HP Color LaserJet CM4730 HP LaserJet MPF Products - Configuring Security for M
HP Color LaserJet CM4730 - Multifunction Printer Manual
View all HP Color LaserJet CM4730 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Color LaserJet CM4730 manual content summary:
- HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 1
HP Imaging and Printing Security Best Practices Configuring Security for Multiple LaserJet MFPs, Color LaserJet MFPs, and Color MFPs with Edgeline Technology Version 3.0 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 2
...9 Information Disclosure ...9 Denial of Service...9 Elevation of Privilege ...10 Network Security ...10 Overall Network Settings ...10 Notes on the Process of Configuration 11 Notes on Passwords ...11 Configuring MFP Security Settings...12 Setting up HP Web Jetadmin ...12 Configuring Initial - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 3
File System Page Options ...76 Network Page Options...77 Security Page Options...80 Settings Only for Edgeline MFPs ...81 Device Page Options ...81 Digital Sending Page Options ...82 Security Page Options...82 Final Configurations ...83 Overall Limitations...84 Physical Security ...84 Appendix 1: - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 4
default. To help with this, HP developed this checklist as a guide to help you configure the security-related settings. It provides instructions to configure these settings for one or more MFPs at the same time. This checklist covers the following HP MFP models: MFP Type HP LaserJet MFPs Model HP - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 5
Jetadmin Version 8.1 is available for download at the following location: http://www.hp.com/bizsupport/wja/live/manual/8.1/html/wjacomp_winnt.html You can also find HP Web Jetadmin by searching for it at hp.com. You should install HP Web Jetadmin and update it with Service Pack 4 using the Product - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 6
is familiar with common networking practices, including configuring HP Jetdirect connections, and using HP Web Jetadmin. You should have read the MFP user guide, the MFP administrator guide, the Jetdirect administrator guide, Web Jetadmin user guides, and help files. This checklist relies on these - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 7
to the network, and in their factory default states. Most of the settings recommended in this checklist apply to other HP products; however, this checklist is tested and known to be successful only with the specified MFP models. • Web Jetadmin Version 8.1 with Service Pack 4: This checklist does not - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 8
gain access to address books • Using another person's email credentials to have free use of an email service • Using another person's email credentials to view that person's email messages • Using another person's log on credentials for access to use MFPs or networks • Using another person's log on - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 9
for information on configuring it at hp.com. • Close unused ports and protocols. • Configure all possible password settings. • Configure authentication. • Configure SNMPv3. Denial of Service Denial of service is any type of interference with normal use of an MFP. Examples: • Canceling or pausing the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 10
ways: • Configure the administrator (device) password. • Configure SNMPv3 and HTTPS. • Lock the control panel. Network Security This chapter explains how to configure security settings for one or more MFPs. You should use HP Web Jetadmin Version 8.1 with Service Pack 4 to configure as many of these - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 11
HP Web Jetadmin does not provide support for them, and because they require advanced network configurations. Look for information on these settings in the Edgeline MFP user guides and at hp might be different. Be sure to follow the instructions in order, and consider making adjustments to accommodate - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 12
a setting that is not supported on an MFP, Web Jetadmin shows setting failed - not supported. This is the expected behavior, and the MFP will continue without issues. For best results, configure one MFP model at a time. Setting up HP Web Jetadmin Follow these instructions to prepare Web Jetadmin for - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 13
cases, the MFPs already appear in the default view. Note: It is possible for Web Jetadmin to lose contact temporarily with an MFP that is configured , or configure the MFPs with static IP addresses. You can also use the MFP host names to find them. 3. Click to select the MFPs to configure in the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 14
are configuring. This is because some settings may not apply to that specific model. Ignore instructions for settings that do not appear in Web Jetadmin. Remember that the steps in this checklist are for the specified HP MFPs. Other devices may appear in the Device Model list. It may be possible to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 15
outlined in green. The Configure Devices tab contains most all of the settings recommended in this checklist. Tip: Sometimes Web Jetadmin can lose track of MFP credentials. If this happens, some settings might fail. Clear the Web Jetadmin Device Cache (see Web Jetadmin Help) and re-enter the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 16
first. The following instructions explain how to configure MFPs. It helps to ensure that only authorized and authenticated administrators have access to the configuration settings. It also helps to ensure that no one can gather sensitive information, such as passwords, usernames, and other codes - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 17
. CAUTION: Be sure to remember these credentials and provide them to authorized users. If these credentials are forgotten, the only way to restore communication between HP Web Jetadmin and the MFPs is to restore the 17 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 18
