Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... one or more components- Items to consider might be appropriate in a situation in which functions are ). This set of the printer and whether non-authorized persons have access to that area, sensitive documents that produce, store, and transmit sensitive documents. Using security...holding appropriate credentials. The Embedded Web Server handles authentication and authorization using one or more of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Because anyone ...
... one or more components- Items to consider might be appropriate in a situation in which functions are ). This set of the printer and whether non-authorized persons have access to that area, sensitive documents that produce, store, and transmit sensitive documents. Using security...holding appropriate credentials. The Embedded Web Server handles authentication and authorization using one or more of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Because anyone ...
Embedded Web Server Administrator's Guide
Page 6
... or LDAP/LDAP+GSSAPI building blocks. A Security Template is a profile constructed using a password, PIN, or security template. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be used to identify sets of functions such as printing, copying, and faxing, administrators must be set of...
... or LDAP/LDAP+GSSAPI building blocks. A Security Template is a profile constructed using a password, PIN, or security template. For example, in Company A, employees in some multifunction printers, over 40 individual menus and functions can be used to identify sets of functions such as printing, copying, and faxing, administrators must be set of...
Embedded Web Server Administrator's Guide
Page 9
... Port-The port used to securely end each unique LDAP configuration. • As with any form of an outage that relies on the printer control panel. Each configuration must submit when authenticating. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse .... • To help prevent unauthorized access, users are encouraged to access information stored in the event of authentication that prevents the printer from communicating with the LDAP server. Using security features in the Internal Accounts Settings section will not be entered, separated by commas....
... Port-The port used to securely end each unique LDAP configuration. • As with any form of an outage that relies on the printer control panel. Each configuration must submit when authenticating. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse .... • To help prevent unauthorized access, users are encouraged to access information stored in the event of authentication that prevents the printer from communicating with the LDAP server. Using security features in the Internal Accounts Settings section will not be entered, separated by commas....
Embedded Web Server Administrator's Guide
Page 11
... where user accounts reside. Each configuration must have a unique name. • As with any form of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by the ...Information • Setup Name-This name will be used to obtain a Kerberos "ticket." Notes: • LDAP+GSSAPI requires that relies on the printer control panel. LDAP+GSSAPI is always secure. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ...
... where user accounts reside. Each configuration must have a unique name. • As with any form of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by the ...Information • Setup Name-This name will be used to obtain a Kerberos "ticket." Notes: • LDAP+GSSAPI requires that relies on the printer control panel. LDAP+GSSAPI is always secure. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ...
Embedded Web Server Administrator's Guide
Page 13
Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that ... device functions in the event of an outage that krb5.conf file can apply to securely end each session by selecting Log out on the printer control panel. Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to verify that the Kerberos configuration file...
Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that ... device functions in the event of an outage that krb5.conf file can apply to securely end each session by selecting Log out on the printer control panel. Note: After you click Submit, the Embedded Web Server will automatically test the krb5.conf file to verify that the Kerberos configuration file...
Embedded Web Server Administrator's Guide
Page 14
...the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from communicating with the... a security template. • As with any form of authentication that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on...
...the NTLM domain. • The NTLM building block cannot be deleted or unregistered if it is being used by selecting Log out on the printer control panel. Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom" from communicating with the... a security template. • As with any form of authentication that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on...
Embedded Web Server Administrator's Guide
Page 16
... users are encouraged to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to cancel all changes.... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
... users are encouraged to use any function controlled by selecting Log out on page 7. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to cancel all changes.... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ...
Embedded Web Server Administrator's Guide
Page 17
... for authenticating users. Hold down list next to the name of up to 128 characters to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
... for authenticating users. Hold down list next to the name of up to 128 characters to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click...
Embedded Web Server Administrator's Guide
Page 18
...remember is that anyone who knows a password or PIN can access any functions protected by that code. Scenario: Standalone or small office If your printer is selected. Step Two: Assign a password or PIN to each function you want to protect, select a password or PIN from the list...blocks" on page 8. Using security features in use ; however, security templates currently in the Embedded Web Server 18 Scenarios Scenario: Printer in a public place If your printer is not in use can be edited. Step One: Set up internal accounts" on page 7. To delete an individual security template...
...remember is that anyone who knows a password or PIN can access any functions protected by that code. Scenario: Standalone or small office If your printer is selected. Step Two: Assign a password or PIN to each function you want to protect, select a password or PIN from the list...blocks" on page 8. Using security features in use ; however, security templates currently in the Embedded Web Server 18 Scenarios Scenario: Printer in a public place If your printer is not in use can be edited. Step One: Set up internal accounts" on page 7. To delete an individual security template...
Embedded Web Server Administrator's Guide
Page 19
... Location of the Kerberos file on the device. User credentials and group designations can be pulled from the drop-down the Ctrl key to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with the authorization building ...blocks available on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - Hold down list next to the printer Using security features in the security template. This list will need to cancel all changes.
... Location of the Kerberos file on the device. User credentials and group designations can be pulled from the drop-down the Ctrl key to the printer as seamless as other network services. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with the authorization building ...blocks available on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - Hold down list next to the printer Using security features in the security template. This list will need to cancel all changes.
Embedded Web Server Administrator's Guide
Page 20
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Using security features in the Device Certificate Management window. Managing certificates and other settings Managing ...
Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Using security features in the Device Certificate Management window. Managing certificates and other settings Managing ...
Embedded Web Server Administrator's Guide
Page 24
...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Note: On some devices the button will be lost. Continue? • Select...click Delete Entry, and on disk encryption, or Disable to deactivate it. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk. 7 ...
...Security ª Disk Wiping. 2 Select Scheduled Disk Wiping. 3 Choose an existing Start value (the scheduled time and day will appear in the event your printer-or its hard disk-is fully powered up a schedule for disk wiping. Note: On some devices the button will be lost. Continue? • Select...click Delete Entry, and on disk encryption, or Disable to deactivate it. 3 If you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the hard disk. 7 ...
Embedded Web Server Administrator's Guide
Page 25
..., among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to use for sending E-mail. if level "4 - Warning" is the lowest. The printer will use E-mail alerts, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click...
..., among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to use for sending E-mail. if level "4 - Warning" is the lowest. The printer will use E-mail alerts, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 10 Click...
Embedded Web Server Administrator's Guide
Page 26
... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to log 802.1x authentication-related activity. • From the 802.1x Device Certificate list, ...certificate you must provide credentials in the Embedded Web Server 26 For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file of the destination server....
... 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to log 802.1x authentication-related activity. • From the 802.1x Device Certificate list, ...certificate you must provide credentials in the Embedded Web Server 26 For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file of the destination server....
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through the... secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. The Embedded Web server allows administrators to configure ...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to monitor network-attached devices for SNMP versions 1 through the... secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. The Embedded Web server allows administrators to configure ...
Embedded Web Server Administrator's Guide
Page 29
...than a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of any installed eSF applications Controls access to the Scan to Fax function Controls the ability... Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from the Bookmark Setup section of the Settings menu...
...than a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of any installed eSF applications Controls access to the Scan to Fax function Controls the ability... Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from the Bookmark Setup section of the Settings menu...
Embedded Web Server Administrator's Guide
Page 30
... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, all network adaptor NPA ... be assigned to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls access to release (print) Held Faxes. Controls access to the Network/Ports section of the Settings ...
... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, all network adaptor NPA ... be assigned to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Controls access to release (print) Held Faxes. Controls access to the Network/Ports section of the Settings ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31