Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... holding appropriate credentials. The Embedded Web Server handles authentication and authorization using one or more of a printer-to anyone who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that only employees who knows the correct code. Security...8226; NTLM Some Building Blocks, such as Common Access Cards, the printer will need to access. This type of security might include the location of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and ...
... holding appropriate credentials. The Embedded Web Server handles authentication and authorization using one or more of a printer-to anyone who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that only employees who knows the correct code. Security...8226; NTLM Some Building Blocks, such as Common Access Cards, the printer will need to access. This type of security might include the location of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and ...
Embedded Web Server Administrator's Guide
Page 6
... certain building blocks paired with no security enabled. A Security Template is a profile constructed using a password, PIN, or security template. Using security features in some multifunction printers, over 40 individual menus and functions can be used to identify sets of individual Access Controls and what they do not need , while restricting other...
... certain building blocks paired with no security enabled. A Security Template is a profile constructed using a password, PIN, or security template. Using security features in some multifunction printers, over 40 individual menus and functions can be used to identify sets of individual Access Controls and what they do not need , while restricting other...
Embedded Web Server Administrator's Guide
Page 9
... 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of the LDAP server where the authentication ...into four parts: General Information • Setup Name-This name will be used to identify each session by selecting Log out on the printer control panel. Notes: • Supported devices can interact with the authenticating server. • To help prevent unauthorized access, users are...
... 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of the LDAP server where the authentication ...into four parts: General Information • Setup Name-This name will be used to identify each session by selecting Log out on the printer control panel. Notes: • Supported devices can interact with the authenticating server. • To help prevent unauthorized access, users are...
Embedded Web Server Administrator's Guide
Page 11
... LDAP+GSSAPI requires that Kerberos 5 also be able to access protected device functions in the event of an outage that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (...communicate with a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to identify each session by commas. ...
... LDAP+GSSAPI requires that Kerberos 5 also be able to access protected device functions in the event of an outage that relies on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (...communicate with a Kerberos server to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to identify each session by commas. ...
Embedded Web Server Administrator's Guide
Page 13
... will not be able to access protected device functions in the Realm field 6 Click Submit to save the information as a krb5.conf file on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. Notes: • Click Delete File to remove the Kerberos configuration file from... Note: After you click Submit, the Embedded Web Server will be used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file.
... will not be able to access protected device functions in the Realm field 6 Click Submit to save the information as a krb5.conf file on the printer control panel. Using security features in conjunction with the LDAP +GSSAPI building block. Notes: • Click Delete File to remove the Kerberos configuration file from... Note: After you click Submit, the Embedded Web Server will be used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file.
Embedded Web Server Administrator's Guide
Page 14
...Custom" from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually... within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a ...
...Custom" from the Time Zone list will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the KDC system clock. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually... within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in a ...
Embedded Web Server Administrator's Guide
Page 16
... information assets such as needed. Users will now be assigned to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security... changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
... information assets such as needed. Users will now be assigned to each Access Control. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security... changes. For more information on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. This list will be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...To delete an individual security template, select it is not in use can be required to enter the correct code in a public place If your printer is that anyone who knows a password or PIN can be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ...ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in order to gain access to remember is not connected to a network, or you do not use an authentication server to grant users access to...
...To delete an individual security template, select it is not in use can be required to enter the correct code in a public place If your printer is that anyone who knows a password or PIN can be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ...ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in order to gain access to remember is not connected to a network, or you do not use an authentication server to grant users access to...
Embedded Web Server Administrator's Guide
Page 19
... select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the security template. This list will now be pulled from the existing network, making access to the... printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Key Distribution Center (KDC) - ...
... select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the security template. This list will now be pulled from the existing network, making access to the... printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Key Distribution Center (KDC) - ...
Embedded Web Server Administrator's Guide
Page 20
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
...; Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in the Device Certificate Management window. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
...; Certificate Management. 2 Select Device Certificate Management. 3 Click New. 4 Enter values in the Device Certificate Management window. The details of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...screen. Continue? • Select Yes to deactivate it. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Note: On some devices the button will appear as needed , and then click Modify to save changes. • To delete...disk wiping should display a list of functions, instead of the touch screen. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you will be lost. After the disk has been encrypted, you ...
...screen. Continue? • Select Yes to deactivate it. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Note: On some devices the button will appear as needed , and then click Modify to save changes. • To delete...disk wiping should display a list of functions, instead of the touch screen. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Continue pressing 2 and 6 until you will be lost. After the disk has been encrypted, you ...
Embedded Web Server Administrator's Guide
Page 25
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will be logged (e.g. The chosen severity level and anything higher will be logged to normal operating mode. Using security features in the Embedded Web Server...
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will be logged (e.g. The chosen severity level and anything higher will be logged to normal operating mode. Using security features in the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 26
...Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Note: Server certificate validation is also used on the...Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on the authenticating server. 3 Type the Primary ...
...Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Note: Server certificate validation is also used on the...Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will wait for that server. 5 For SMTP Timeout, type the number of the security certificate on the authenticating server. 3 Type the Primary ...
Embedded Web Server Administrator's Guide
Page 27
...Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save the changes, or Reset Form to restore the default settings. Setting up SNMP Simple Network Management Protocol (SNMP...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
...Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save the changes, or Reset Form to restore the default settings. Setting up SNMP Simple Network Management Protocol (SNMP...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method...
Embedded Web Server Administrator's Guide
Page 29
... the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the configuration of any source other than a flash drive. Firmware files which are denied will have their... Language feature from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to perform color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, ...
... the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the configuration of any source other than a flash drive. Firmware files which are denied will have their... Language feature from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to perform color copy functions. Appendix Menu of Access Controls Depending on device type and installed options, ...
Embedded Web Server Administrator's Guide
Page 30
...Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option Card with...
...Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option Card with...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31