MFPs to factory default settings. These instructions are for the initial configuration of SNMPv3. Once you finish this configuration, the MFPs will require these credentials whenever anyone attempts to access settings over the network. Note: Web Jetadmin retains the SNMPv3 credentials for each MFP, - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 19
Figure 9: The Device Model list. Click Configure Devices (Figure 10) to execute the configuration. Figure 10: The Configure Devices button. After you click Configure Devices, a View Log page (Figure 11) will appear. 19 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 20
check for the SNMPv3 credentials. Note: Web Jetadmin stores the credentials for each MFP for convenience, but it may prompt for them on occasion. Web Jetadmin stores these credentials encrypted. 10.Click Go Back to view Multiple Device Configuration Tool, and continue with the instructions below: 20 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 21
Password The Device password restricts access to many of the configuration settings. The MFPs require it to be configured before they allow configuration of some of the other settings. Follow these instructions: 1. Click the Security option in the Configuration Categories menu (Figure 13). Figure 13 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 22
Control List: HP LaserJet M3035 MFP HP LaserJet M4345 MFP HP LaserJet M5025 MFP HP LaserJet M5035 MFP HP CM 8050 Color MFP HP CM 8060 Color MFP HP Web Jetadmin does not provide options to configure the Jetdirect Firewall settings. Look for them in each MFP EWS. Follow these instructions: 1. Click to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 23
include the IP address of the computer that Web Jetadmin is using to connect to the MFPs (it might be a computer other than the one you are using, such as a to grant access. 4. If you wish to make sure all of the MFPs are configured only with your new listings, click to select Clear all ACL Table entries - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 24
click Go Back to view the Multiple Device Configuration Tool, and continue with this checklist. Configuring Fax Send Setup (Edgeline MFPs) If you are configuring Edgeline MFPs, follow these instructions to enable fax functions (if you plan to use the fax functions): Tip: This setting applies only to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 25
does not cover alternative fax configurations because they require other network solutions or support. 4. Select the MFPs you wish to configure in the device list (Note that this setting is only for Edgeline MFPs. All other MFPs will ignore this setting). 5. Click Configure at the bottom of the page - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 26
Send Setup, and Send to Folder Setup for Edgeline MFPs Edgeline MFPs also require Email Send Setup and Send to Folder Setup before they allow configurations for related settings. Follow these instructions: Tip: This setting applies only to Edgeline MFPs. To save time, you should apply this setting - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 27
Figure 22: The Enable Send to Email option. 3. Click to select Enable Send to Email to the right. Note: You might have to configure the SMTP Gateways Settings as well. 4. Scroll down, and click to select Enable Send to Folder ( - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 28
either the Bootloader password for LaserJet MFPs or the Startup Menu Administrator Password for Edgeline MFPs. The Bootloader password can be configured using HP Web Jetadmin, but the Startup Menu Administrator Password can be configured using only the MFP control panel. See instructions for each - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 29
Tools menu will appear. 13. Press STOP to exit the menu. The Startup Menu will appear. 14. Press STOP to exit. The MFP will resume its startup process. Optional Setting: Hiding the MFP IP address Some of the MFPs provide their IP addresses on the control panel by default: • HP LaserJet M4345 MFP 29 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 30
• HP LaserJet M3027 MFP • HP LaserJet M3035 MFP • HP LaserJet M5025 MFP • HP LaserJet M5035 MFP • HP Color LaserJet M4730 MFP • HP CM8050 Color MFP with Edgeline • HP CM8060 Color MFP with Edgeline Hiding the IP address can be done only using the MFP Control panel. Follow these instructions: 1. - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 31
issues. Web Jetadmin will show that they failed - not supported. Configurations on the Device Page The Device page contains settings that affect normal use of the MFPs including a few settings related to security. Follow these instructions: 1. Click Device in the Configuration Categories menu. Note - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 32
The Fax configuration page provides a few security options for the analog fax functions. Follow these instructions: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below. At the minimum, configure the modem settings for the country, the company, and - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 33
enables PIN printing. Also note that this setting does not apply to Edgeline MFPs. 4. Select Store all Received Faxes in the Enable Mode dropdown menu. The Digital Sending page includes options for email and for send to network folder. Follow these instructions: 1. Click Digital Sending in the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 34
Message field). This ensures that no one can send improper email messages from the MFPs. 5. Scroll down, and click to select Default 'From:' Address (Figure 29). Figure 29: The Default From Address options. Note: HP recommends configuring the default from address to ensure that no one can send - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 35
