Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the lobby or other building blocks that require a user to be identified, or both identified and authorized. Before configuring printer security, it can not be individually identified, passwords...
... The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the lobby or other building blocks that require a user to be identified, or both identified and authorized. Before configuring printer security, it can not be individually identified, passwords...
Embedded Web Server Administrator's Guide
Page 6
... building blocks. In this scenario, it makes sense to combine these components in the Embedded Web Server 6 Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be able to create a "Warehouse" group, and a "Sales and Marketing" group. Access controls can be controlled varies depending...
... building blocks. In this scenario, it makes sense to combine these components in the Embedded Web Server 6 Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be able to create a "Warehouse" group, and a "Sales and Marketing" group. Access controls can be controlled varies depending...
Embedded Web Server Administrator's Guide
Page 9
...on an external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used by selecting Log out on top of the TCP.../IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup when...
...on an external server, users will not be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used by selecting Log out on top of the TCP.../IP layer, and is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup when...
Embedded Web Server Administrator's Guide
Page 11
...Web Server 11 Multiple search bases may be configured. • Supported devices can store a maximum of an outage that relies on the printer control panel. Notes: • LDAP+GSSAPI requires that Kerberos 5 also be entered, separated by the Embedded Web Server to access ...unique LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Using LDAP+GSSAPI Some ...
...Web Server 11 Multiple search bases may be configured. • Supported devices can store a maximum of an outage that relies on the printer control panel. Notes: • LDAP+GSSAPI requires that Kerberos 5 also be entered, separated by the Embedded Web Server to access ...unique LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with a Kerberos server to an LDAP server using the GSSAPI protocol for networks running Active Directory. Using LDAP+GSSAPI Some ...
Embedded Web Server Administrator's Guide
Page 13
...realm. However, if a realm is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on an external server, users will automatically test... 6 Click Submit to save the information as the default realm for authentication. • As with any form of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for user authentication, Kerberos 5 is functional. While ...
...realm. However, if a realm is used, uploading or re-submitting a simple Kerberos file will be used as a krb5.conf file on the printer control panel. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on an external server, users will automatically test... 6 Click Submit to save the information as the default realm for authentication. • As with any form of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for user authentication, Kerberos 5 is functional. While ...
Embedded Web Server Administrator's Guide
Page 14
...user's password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in... if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in clear text. Printer clock settings can store only one NTLM configuration on a supported device because each session by the Kerberos server. 1 From the Embedded ...
...user's password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To help prevent unauthorized access, users are located in... if it is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in clear text. Printer clock settings can store only one NTLM configuration on a supported device because each session by the Kerberos server. 1 From the Embedded ...
Embedded Web Server Administrator's Guide
Page 16
... to specific device functions using a password or PIN. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
... to specific device functions using a password or PIN. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... be populated with a unique name of Access Controls" on page 29. Hold down list next to the name of that have been configured on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in order to gain access to any function controlled...
... be populated with a unique name of Access Controls" on page 29. Hold down list next to the name of that have been configured on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in order to gain access to any function controlled...
Embedded Web Server Administrator's Guide
Page 18
...currently in use ; Users will delete all authorized users of that function, and then click Submit. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can access ...any functions protected by that code. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from using...
...currently in use ; Users will delete all authorized users of that function, and then click Submit. Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to devices, Internal Accounts can access ...any functions protected by that code. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you want to protect, select a password or PIN from using...
Embedded Web Server Administrator's Guide
Page 19
.... The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •... be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in the Embedded Web Server 19 Note: Certain building blocks-such as PINs and Passwords-do not support separate authorization...
.... The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) •... be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer Using security features in the Embedded Web Server 19 Note: Certain building blocks-such as PINs and Passwords-do not support separate authorization...
Embedded Web Server Administrator's Guide
Page 20
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... the device (128-character maximum). Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs.
... the device (128-character maximum). Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs.
Embedded Web Server Administrator's Guide
Page 24
... when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 ...Click Submit to finalize changes. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear as "Exit Config Menu." 4 Press the down menus)....
... when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 ...Click Submit to finalize changes. Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear as "Exit Config Menu." 4 Press the down menus)....
Embedded Web Server Administrator's Guide
Page 25
... box. 9 To have administrators automatically notified of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will use E-mail alerts, you must be grayed out until an IP address or hostname is clicked E-mail log wrapped alert-When the log becomes...
... box. 9 To have administrators automatically notified of certain log events, type one or more E-mail addresses (separated by network monitoring or intrusion detection software. The printer will use E-mail alerts, you must be grayed out until an IP address or hostname is clicked E-mail log wrapped alert-When the log becomes...
Embedded Web Server Administrator's Guide
Page 26
... each applicable protocol. The default is 30 seconds. 6 To receive responses to require verification of the security certificate on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 10 From..., see "Managing certificates" on wired networks to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication...
... each applicable protocol. The default is 30 seconds. 6 To receive responses to require verification of the security certificate on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is required. 10 From..., see "Managing certificates" on wired networks to enable 802.1x authentication. • Type the login name and password the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which ...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which ...
Embedded Web Server Administrator's Guide
Page 29
...are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ability to create new profiles ... Controls access to the configuration of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu...
...are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ability to create new profiles ... Controls access to the configuration of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to perform color copy functions. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu...
Embedded Web Server Administrator's Guide
Page 30
...to manage certificates using remote management tools. The Access Control for each Solution is assigned in the device. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from ...Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls ability to print from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ...
...to manage certificates using remote management tools. The Access Control for each Solution is assigned in the device. Controls access to printer settings and functions by remote management tools such as that provided by a properly configured installation of the Settings menu from ...Embedded Web Server The Solution 1 through a secured communication channel (such as MarkVisionTM Professional. Controls ability to print from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31