Embedded Web Server Administrator's Guide
Page 3
...LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function ...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21 Setting certificate defaults ...22 Configuring confidential printing...22 Enabling and disabling USB devices...23 Disk wiping...23 Encrypting ...
...LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function ...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21 Setting certificate defaults ...22 Configuring confidential printing...22 Enabling and disabling USB devices...23 Disk wiping...23 Encrypting ...
Embedded Web Server Administrator's Guide
Page 5
...can not be individually identified, passwords and PINs are available to as "permissions." Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who know the password or PIN are allowed to do. ...or stored on the printer, and the information security policies of your organization. Using security features in the document security chain. This set of authorized functions is allowed to use the printer, and which functions are considered less secure than other public area of a business...
...can not be individually identified, passwords and PINs are available to as "permissions." Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that only employees who know the password or PIN are allowed to do. ...or stored on the printer, and the information security policies of your organization. Using security features in the document security chain. This set of authorized functions is allowed to use the printer, and which functions are considered less secure than other public area of a business...
Embedded Web Server Administrator's Guide
Page 6
...-protected access to create a "Warehouse" group, and a "Sales and Marketing" group. The number of functions that give all device menus, settings, and functions come with one or more groups. Note: For a list of individual Access Controls and what they are combined determines the type... and faxing, administrators must be able to disable them entirely. Access Controls (also referred to in different groups needing access to identify sets of a complex security environment. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can support up...
...-protected access to create a "Warehouse" group, and a "Sales and Marketing" group. The number of functions that give all device menus, settings, and functions come with one or more groups. Note: For a list of individual Access Controls and what they are combined determines the type... and faxing, administrators must be able to disable them entirely. Access Controls (also referred to in different groups needing access to identify sets of a complex security environment. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can support up...
Embedded Web Server Administrator's Guide
Page 7
...used as administrator-level. Using security features in the Setup Name box. To create a password 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 ...of 250 user-level and administrator-level PINs. Notes: • To edit a password, select a password from the list, and then modify the settings. • To delete a password, select a password from the list and then click Delete Entry. Each password must have a unique name consisting ...
...used as administrator-level. Using security features in the Setup Name box. To create a password 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 ...of 250 user-level and administrator-level PINs. Notes: • To edit a password, select a password from the list, and then modify the settings. • To delete a password, select a password from the list and then click Delete Entry. Each password must have a unique name consisting ...
Embedded Web Server Administrator's Guide
Page 8
...group (or role), in order to grant them prior to creating new internal accounts. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts. 3 Select Setup groups for each account: ...• Account Name-Type the user's account name (example: "Jack Smith"). Setting up to 128 UTF-8 characters. 5 Click Add. 6 Repeat steps 4 through 5 to which the account belongs. Each internal account building block can ...
...group (or role), in order to grant them prior to creating new internal accounts. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts. 3 Select Setup groups for each account: ...• Account Name-Type the user's account name (example: "Jack Smith"). Setting up to 128 UTF-8 characters. 5 Click Add. 6 Repeat steps 4 through 5 to which the account belongs. Each internal account building block can ...
Embedded Web Server Administrator's Guide
Page 9
...Embedded Web Server Home screen, browse to access information stored in a specially organized information directory. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an administrator must submit when creating a new internal account, as well as... name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. The default LDAP port is used to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP...
...Embedded Web Server Home screen, browse to access information stored in a specially organized information directory. Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an administrator must submit when creating a new internal account, as well as... name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. The default LDAP port is used to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. 4 The LDAP...
Embedded Web Server Administrator's Guide
Page 10
... save changes, or click Cancel to return to previous values. To delete an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Select a setup from the list. 4 Make any needed ... can define up to three custom search object classes (optional). To edit an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click a setup from the list. 4 Click Delete Entry to...
... save changes, or click Cancel to return to previous values. To delete an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Select a setup from the list. 4 Make any needed ... can define up to three custom search object classes (optional). To edit an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click a setup from the list. 4 Click Delete Entry to...
Embedded Web Server Administrator's Guide
Page 11
...performed. • Server Port-The port used by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Click Add an LDAP+GSSAPI Setup. 4 The LDAP+... • Search Base-The Search Base is always secure. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Test LDAP Authentication Setup next to the setup you...
...performed. • Server Port-The port used by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Click Add an LDAP+GSSAPI Setup. 4 The LDAP+... • Search Base-The Search Base is always secure. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Test LDAP Authentication Setup next to the setup you...
Embedded Web Server Administrator's Guide
Page 12
...Click Delete List to select or clear; Using security features in the LDAP Configuration dialog. 5 Click Modify to save changes, or Cancel to return to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Select a setup from the list. 4 Make ...Person-Click to three custom search object classes (optional). To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Select a setup from the list. 4 Click ...
...Click Delete List to select or clear; Using security features in the LDAP Configuration dialog. 5 Click Modify to save changes, or Cancel to return to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Select a setup from the list. 4 Make ...Person-Click to three custom search object classes (optional). To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Select a setup from the list. 4 Click ...
Embedded Web Server Administrator's Guide
Page 13
..., or Reset Form to handle all such requests. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key Distribution Center) address... of authentication that relies on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Click Browse to find and select the krb5...
..., or Reset Form to handle all such requests. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key Distribution Center) address... of authentication that relies on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Click Browse to find and select the krb5...