such as email send notices and failures. 8. Fill in the Display Name and the Default Subject fields as desired. 9. If your network includes LDAP, configure the Accessing the LDAP Server options (Figure 30). Figure 30: The Accessing the LDAP Server options. These options enable the MFPs to provide - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 36
password. If you choose Use Public Credentials, each MFP will use the username and password that you provide in the Username and Password menu. 13. Select either Immediately reset to default settings or Delay before resetting the default settings. If you choose Immediately reset to default settings, - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 37
instructions: 1. Click Embedded Web Server in the Configuration Categories menu (Figure 32). Figure 32: The Embedded Web Server page. Note: The first option in the Embedded Web Server Configuration Categories page is Embedded Web Server Password. This setting should already be configured. The MFPs - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 38
a security-related feature. Use it as you see fit. This setting does not affect the MFP Send to Email feature. Incoming Mail (disabled by default) Leave blank to disable Normally, the MFP does not receive incoming mail; however, some legitimate network solutions might use it for certain - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 39
default) Leave blank to disable Continue Button (enabled by default) Print Service (enabled by default) Select to enable Leave blank to disable Command Load and Execute enables the MFPs to install and run Chai services access to data. Follow these instructions: 1. Click Filesystem in the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 40
needed to clean MFPs for resale, for reuse, or for conforming to high-level security requirements such as Department of Defense regulations. The instructions continue with the File System password: 2. Click to select Set Filesystem Password (Figure 35). Figure 35: The Set Filesystem Password option. - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 41
Erase is recommended for this setting because it ensures that data is completely unrecoverable by overwriting files with three passes. It slows the MFP slightly but is not noticeably slower than the Secure Fast Erase mode, which overwrites files with one pass. 6. Click to select File System - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 42
this protocol NOTE: Disabling the NFS option disables the entire protocol for the MFPs. The PostScript protocol is not as sensitive, and it is more likely to options that relate to the Jetdirect Print Servers. Follow these instructions: 1. Click Network in the Configuration Categories menu (Figure - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 43
dropdown menu, and select the highest setting that your browser supports. The Encryption Strength setting allows you to choose the strength of the encryption algorithm that will be used for communication between the MFP EWS and the web browsers connecting to it (this is related to the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 44
Jetadmin menus. This includes settings for email, send to folder, and fax. You should disable EWS Config while the MFPs are in use, and enable it Printing is the access point for normal printing through standard HP print drivers. IPP Printing Disabled Disabling IPP Printing prevents access to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 45
by clicking privacy statement at http://www.hp.com. If you enable this feature, information collected by HP will be limited to the following items: • HP Jetdirect product number, firmware version, and manufacturing date • Model number of the MFP • Web browser and operating system detected • Local - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 46
(Figure 44), and select Encrypt all web communication. Figure 44: The HTTPS Setting option. This setting requires web browsers to use HTTPS when contacting the MFPs. This ensures secure communications with the MFP EWS. This setting is related to the Encryption Strength setting covered earlier. 46 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 47
on the Network page, but you should have already configured this. The ACL instructions appear in the Initial Settings section of this chapter to help ensure security during the time you are configuring the MFPs. 9. Click to select Protocol Stacks (Figure 45), and deselect all unused protocol stacks - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 48
: If you are configuring color MFPs, options for restricting the use of color will appear on the Security page. You should configure these options if you wish to control the costs of color printing. These options are not covered in this checklist. Follow these instructions: 1. Click Security in the - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 49
Digital Send Service require additional solutions on the network for support. 3. Service is an additional solution offered at hp.com. 5. Choose an authentication method for Future Installations as desired. This automatically requires authentication for new solutions that may be installed on the MFP - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 50
49: The Accessing the LDAP Server options. These settings enable the MFPs to require a user's NT logon credentials for use of the MFPs. This is related to the LDAP access options in the Digital Sending page, which enable the MFP using SSL), usernames, email addresses, passwords, and other data will - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 51
includes NTLM service. This option enables the MFP to authenticate MFP functions. Note: The Bootloader Password option appears next on the Security Page. You should have already configured this at the beginning of this chapter. See the Initial Settings section. 11. Click to select Printer Firmware - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 52
firmware. Keep in mind that HP strongly recommends updating MFP firmware regularly. Note: The SNMPv3 option appears next on the Security page, but you should have already configured it. The SNMPv3 instructions end of this chapter. Note: The Device Password option appears next on the Security page. - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 53
