Lexmark Monochrome Laser Common Criteria Installation Supplement and Administr
Lexmark Monochrome Laser Manual
View all Lexmark Monochrome Laser manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark Monochrome Laser manual content summary:
- Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 2
existing intellectual property right may be used instead. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2010 Lexmark International, Inc. All rights reserved - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 3
Contents Overview and first steps 5 Overview...5 Using this guide...5 Supported devices...5 Operating environment...5 Before configuring the device ...10 Creating security templates...12 Controlling access to device functions...12 Disabling home screen icons...14 Administering the device 15 Using - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 4
35 Configuring PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in use 39 Login screen does not appear when a SmartCard is - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 5
A: Using the touch screen" on page 45. Supported devices This guide describes how to implement an evaluated configuration on the following models: • Lexmark X463 • Lexmark X464 • Lexmark X466 • Lexmark X651 • Lexmark X652 • Lexmark X654 • Lexmark X656 • Lexmark X658 • Lexmark X734 • Lexmark X736 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 6
1 Inspect the MFP to verify that only one network interface is installed. There should be no using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. Several pages Base =, and Network =. 7 Contact your Lexmark representative to verify that the Base and Network values - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 7
the event your MFP-or its hard disk-is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on the powered up, the touch screen should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is in - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 8
to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the left to set the USB Buffer to Disabled. 3 Touch Submit. 8 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 9
the device" on page 15. After completing the 4 Restrict access to device functions. 5 Disable home screen icons. Configuring disk wiping Note: Not all used, the backup password should: • Contain a minimum of 8 characters. • Contain at least one lower case letter, one upper case letter, and one - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 10
use with the evaluated configuration involves not only assigning a user ID and password to each user, but also segmenting users into groups. You will select one supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home Scenario 2: Using multiple groups - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 11
use device functions, and access the Security menu • Non-administrators (all other users) Step 2: Creating accounts 1 From the home • Contain at least one lower case letter, one upper case letter, and one non-alphabetic character. • add only the Authenticated_Users group. 10 Touch Next to save the - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 12
accounts building block. Touch Next. 6 Select one or more groups to be included in the is not in use; however, security templates currently in use can be modified. 1 From the home screen, touch they do, see "Access Controls" on page 48. 1 From the home screen, touch Menus > Security > Edit - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 13
Access Control Address Book Cancel Jobs at the Device Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 14
Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1 Solutions 2-10 Supplies Menu at the Device Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 15
/IP Port Access. 2 Clear the following check boxes: • TCP 80 (HTTP) • TCP 443 (HTTPS) 3 Click Submit. Disabling HTTP/HTTPS access using the touch screen 1 From the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP > TCP/IP. 2 From TCP/IP, scroll to locate Enable HTTP Server - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 16
page (with the address beginning "https://"). 2 Use the navigation menu on the left to access configuration and report menus. Note: If the device IP address or hostname is not readily apparent, you can find it by printing a network setup page. Printing a network setup page 1 From the home support - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 17
Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Select Device Certificate Management. 3 Select a certificate from the list. The details of the certificate are displayed in the Device Certificate Management window. 4 From here, you - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 18
the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Select Pre-Shared Key Authenticated Connections or Certificate Authenticated Connections, and then one of the numbered Host fields. 8 Type the IP address of - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 19
must be disabled. Using the EWS Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure not, clear the check box and then click Submit. Using the touch screen 1 To disable AppleTalk: a From the home screen, touch Menus > Network/Ports > Standard Network - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 20
home icon to return to the home screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using accessing the EWS, see "Using the Embedded Web Server" on page 15. 1 From the Services 3 Click Submit. Other settings and functions Network Time Protocol Use - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 21
the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 file containing the NTP authentication credentials. 4 Click Submit. Using the touch screen 1 From the home screen touch Menus > Security > Set Date and Time. - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 22
functional. Using the touch screen Simple Kerberos settings can be configured or adjusted using the touch screen. 1 From the home screen, accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Select - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 23
settings. 9 Click Submit. Using the touch screen 1 From the home screen, touch Menus > automatically notify administrators of certain log events, type one or more E-mail addresses (separated by commas mail alerts, set "Digitally sign exports" to On. 10 For Severity of events to log, select 5 - - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 24
E-mail alerts, you must also configure SMTP settings. For information about SMTP settings, see "E-mail" on page 24. E-mail User data sent by the MFP using E-mail must be sent as an attachment. Using the EWS 1 From the EWS, click Settings > E-mail/FTP Settings > E-mail Settings. Note: For information - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 25
. 10 From the User-Initiated E-mail list, select the option most appropriate for your network/server environment. 11 If the MFP must provide credentials in order to send E-mail, enter the information appropriate for your network under Device Credentials. Using the touch screen 1 From the home screen - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 26
10 the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Under Print, from the Fax Forwarding list. 7 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Settings > Fax Settings > Analog - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 27