Embedded Web Server Administrator's Guide
Page 14
... security template. • As with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of... the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Notes: • Entering manual settings automatically disables use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the ...
... security template. • As with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of... the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Notes: • Entering manual settings automatically disables use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the ...
Embedded Web Server Administrator's Guide
Page 15
.... Consult your device with the URL beginning "https://"), rather than an unsecured browsing window. Note: If you do not connect to Settings ª Security ª Edit Security Setups. 3 Under Edit Building Blocks, select NTLM. 4 Type the default user domain in the... Click Submit. Using security features in the Default User Domain field, and then click Register Domain to access additional configuration settings. 5 On the Settings screen under Register Domain, provide the credentials appropriate to register your organization's policies before deploying any security method that might ...
.... Consult your device with the URL beginning "https://"), rather than an unsecured browsing window. Note: If you do not connect to Settings ª Security ª Edit Security Setups. 3 Under Edit Building Blocks, select NTLM. 4 Type the default user domain in the... Click Submit. Using security features in the Default User Domain field, and then click Register Domain to access additional configuration settings. 5 On the Settings screen under Register Domain, provide the credentials appropriate to register your organization's policies before deploying any security method that might ...
Embedded Web Server Administrator's Guide
Page 16
...page 7. For more information on configuring a specific type of lockout. • Panel Login Timeout-Specify how long a user may be set to require No Security (the default), or to specific device functions using a password or PIN. Embedded Web Server administrators should verify that ...function. 4 Click Submit to save changes, or Reset Form to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for your environment...
...page 7. For more information on configuring a specific type of lockout. • Panel Login Timeout-Specify how long a user may be set to require No Security (the default), or to specific device functions using a password or PIN. Embedded Web Server administrators should verify that ...function. 4 Click Submit to save changes, or Reset Form to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for your environment...
Embedded Web Server Administrator's Guide
Page 17
... multiple groups. 8 Click Save Template. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template from the ...name of that have been configured on page 29. Each device can share a name. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a ...
... multiple groups. 8 Click Save Template. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template from the ...name of that have been configured on page 29. Each device can share a name. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a ...
Embedded Web Server Administrator's Guide
Page 18
... is that code. The key to remember is selected. Step One: Create a password or PIN 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Notes: •...will delete all authorized users of which device functions need to be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each function you do not use an authentication server to grant ...
... is that code. The key to remember is selected. Step One: Create a password or PIN 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Notes: •...will delete all authorized users of which device functions need to be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each function you do not use an authentication server to grant ...
Embedded Web Server Administrator's Guide
Page 19
...function controlled by a security template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each function you will be populated with the authorization ... the drop-down the Ctrl key to 128 characters. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a ...
...function controlled by a security template. Step 3: Assign security templates to access controls 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each function you will be populated with the authorization ... the drop-down the Ctrl key to 128 characters. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a ...
Embedded Web Server Administrator's Guide
Page 20
...used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Step 5: Assign security templates to access controls 1 From the ... Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a Security...
...used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. Step 5: Assign security templates to access controls 1 From the ... Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates, select Add a Security...
Embedded Web Server Administrator's Guide
Page 21
...using the format IP:1.2.3.4, or a DNS address using the format DNS:ldap.company.com. Using security features in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information... security template from the drop-down list next to the name of that conforms to RFC 2459. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use of digital certificates to and from the list. Viewing, downloading, and ...
...using the format IP:1.2.3.4, or a DNS address using the format DNS:ldap.company.com. Using security features in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information... security template from the drop-down list next to the name of that conforms to RFC 2459. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use of digital certificates to and from the list. Viewing, downloading, and ...
Embedded Web Server Administrator's Guide
Page 22
...the print queue until the user enters a PIN on -screen. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Set Certificate Defaults. 3 Enter values in the appropriate fields: • Common Name-Type a name for a supported device. Note...The values entered here will remain blank on the operator panel of the device. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Confidential Print Setup. 2 Select an option for the company or organization issuing the certificate (2-character maximum). ...
...the print queue until the user enters a PIN on -screen. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Set Certificate Defaults. 3 Enter values in the appropriate fields: • Common Name-Type a name for a supported device. Note...The values entered here will remain blank on the operator panel of the device. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Confidential Print Setup. 2 Select an option for the company or organization issuing the certificate (2-character maximum). ...
Embedded Web Server Administrator's Guide
Page 23
.... Notes: - Overwriting can be accomplished with a single pass-for a quick wipe-or with the DoD 5220.22-M standard for deletion. Setting up memory space. Disk wiping can use disk wiping to remove residual confidential material from a hard disk. Enabling and disabling USB devices 1 ...From the Embedded Web Server Home screen, browse to Settings ª Security ª Schedule USB Devices. 2 Under Schedule USB Devices, choose whether to complete the schedule. Use of USB devices is...
.... Notes: - Overwriting can be accomplished with a single pass-for a quick wipe-or with the DoD 5220.22-M standard for deletion. Setting up memory space. Disk wiping can use disk wiping to remove residual confidential material from a hard disk. Enabling and disabling USB devices 1 ...From the Embedded Web Server Home screen, browse to Settings ª Security ª Schedule USB Devices. 2 Under Schedule USB Devices, choose whether to complete the schedule. Use of USB devices is...