Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... sent to or stored on the printer, and the information security policies of authorized functions is , who the users will be helpful to build secure, flexible profiles that identifies who you are available to a user who has been authenticated by Lexmark to enable administrators to create a ... can be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
... sent to or stored on the printer, and the information security policies of authorized functions is , who the users will be helpful to build secure, flexible profiles that identifies who you are available to a user who has been authenticated by Lexmark to enable administrators to create a ... can be and what they require, while limiting access to sensitive printer functions or outputs to only those users are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
Embedded Web Server Administrator's Guide
Page 6
... functions. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the type of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be protected. The number of functions...
... functions. For example, in Company A, employees in the warehouse do , see "Menu of Access Controls" on the type of device, but those in some multifunction printers, over 40 individual menus and functions can be set of functions such as printing, copying, and faxing, administrators must be protected. The number of functions...
Embedded Web Server Administrator's Guide
Page 9
...Server Port-The port used to access protected device functions in the event of an outage that runs directly on the printer control panel. Using security features in a specially organized information directory. The default LDAP port is that it more ...domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...
...Server Port-The port used to access protected device functions in the event of an outage that runs directly on the printer control panel. Using security features in a specially organized information directory. The default LDAP port is that it more ...domain)-separated by commas. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server...
Embedded Web Server Administrator's Guide
Page 11
...Directory. Multiple search bases may be configured. • Supported devices can store a maximum of authentication that prevents the printer from communicating with the LDAP server. Instead of simple LDAP authentication because the transmission is always secure. Using LDAP+...GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." Note: A Search Base consists of an outage that relies on the printer control panel. Using security features in the event of multiple attributes-such as cn (common name), ou (organizational unit), o (organization...
...Directory. Multiple search bases may be configured. • Supported devices can store a maximum of authentication that prevents the printer from communicating with the LDAP server. Instead of simple LDAP authentication because the transmission is always secure. Using LDAP+...GSSAPI Some administrators prefer authenticating to obtain a Kerberos "ticket." Note: A Search Base consists of an outage that relies on the printer control panel. Using security features in the event of multiple attributes-such as cn (common name), ou (organizational unit), o (organization...
Embedded Web Server Administrator's Guide
Page 13
...not specified in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...able to access protected device functions in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. However, if a realm is functional. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. While only one krb5...
...not specified in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...able to access protected device functions in the configuration file, then the first realm specified will be used as a krb5.conf file on the printer control panel. However, if a realm is functional. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. While only one krb5...
Embedded Web Server Administrator's Guide
Page 14
...; To help prevent unauthorized access, users are encouraged to securely end each device can be used in the event of an outage that prevents the printer from the Time Zone drop-down list. Notes: • The NTLM building block can only be deleted or unregistered if it is being used ... auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can store only one used by selecting Log out on the user's password. An administrator can be in the Embedded Web Server 14
...; To help prevent unauthorized access, users are encouraged to securely end each device can be used in the event of an outage that prevents the printer from the Time Zone drop-down list. Notes: • The NTLM building block can only be deleted or unregistered if it is being used ... auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can store only one used by selecting Log out on the user's password. An administrator can be in the Embedded Web Server 14
Embedded Web Server Administrator's Guide
Page 16
... block 1 From the Embedded Web Server Home screen, browse to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
... block 1 From the Embedded Web Server Home screen, browse to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...
Embedded Web Server Administrator's Guide
Page 17
... Templates Name field, type a unique name containing up to 128 characters. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... Templates Name field, type a unique name containing up to 128 characters. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...Administrators can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. Step Two: Assign a password or PIN to each function you want to protect, select a password or PIN from using it... single password or PIN for that template. • You can access any functions protected by that code. Scenarios Scenario: Printer in a public place If your printer is not in use can provide simple protection right at the device. For more information on page 7. Notes: • ...
...Administrators can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. Step Two: Assign a password or PIN to each function you want to protect, select a password or PIN from using it... single password or PIN for that template. • You can access any functions protected by that code. Scenarios Scenario: Printer in a public place If your printer is not in use can provide simple protection right at the device. For more information on page 7. Notes: • ...
Embedded Web Server Administrator's Guide
Page 19
... from the drop-down the Ctrl key to cancel all changes. Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ..., and then select one or more groups to 128 characters. The IP address or hostname of the Embedded Web Server to the printer Using security features in the security template. This list will be required to enter the appropriate credentials in order to gain access to...
... from the drop-down the Ctrl key to cancel all changes. Step 1: Collect information about the network Before configuring the Embedded Web Server to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location ..., and then select one or more groups to 128 characters. The IP address or hostname of the Embedded Web Server to the printer Using security features in the security template. This list will be required to enter the appropriate credentials in order to gain access to...
Embedded Web Server Administrator's Guide
Page 20
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... Generate New Certificate . Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... Generate New Certificate . Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
... when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Using security features in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm the...Menu). After the disk has been encrypted, you will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear asking you to finalize changes. Warning-Potential ...
... when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Using security features in the lower right corner of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to confirm the...Menu). After the disk has been encrypted, you will be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Encryption takes approximately two minutes, and a status bar will appear asking you to finalize changes. Warning-Potential ...
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on reset, and then return to on the destination server. The chosen severity level and anything higher will be tagged with the same ...
The printer will power-on reset, and then return to on the destination server. The chosen severity level and anything higher will be tagged with the same ...
Embedded Web Server Administrator's Guide
Page 26
... the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . Using security features in order to each applicable protocol. The default value is also used on the authenticating server. Note:...
... the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use . Using security features in order to each applicable protocol. The default value is also used on the authenticating server. Note:...
Embedded Web Server Administrator's Guide
Page 27
... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*)... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ...
... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk (*)... 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded ...
Embedded Web Server Administrator's Guide
Page 29
...access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Firmware files which are denied will have their... copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls...
...access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Firmware files which are denied will have their... copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls...
Embedded Web Server Administrator's Guide
Page 30
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, it does Protects access... to the Network/Ports section of the Settings menu from the printer control panel and Embedded Web Server. Users who are ignored. This applies only when an Option Card with configuration options is ...
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. When disabled, it does Protects access... to the Network/Ports section of the Settings menu from the printer control panel and Embedded Web Server. Users who are ignored. This applies only when an Option Card with configuration options is ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31