used to reset the security settings on the device. Note: Using the security reset jumper can remove the MFP from the evaluated configuration. 1 From the home the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 28
one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 29
as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations. Each configuration must have a unique name. Note: You must configure Kerberos before setting up LDAP+GSAPPI. For information about configuring Kerberos, see "Kerberos" on page 21. Using the EWS - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 30
• When creating Security Templates, will pick groups from this setup for controlling access to device functions. 5 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks > LDAP +GSSAPI. 2 Select Add Entry. 3 Type a Setup Name - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 31
and then adjust the following settings as needed: • Setup Name-Used to identify each particular LDAP+GSSAPI Server Setup when creating security templates will be performed. • Server Port-Used to communicate with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-Select None, SSL/TLS - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 32
using a card reader with your MFP, see "Using a Common Access Card to access the MFP" on page supports custom Logon Screen Text, with special instruction for users, or a custom 10 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the MFP, or clear the check box to use - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 33
before moving to the next one in the list. 12 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose Reverse DNS Lookups if reverse lookups are not supported on your network. 17 To use only the information provided by the specified domain - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 34
the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Under +GSSAPI, and/or PKI Authentication). 7 Click Modify Groups, and then select one or more groups to include in the security template. Hold down the Ctrl - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 35
page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 You can specify custom Icon Text to be displayed above the Held Jobs icon on the MFP home each job from the printer. • Select Allow one of four intervals ranging from one hour to one week. • Repeat - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 36
" on page 48. 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Address Book Cancel Jobs at the Device Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 37
Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1 Solutions 2-10 Supplies Menu at the Device Level of protection Not applicable - USB port - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 39
Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home , contact the Lexmark Solutions Help Desk - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 40
printer: 1 From the Embedded Web Server, click Settings > Security > Set Date and Time. 2 If you have manually manually configuring NTP settings. 3 If you have configured the printer to use , clear the Use Device Kerberos Setup Simple Kerberos Setup has been used, verify that the Realm PRINTER - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 41
file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos support multiple Kerberos Realm entries. If multiple realms are needed, you must create and upload a krbf5.conf file, containing the needed realms. If you are already using - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 42
Info..." For information about LDAP-related issues, see"LDAP Issues" on page 42. User is logged out almost immediately after logging in Try lookups to work. REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 43
SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Held Jobs/Print Release Lite Issues "You are not authorized to use this feature" Held Jobs error message This error usually indicates the user in not in an Active Directory - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 44
Principal Name-The SmartCard principal name, or the credential provided by manual login is used to set the userid (userid@domain). • EDI-PI-The userid LISTED The user may have sent the job (or jobs) to a different printer, or the jobs were automatically deleted because they were not printed in time. - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 45
menus may be restricted to administrators only. Using the on-screen keyboard Some device settings require one or more alphanumeric entries, such as field at the top of the screen. The keyboard display may also contain other icons, such as Next, Submit, Cancel, or the home screen graphic. 45 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 47
used in this guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Multifunction printer NT - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 48
not be available for your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Controls access to the Change Language feature from the printer control panel Controls the ability to use the Color Dropout feature for scan and copy functions - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 49
Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 50
at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 51
into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the touch screen to enter your logon PIN, and then touch Next: 51 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 52
your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" on page 45. 52 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 53
or reimbursement of the price paid for the Software Program. 3 LICENSE GRANT. Lexmark grants you the following rights provided you comply with all terms and conditions of this License Agreement: a Use. You may Use one copy of the Software Program. The term "Use" means storing, loading, installing - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 54
identified as an upgrade, you must first be licensed to the original Software Program identified by Lexmark as eligible for the upgrade. After upgrading, you may no longer use the original Software Program that formed the basis for your upgrade eligibility. 6 LIMITATION ON REVERSE ENGINEERING - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 55
10 TERM. This License Agreement is effective unless terminated or rejected. You any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 56
Access Controls list of 48 H held faxes 26 home screen 45 home screen icons disabling 14 HTTP/HTTPS access disabling 20 enabling 15 I interfaces verifying 6 internal accounts using the EWS to create 28 using the touch screen to create 10 IPSec setting up 18 56 K Kerberos configuring 21 importing - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 57
45 troubleshooting authentication failure 40 authorization to use Held Jobs 43 authorization to use Print Release Lite 43 certificate error 40 client unknown 42 domain certificate error 40 domain controller certificate not installed 40 home screen does not lock 39 jobs not being held at printer 44 - Lexmark Monochrome Laser | Common Criteria Installation Supplement and Administr - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002