repeat as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Continue pressing 2 and 6 until ..., modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
...Continue? • Select Yes to the Enable/Disable screen. Repeat as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Continue pressing 2 and 6 until ..., modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit ...
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on the destination server. By default, security logs are stored on the device, but may also be transmitted to a network syslog server for ...
The printer will power-on the destination server. By default, security logs are stored on the device, but may also be transmitted to a network syslog server for ...
Embedded Web Server Administrator's Guide
Page 26
... Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to require verification of the security certificate on the authenticating server. The default value is...the Device-Initiated E-mail list, select None for no authentication, or Use Device SMTP Credentials if authentication is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 10 From the...
... Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to require verification of the security certificate on the authenticating server. The default value is...the Device-Initiated E-mail list, select None for no authentication, or Use Device SMTP Credentials if authentication is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 10 From the...
Embedded Web Server Administrator's Guide
Page 27
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
Embedded Web Server Administrator's Guide
Page 29
...files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will be available for...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Appendix Menu of Access Controls Depending on device type and ...
...files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will be available for...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Appendix Menu of Access Controls Depending on device type and ...
Embedded Web Server Administrator's Guide
Page 30
... Solution 1-10 What it is installed in the creation or configuration of MarkVision Professional). Controls access to the Paper menu from the printer control panel. Protects access to the Option Card Configuration section of the Settings menu from the Embedded Web Server. When disabled, it... Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to manage certificates using remote management tools. Appendix 30 This applies only when an Option Card with configuration...
... Solution 1-10 What it is installed in the creation or configuration of MarkVision Professional). Controls access to the Paper menu from the printer control panel. Protects access to the Option Card Configuration section of the Settings menu from the Embedded Web Server. When disabled, it... Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to manage certificates using remote management tools. Appendix 30 This applies only when an Option Card with configuration...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31