Lexmark Multifunction Laser Common Criteria Installation Supplement and Admini
Lexmark Multifunction Laser Manual
View all Lexmark Multifunction Laser manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark Multifunction Laser manual content summary:
- Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 3
first steps 5 Overview...5 Using this guide...5 Supported devices...5 Operating environment...5 Before 12 Disabling home screen icons...14 Administering the device 15 Using the Embedded ...21 Security audit logging...22 E-mail...24 Fax...26 Configuring security reset jumper behavior...27 User - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 4
using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in use You are not authorized to use this feature" Held Jobs error message 43 "Unable to determine Windows User ID" error message - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 5
in their network environment. A working knowledge of Lexmark multifunction printers is required for effective use of this guide. Some settings can be configured using either the Embedded Web Server (EWS), or the device touch screen. Where applicable, instructions for both methods are included. For - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 6
are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. , under Device Information, locate Base =, and Network =. 7 Contact your Lexmark representative to verify that the Base and Network values are correct and up- - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 7
the event your MFP-or its hard disk-is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on screen should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is in Configuration mode by - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 8
to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the left to set the USB Buffer to Disabled. 3 Touch Submit. 8 - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 9
for securely erasing data from a hard disk. 1 From the home screen, touch Menus > Security > Disk Wiping. 2 Set Wiping Mode to Auto. 3 Set Automatic Method to Multi-pass. 4 Touch Submit. Enabling the backup password (optional) Warning: Using a backup password is strongly discouraged because it can - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 10
to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch Menus > Security Non-administrators (all other users) Scenario 2: Using multiple groups Group name Administrator_Only Administrator_Reports Type of user - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 11
functions, and access the Reports menu • Administrators permitted to use device functions, and access the Security menu • Non-administrators (all other users) Step 2: Creating accounts 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks > Internal Accounts - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 12
an existing security template Note: You can only delete a security template if it is not in use; however, security templates currently in use can be modified. 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Security Templates. 2 To remove all security templates, select - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 13
at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 14
at the Device Supplies Menu Remotely Use Profiles Web Import/Export Settings home screen: 1 From the home screen, touch Menus > Settings > General Settings. 2 Scroll to locate Home Screen Customization. 3 Set FTP, FTP Shortcuts, and USB Drive to Do not display. Note: If other functions (such as Fax - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 15
/IP Port Access. 2 Clear the following check boxes: • TCP 80 (HTTP) • TCP 443 (HTTPS) 3 Click Submit. Disabling HTTP/HTTPS access using the touch screen 1 From the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP > TCP/IP. 2 From TCP/IP, scroll to locate Enable HTTP Server - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 16
Use the navigation menu on the left to access configuration and report menus. Note: If the device IP address or hostname is not readily apparent, you can find it by printing a network setup page. Printing a network setup page 1 From the home verification, and for SSL support in LDAP. Each certificate - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 17
to disable HTTP and HTTPS access after you have finished using the EWS. 2 Select Device Certificate Management. 3 Select a certificate from the list. The details of the certificate are displayed in the Device Certificate Management window. 4 From here, you can: • Delete-Remove a previously stored - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 18
click Submit. Note: The Certificate Authority Source file must be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on using the power switch. Setting up IPSec IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle authentication or - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 19
that the Activate check box is empty. If it is not, clear the check box and then click Submit. Using the touch screen 1 To disable AppleTalk: a From the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP. b From the Std Network Setup screen, select AppleTalk > Activate - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 20
. From there you can select Back to return to Std Network Setup, or the home icon to return to the home screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using a network connection. Once the HTTP and HTTPS ports have been disabled, you will no - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 21
Authentication check box, and then click "Install auth keys" to browse to the file containing the NTP authentication credentials. 4 Click Submit. Using the touch screen 1 From the home screen touch Menus > Security > Set Date and Time. 2 Set Enable NTP to On. 3 Type the IP address or hostname of the - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 22
to verify that the Kerberos configuration file for the selected device is functional. Using the touch screen Simple Kerberos settings can be configured or adjusted using the touch screen. 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks >Simple Kerberos - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 23
, you must click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 9 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Security > Security Audit Log > Configure Log. 2 Set Enable Audit to On. 3 Set Enable Remote Syslog to On - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 24
reaches a specified percentage of capacity, set "E-mail % full alert" to On. • For %full alert level, specify the percentage of log storage space that must be used before an E-mail alert is triggered. • To send an E-mail when the log file is exported, set "E-mail log exported alert" to On. • To send - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 25
MFP must provide credentials in order to send E-mail, enter the information appropriate for your network under Device Credentials. Using the touch screen 1 From the home screen, touch Menus > Settings > E-mail Settings > E-mail Server Setup. 2 Scroll to locate Web Link Setup. Select Web Link Setup - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 26
Settings, select Print, from the Fax Forwarding list. 7 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Settings > Fax Settings > Analog Fax Setup > Fax Receive Settings. 2 Scroll to locate Holding Faxes. Select Holding Faxes. 3 Set Held Fax Mode to Always On. 4 Touch - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 27
screen should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is in Configuration mode by default values), or No Effect (to remove access to all security menus-use with caution). 3 Touch Submit to save the changes. Warning-Potential - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 28