. 13. Click to select Allow Use of Digital Send Service (Figure 53), and click Disabled (unless your network is using HP Digital Send Service). Figure 53: The Allow Use of Digital Send Service option. Digital Send Service is an HP solution for managing the digital sending functions of MFPs - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 54
5 numbers or up to 2147483647, and repeat it in the Repeat PJL Password field. The PJL password protects the default features on the MFP. PJL commands are allowed only when the correct PJL password is included. This also affects PCL and PostScript commands. 17. Once you have made your choices, click - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 55
security features that should be configured exclusive to LaserJet and Color LaserJet-based MFPs. This saves time, and it saves complications that can arise from configuring MFPs that reject these settings. Follow these instructions, but select only Edgeline MFPs in the devices list at the end of - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 56
Figure 57: LDAP Server Settings. These settings enable the Edgeline MFPs to access the LDAP server to provide addresses and contacts. remaining Server Connection Settings as desired. You may wish to select Use MFP user credentials to connect after Sign In, and then configure user access options. 56 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 57
who can receive responses or error reports for messages sent by the MFPs. This setting may be superseded if you choose to use the user's authenticated email address from the LDAP server. 11. Fill in the Default Display Name, the Default Subject, and the Default Messages fields as desired. 12 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 58
Sign in Method option. The Default Sign in Method provides a standard method of restricting access to the MFP. The method you choose will . b. If you chose Custom for the access control level in Step a, choose a default sign in method for each device function in the list. Be sure that the sign - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 59
, click Permission set. A list of Device Functions with Access Control (Figure 63) will appear. Figure 63: The Device Functions with Access Control list (Edgeline MFPs). e. Click to select the device functions for which to allow access for that role. f. Click Apply at the end of the list. g. Repeat - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 60
64: The LDAP Sign in Setup options (Edgeline MFPs). This feature is for setting up LDAP sign ensure secure communication. 6. If you selected Windows sign in for configurations above (only if your network supports it), click to select Windows Sign in Setup (Figure 65). Figure 65: The Windows Sign in - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 61
the LDAP system. If you chose LDAP for a log in method above, fill out the LDAP Users and Groups settings: a. Select a permission level in the Default Permission Set for LDAP Users drop down list. b. If you wish to add a user, type a name for the user in the User Name field, choose - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 62
Groups settings: a. Select a permission level in the Default Permission Set for Windows Users drop down list. b. of each MFP, and configure them. See MFP User Guide for more MFPs. These settings should be configured only by themselves and only at the end of this checklist. Follow these instructions - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 63
Config. EWS Config was required for configuring this checklist, but it should be disabled during normal use of the MFPs. Note: This setting removes all configuration settings from the MFP EWSs. It also removes all EWS-related settings from Web Jetadmin (they will disappear from Web Jetadmin menus - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 64
also find helpful information by searching for it at hp.com. Using Web Jetadmin and MFP Passwords Web Jetadmin is a powerful tool that allows you to manage any number of MFPs and printers. It provides a wide variety of features and services on the network. Without proper security, Web Jetadmin can - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 65
important to remember the Bootloader password. With it, it is possible to restore the MFPs to factory default settings. Without it, the only way to restore the MFPs is to involve an HPauthorized service technician to reset the entire MFP. You may wish to use a password vault program to organize and - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 66
to Email (Digital Sending page for Edgeline MFPs). Enable Send to Folder (Digital Sending page for Edgeline MFPs). Configure Bootloader password (Security page for LaserJet and Color LaserJet MFPs) or Startup Administrator Password (control panel for Edgeline MFPs). Hide the MFP IP Address - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 67
choices in the Authentication Manager. Disable Printer Firmware Update. Configure Control Panel Access to Maximum Lock. Disable Allow Use of Digital Send Service. Disable Allow Transfer to New Digital Send Service. Configure PJL Password. Configure color restriction settings as desired - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 68
Use MFP user credentials... or Default Credentials... as desired. o Fill in the log in credentials, if you chose Default Credentials... above. Configure Default Message Settings. o Select Restrict Users from editing all address fields. o Fill in Default Email Address, Default Display Name, Default - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 69
Email Setup Configure Send to Folder Setup Configure Bootloader password or Startup Administrator Password Hide MFP IP Address. Settings for all MFPs the default settings, Download. Disable Command Load and Execute. Enable Continue Button. Disable Print Service. Configure File System Password - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 70
