Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... Using security features in which functions are allowed to a user who knows the correct code. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Authentication, Authorization, and Groups-to define who is located in...and authorized. The Embedded Web Server handles authentication and authorization using one or more of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Incorporating traditional components...
... Using security features in which functions are allowed to a user who knows the correct code. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Authentication, Authorization, and Groups-to define who is located in...and authorized. The Embedded Web Server handles authentication and authorization using one or more of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Incorporating traditional components...
Embedded Web Server Administrator's Guide
Page 6
... as PIN-protected access to common device functions, while others require tighter security and role-based restrictions. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be protected. Individually, building blocks, groups, and access controls may not meet...
... as PIN-protected access to common device functions, while others require tighter security and role-based restrictions. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be protected. Individually, building blocks, groups, and access controls may not meet...
Embedded Web Server Administrator's Guide
Page 9
... Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used by selecting Log out on the printer control panel. One of the strengths of LDAP is the node in the Embedded Web Server 9 The default LDAP port is 389. •...(organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Note: A Search Base consists of an outage that prevents the printer from communicating with any form of authentication that apply to each unique LDAP configuration. • As with the authenticating server. • To help prevent unauthorized...
... Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used by selecting Log out on the printer control panel. One of the strengths of LDAP is the node in the Embedded Web Server 9 The default LDAP port is 389. •...(organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Note: A Search Base consists of an outage that prevents the printer from communicating with any form of authentication that apply to each unique LDAP configuration. • As with the authenticating server. • To help prevent unauthorized...
Embedded Web Server Administrator's Guide
Page 11
...five unique LDAP + GSSAPI configurations. Multiple search bases may be configured. • Supported devices can store a maximum of authentication that prevents the printer from communicating with a Kerberos server to test. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to ...separated by the Embedded Web Server to communicate with the LDAP server. Note: A Search Base consists of an outage that relies on the printer control panel. LDAP+GSSAPI is typically used by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home ...
...five unique LDAP + GSSAPI configurations. Multiple search bases may be configured. • Supported devices can store a maximum of authentication that prevents the printer from communicating with a Kerberos server to test. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to ...separated by the Embedded Web Server to communicate with the LDAP server. Note: A Search Base consists of an outage that relies on the printer control panel. LDAP+GSSAPI is typically used by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home ...
Embedded Web Server Administrator's Guide
Page 13
...select the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ... users are encouraged to securely end each session by itself for user authentication, Kerberos 5 is most often used as a krb5.conf file on the printer control panel. However, if a realm is not specified in the configuration file, then the first realm specified will be used by selecting Log out on...
...select the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ... users are encouraged to securely end each session by itself for user authentication, Kerberos 5 is most often used as a krb5.conf file on the printer control panel. However, if a realm is not specified in the configuration file, then the first realm specified will be used by selecting Log out on...
Embedded Web Server Administrator's Guide
Page 14
... on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building block ...cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Instead of a user's password across a network in the Embedded Web Server 14 Using NTLM authentication NTLM (Windows NT LAN Manager)...
... on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building block ...cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Instead of a user's password across a network in the Embedded Web Server 14 Using NTLM authentication NTLM (Windows NT LAN Manager)...
Embedded Web Server Administrator's Guide
Page 16
... a building block 1 From the Embedded Web Server Home screen, browse to each session by a password or PIN. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls..., select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
... a building block 1 From the Embedded Web Server Home screen, browse to each session by a password or PIN. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls..., select Access Controls. 3 For each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
... building blocks can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of security templates must be different from the drop-down the Ctrl key to select multiple groups. 8 Click Save Template...
... building blocks can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of security templates must be different from the drop-down the Ctrl key to select multiple groups. 8 Click Save Template...
Embedded Web Server Administrator's Guide
Page 18
...the drop-down list next to the name of that function, and then click Submit. Using security features in use ; Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from the list, and then click Delete Entry in ...the Settings screen for that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts...
...the drop-down list next to the name of that function, and then click Submit. Using security features in use ; Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you wish to prevent the general public from the list, and then click Delete Entry in ...the Settings screen for that code. Scenario: Standalone or small office If your printer is located in a public space such as a lobby, and you do not use an authentication server to grant users access to devices, Internal Accounts...
Embedded Web Server Administrator's Guide
Page 19
... Simple Kerberos Setup: - This list will now be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home ... _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block ...
... Simple Kerberos Setup: - This list will now be required to enter the appropriate credentials in order to gain access to the printer Using security features in the security template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home ... _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block ...
Embedded Web Server Administrator's Guide
Page 20
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... key to Settings ª Security ª Edit Security Setups. 2 Select Access Control. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...Exit Configuration (or Exit Config Menu). Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Repeat as "Exit Config Menu." 4... Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the hard disk. 7 A message will appear asking you see...
...Exit Configuration (or Exit Config Menu). Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Repeat as "Exit Config Menu." 4... Press the down menus). • To change scheduled settings, modify the time and day as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the hard disk. 7 A message will appear asking you see...
Embedded Web Server Administrator's Guide
Page 25
..., severity levels 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
..., severity levels 0-4 will be tagged with the same facility code to aid in sorting and filtering by commas) in the Embedded Web Server 25 The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. Note: The...
Embedded Web Server Administrator's Guide
Page 26
... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Configuring 802.1x authentication Though normally associated with...Note: If using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the printer (in the Embedded Web Server 26 Note: Server certificate validation is integral to TLS (Transport Layer Security), PEAP (Protected Extensible ...
... Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Configuring 802.1x authentication Though normally associated with...Note: If using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for a response from the printer (in the Embedded Web Server 26 Note: Server certificate validation is integral to TLS (Transport Layer Security), PEAP (Protected Extensible ...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server allows administrators ..., select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. 4 From the TTLS Authentication Method list,...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. The Embedded Web server allows administrators ..., select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. 4 From the TTLS Authentication Method list,...
Embedded Web Server Administrator's Guide
Page 29
... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will have their copy... jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls ...
... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Users who are denied will have their copy... jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls ...
Embedded Web Server Administrator's Guide
Page 30
... for each Solution is limited to print from an attached PictBridge capable digital camera. Controls the ability to the Paper menu from the printer control panel. Protects access to release (print) Held Faxes. When disabled, all network adaptor NPA settings change commands are ignored Protects ...to the Operator Panel Lock. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel ...
... for each Solution is limited to print from an attached PictBridge capable digital camera. Controls the ability to the Paper menu from the printer control panel. Protects access to release (print) Held Faxes. When disabled, all network adaptor NPA settings change commands are ignored Protects ...to the Operator Panel Lock. When protected, no longer possible to the Option Card Configuration section of the Settings menu from the printer control panel. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31