access to that function. The MFP supports a maximum of 250 user accounts and Office employee-Black_and_white group, fax group. • Marketing employee-Black_and_white group, color group, fax using the EWS. 2 Under Advanced Security Setup, Step 1, select Internal Accounts. 3 Select Setup groups for use - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 29
credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations. Each configuration must have a unique name. Note: You must configure Kerberos before - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 30
• When creating Security Templates, will pick groups from this setup for controlling access to device functions. 5 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks > LDAP +GSSAPI. 2 Select Add Entry. 3 Type a Setup Name - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 31
and then adjust the following settings as needed: • Setup Name-Used to identify each particular LDAP+GSSAPI Server Setup when creating security templates will be performed. • Server Port-Used to communicate with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-Select None, SSL/TLS - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 32
supports special instruction Fax without Card check box. 9 Set User Validation Mode to Active Directory. 10 Select Use MFP Kerberos Setup to use use Simple Kerberos Setup. 11 For Simple Kerberos Setup you must provide: • Realm-The Kerberos realm as configured in Active Directory; typically the Windows - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 33
in the list. 12 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in. Multiple Reverse DNS Lookups if reverse lookups are not supported on your network. 17 To use only the information provided by the specified domain - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 34
select Add a Security Template. 4 In the Security Templates Name field, type a unique name for the template. It can be helpful to use a descriptive name, such as "Administrator _ Only", or "Authenticated_Users." 5 From the Authentication list, select a method for authenticating users. This list will - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 35
after you have finished using the EWS. 2 You can specify custom Icon Text to be displayed above the Held Jobs icon on the MFP home screen. 3 To select want to enable users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to enable users to - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 36
Print Data. 9 Click Apply. Controlling access to device functions using the EWS Access to MFP functions can be restricted by Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 37
Print Flash Drive Scan FTP Function Held PictBridge Printing PJL Device Setting Changes Release Held Faxes Remote Certificate Management Remote Management Reports Menu at at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 39
printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen does not return to a locked state when not in use If the printer home appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Login screen does not - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 40
DHCP, verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that those settings are correct, and that the NTP server is functioning correctly. "Kerberos configuration file - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 41
88 must be opened between the printer and the KDC in order for during manual login, and indicates the Windows Domain is support multiple Kerberos Realm entries. If multiple realms are needed, you must create and upload a krbf5.conf file, containing the needed realms. If you are already using - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 42
with the LDAP server, and must be open in order for LDAP lookups to work. REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From the Embedded Web Server, click Settings > Embedded Solutions - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 43
SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Held Jobs/Print Release Lite Issues "You are not authorized to use this feature" Held Jobs error message This error usually indicates the user in not in an Active Directory - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 44
, select a Session Userid to determine how the Windows Userid will be obtained when a user attempts to name, or the credential provided by manual login is used to set the userid (userid@domain). sent the job (or jobs) to a different printer, or the jobs were automatically deleted because they were - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 45
screen The screen located on the front of the MFP is touch-sensitive, and can be used to access device functions, and navigate settings and configuration menus. The "home screen" looks similar to this (yours may contain additional icons): Touch the Menus icon on the lower right to access settings - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 47
Security Service Applications Programming Interface Hypertext Transfer Protocol Secure Hypertext Transfer Protocol Internet Protocol Internet Protocol Security Internet Protocol Version 4 Internet Protocol Version 6 Key Distribution Center Lightweight Directory Access Protocol Multifunction printer - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 48
the ability to perform address book searches in the Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to use the Color Dropout feature for scan and copy functions Protects access to the Configuration Menu - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 49
jobs are ignored. Controls the ability to release (print) Held Faxes. When disabled, it is no longer possible to manage certificates using remote management tools. Certificate Management is limited to the operations available from the printer control panel and Embedded Web Server. Controls access to - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 50
Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 51
into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the touch screen to enter your logon PIN, and then touch Next: 51 - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 52
your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" on page 45. 52 - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 53
software license agreement between you and Lexmark or its suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 54
identified as an upgrade, you must first be licensed to the original Software Program identified by Lexmark as eligible for the upgrade. After upgrading, you may no longer use the original Software Program that formed the basis for your upgrade eligibility. 6 LIMITATION ON REVERSE ENGINEERING - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 55
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 56
5 EWS using 15 F fax forwarding 26 fax settings Driver to fax 26 fax forwarding 26 held faxes 26 fax storage 26 firmware verifying 6 function access using the EWS to restrict 36 using the touch screen to restrict 12 Function Access Controls list of 48 H held faxes 26 home screen 45 home screen icons - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 57
no jobs available to user 44 not authorized to use Held Jobs 43 not authorized to use Print Release Lite 43 printer clock out of sync 40 problem getting user info 42 realm on card not found 41 unable to authenticate 40 unable to determine Windows User ID 44 unexpected logout 42 unknown client 42 - Lexmark Multifunction Laser | Common Criteria Installation Supplement and Admini - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002