Kerberos, Group 1 PIN, or Group 2 PIN). Disable Printer Firmware Update. Configure Control Panel Access to Maximum Lock. Disable Allow Use of Digital Send Service. Disable Allow Transfer to New Digital Send Service. Configure the PJL Password. Configure color restriction settings. Settings only for - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 71
Configure LDAP Users and Groups. Configure Windows Users and Groups. Disable EWS Config. Disable Direct Ports. None configured None configured Enabled Enabled 71 - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 72
authenticated administrator to log in and manage the MFPs. Be sure to configure a robust password for the Web Jetadmin administrator. With SNMPv3 ACL will observe errors when attempting to access the MFPs. It will appear as though the MFPs are not connected to the network. The MFPs allow access to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 73
Bootloader Password for LaserJet and Color LaserJet MFPs, or configure the Setup Administrator Password for Edgeline MFPs. This password protects against accidental or intentional access to the MFP startup settings. These settings are similar to the BIOS settings on a PC. They affect the services - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 74
From Address, and select Prevent users from changing the Default From Address. The Default From Address setting allows you to place a standard and consistent address in the from field of MFP emails jobs. Selecting Prevent users from changing the default from address ensures that users are unable to - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 75
passwords, and email addresses are not passed over the network in clear text. When Accessing LDAP Server settings is configured, an MFPs downloaded either to the MFP default settings, and type a number of seconds to delay. This setting enables the MFPs to remove email from the printer driver or from - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 76
driver installed can send print jobs to the MFPs. With Print Service disabled, the print options do not appear on the EWS. File System Page Options • Configure the File System Password. The File System password feature restricts access to the MFP storage devices and to the configuration settings - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 77
will ignore PJL commands that attempt to access the file system. o Disable PML. PML (Printer Management Language) is an HP proprietary protocol that manages MFPs and printers. Web Jetadmin uses PML for many of its configuration settings. Disabling this PML access eliminates the PML commands that - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 78
legacy) printer management tools. Jetdirect also supports some Telnet commands. Telnet Config transmits data in clear text, and it should not be used. With it disabled, MFPs will deny access to Telnet sessions. Note that Web Jetadmin is the only solution recommended for managing HP MFPs - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 79
.com. If you enable this feature, information collected by HP will be limited to the following items: o HP Jetdirect product number, firmware version, and manufacturing date o Model number of the attached printer or device o Web browser and operating system detected o Local language selections used - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 80
methods that are available and that you wish to configure. Digital Send Service is a separate solution available at hp.com. It is a valuable tool that provides security and other features for managing MFPs. Select Digital Send Service only if it is installed and available on your network and if you - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 81
this access to PCL and PostScript commands. With the PJL Password configured, the MFPs will deny access to commands that attempt to change default settings without the correct password. • Configure color restriction settings as desired. • If your network includes Color LaserJet MFPs, you can - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 82
Default Credentials fields. • Configure Default Message Settings. The Default Message Settings provide standard messages and from address for MFP email Functions feature is similar to the Authentication Manager for LaserJet and Color LaserJet MFPs. This feature allows you to choose the authentication - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 83
connections. Shutting down the parallel and USB ports ensures that no one can configure the MFPs or print using these connections. This setting causes the MFPs to turn off and turn on. They will be out of service during this time. This is also the reason this setting should be executed alone and - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 84
printing a fax (LaserJet and Color LaserJet MFPs only. Edgeline MFPs will require sign in HP MFPs involve hard copy documents. MFPs can print them, scan them, send them to email, send them to network folders, send them to other printers to the MFP • Access to digital sending services and features - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 85
is a function of the MFP that sends scanned documents to email destinations or to network destinations. Faxing is also considered digital sending, but it is separate from the network functions. DSS Digital Send Service. DSS is an HP solution to enhance MFP digital sending functionality and - HP Color LaserJet CM4730 | HP LaserJet MPF Products - Configuring Security for M - Page 86
such as print, copy, fax, and digital sending (email and send to network folder). Personal Identification Number. A PIN in a numeric password. MFPs use PINs for authentication, secure printing and secure fax printing. The top of the MFP is a scanner that converts paper documents into digital images
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs, Color LaserJet MFPs,
and Color MFPs with Edgeline Technology
Version 3.0