Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...as Common Access Cards, the printer will no longer be sent to or stored on the printer, and the information security policies of a printer-to anyone who knows the correct code. This set of security features available in the Lexmark Embedded Web Server represents an ... new tool developed by the system. Authorization specifies which a system securely identifies a user (that identifies who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. The Embedded Web Server handles authentication ...
...as Common Access Cards, the printer will no longer be sent to or stored on the printer, and the information security policies of a printer-to anyone who knows the correct code. This set of security features available in the Lexmark Embedded Web Server represents an ... new tool developed by the system. Authorization specifies which a system securely identifies a user (that identifies who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. The Embedded Web Server handles authentication ...
Embedded Web Server Administrator's Guide
Page 6
... security templates, allowing administrators to create very specific profiles-or roles-for only basic security such as "Function Access Controls"), are used in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to create a "Warehouse" group, and a "Sales and Marketing" group...
... security templates, allowing administrators to create very specific profiles-or roles-for only basic security such as "Function Access Controls"), are used in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to create a "Warehouse" group, and a "Sales and Marketing" group...
Embedded Web Server Administrator's Guide
Page 9
...out on an external server, users will not be entered, separated by commas. One of the strengths of an outage that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...by the Embedded Web Server to securely end each unique LDAP configuration. • As with many different kinds of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. Note:...
...out on an external server, users will not be entered, separated by commas. One of the strengths of an outage that relies on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...by the Embedded Web Server to securely end each unique LDAP configuration. • As with many different kinds of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. Note:...
Embedded Web Server Administrator's Guide
Page 11
...administrators prefer authenticating to access protected device functions in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (...directly with the LDAP server, the user will not be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to obtain a Kerberos "ticket." LDAP+GSSAPI is...
...administrators prefer authenticating to access protected device functions in the Embedded Web Server 11 Notes: • LDAP+GSSAPI requires that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (...directly with the LDAP server, the user will not be configured. • Supported devices can store a maximum of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to obtain a Kerberos "ticket." LDAP+GSSAPI is...
Embedded Web Server Administrator's Guide
Page 13
...relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test ...to handle all such requests. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used as a krb5.conf file on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups....
...relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test ...to handle all such requests. Notes: • Because only one Kerberos configuration file (krb5.conf) can be used as a krb5.conf file on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups....
Embedded Web Server Administrator's Guide
Page 14
... device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain. Printer clock settings can be used by selecting Log out on an external server, users will require configuration of additional settings under Custom Time ...users are located in a non-standard time zone or an area that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a...
... device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain. Printer clock settings can be used by selecting Log out on an external server, users will require configuration of additional settings under Custom Time ...users are located in a non-standard time zone or an area that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a...
Embedded Web Server Administrator's Guide
Page 16
.... For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit...building block (or blocks), appropriate for your environment, and configure as workstations and servers. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ...
.... For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit...building block (or blocks), appropriate for your environment, and configure as workstations and servers. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª ...
Embedded Web Server Administrator's Guide
Page 17
... users. Users will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... users. Users will be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
... Administrators can access any functions protected by that function, and then click Submit. For more information on page 8. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...Clicking Delete List will now be required to enter the correct code in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is selected. For more codes, determine which device functions need to be protected, and then: 1 From the Embedded Web Server Home screen, ...
... Administrators can access any functions protected by that function, and then click Submit. For more information on page 8. Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name...Clicking Delete List will now be required to enter the correct code in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is selected. For more codes, determine which device functions need to be protected, and then: 1 From the Embedded Web Server Home screen, ...
Embedded Web Server Administrator's Guide
Page 19
... function you will now be populated with the authentication building blocks which have been configured on the device. This list will be required to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Key Distribution Center... template. The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to cancel all changes.
... function you will now be populated with the authentication building blocks which have been configured on the device. This list will be required to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Key Distribution Center... template. The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to cancel all changes.
Embedded Web Server Administrator's Guide
Page 20
... 20 Using security features in your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to select multiple groups. 8 Click Save Template. Step 3: Configure LDAP+GSSAPI Settings...
... 20 Using security features in your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on the LDAP server which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to select multiple groups. 8 Click Save Template. Step 3: Configure LDAP+GSSAPI Settings...
Embedded Web Server Administrator's Guide
Page 21
... Management. 3 Click New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to help ensure the...
... Management. 3 Click New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to help ensure the...
Embedded Web Server Administrator's Guide
Page 24
... 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping... No to cancel and return to confirm the action: Contents will appear in the drop-down arrow to scroll through the configuration menus until the printer status bar reaches %100. Disk encryption can be lost. After the disk has been encrypted, you see the Disk Encryption menu selection. 5 ...
... 4 Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is stolen. Once the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to designate when disk wiping... No to cancel and return to confirm the action: Contents will appear in the drop-down arrow to scroll through the configuration menus until the printer status bar reaches %100. Disk encryption can be lost. After the disk has been encrypted, you see the Disk Encryption menu selection. 5 ...
Embedded Web Server Administrator's Guide
Page 25
... values. if level "4 - By default, security logs are changed alert-When log settings are stored on reset, and then return to normal operating mode. The printer will power-on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home...
... values. if level "4 - By default, security logs are changed alert-When log settings are stored on reset, and then return to normal operating mode. The printer will power-on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home...
Embedded Web Server Administrator's Guide
Page 26
...them on wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use to log in the Embedded Web Server 26 Viewing or deleting the security audit log • To view or save a text ...file of the destination server. Note: Server certificate validation is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the current syslog...
...them on wired networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use to log in the Embedded Web Server 26 Viewing or deleting the security audit log • To view or save a text ...file of the destination server. Note: Server certificate validation is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the current syslog...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management ...Protocol (SNMP) is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*) ...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management ...Protocol (SNMP) is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*) ...
Embedded Web Server Administrator's Guide
Page 29
... are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the...Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the printer control panel Controls the ability to use the Copy function Controls the ability to create ...
... are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the...Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the printer control panel Controls the ability to use the Copy function Controls the ability to create ...
Embedded Web Server Administrator's Guide
Page 30
... Option Card Configuration item of the Settings menu from the Embedded Web Server. Controls ability to the operations available from the printer control panel and Embedded Web Server. Certificate Management is limited to print from an attached PictBridge capable digital camera. The Access... Web Server When disabled, all device settings changes requested by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Users who are ignored. Protects access to manage certificates using remote management tools. When protected, no longer...
... Option Card Configuration item of the Settings menu from the Embedded Web Server. Controls ability to the operations available from the printer control panel and Embedded Web Server. Certificate Management is limited to print from an attached PictBridge capable digital camera. The Access... Web Server When disabled, all device settings changes requested by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Users who are ignored. Protects access to manage certificates using remote management tools. When protected, no longer...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31