Lexmark W850 Common Criteria Installation Supplement and Administrator Guide
Lexmark W850 Manual
View all Lexmark W850 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark W850 manual content summary:
- Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 3
Enabling the backup password (optional)...9 Creating user accounts...10 Creating security templates...12 Controlling access to device functions...12 Disabling home screen icons...14 Administering the device 15 Using the Embedded Web Server...15 Settings for network-attached devices...16 Creating - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 4
Release Lite Issues...43 "You are not authorized to use this feature" Held Jobs error message 43 "Unable to determine Windows User ID" error message 44 "There are no jobs available for [USER]" error message...44 Jobs are printing out immediately...44 Appendix A: Using the touch screen 45 Appendix - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 5
critical that you carefully follow the instructions in this guide, as failure to do so may result in a device that does not meet the requirements of the evaluation. Using this guide This guide is intended for use by Lexmark service providers, and network administrators responsible for the management - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 6
should be no optional network, parallel, or serial interfaces. Note: USB ports that perform document processing functions are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. Several pages of device information - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 7
The following illustrations show the most common lock port locations: Encrypting the hard disk Note: Not all devices have a 3 Verify that the MFP is in Configuration mode by locating the Exit Config Menu icon in the lower right corner of the touch screen. 4 Scroll through the configuration menus to - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 8
7 A message will be displayed asking you to confirm the Config Menu. The MFP will power-on reset, and then return to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of the device. 1 From the home screen, touch Menus > Network/Ports - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 9
a non-networked (standalone page 6, continue with this section to configure the settings needed to achieve the evaluated configuration for a standalone device: 1 Set up disk wiping. 2 Create user . Enabling the backup password (optional) Warning: Using a backup password is strongly discouraged because - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 10
configuration involves not only assigning a user ID and password to each user, but also segmenting users into groups. You will select one supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch Menus > Security > Edit Security Setups - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 11
Creating accounts 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks > Internal Accounts > General Settings. 2 On the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP will return to the Internal - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 12
do, see "Access Controls" on page 48. 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Access Controls. 2 Select of the administrator. • Disabled- Disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 13
at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel Lock Option Card Configuration at the Device Option Card Configuration Remotely Paper Menu at the Device Paper Menu Remotely PictBridge Printing PJL - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 14
Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1 Solutions 2-10 Supplies Menu at the Device Supplies Menu disabled Authenticated users Not applicable - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 15
to the Embedded Web Server is disabled as part of the evaluated configuration on network-attached devices. Once a device is in access using the touch screen 1 From the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP > TCP/IP. 2 From TCP/IP, scroll to locate Enable HTTP - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 16
IP address or hostname is not readily apparent, you can find it by printing a network setup page. Printing a network setup page 1 From the home screen, touch Menus. 2 Touch Reports. 3 Touch Network Setup Page. After the network setup page prints, the MFP will return to the home screen. Settings for - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 17
Certificate Management. 3 Select a certificate from the list. The details of the certificate are displayed in the Device Certificate Management window. 4 From here, you can: • Delete-Remove a previously stored certificate. • Download to File-Download or save the certificate as a PEM (.cer) file. 17 - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 18
Download Signing Request-Download are transmitted over the network between devices. It does "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and Connections, click either Pre-Shared Key Authenticated Connections or Certificate Authenticated Connections, and then one of the numbered - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 19
to return to the home screen. 2 To disable NetWare: a If not starting from Std Network Setup, from the home screen, touch Menus > Network/Ports > Standard Network > STD NET SETUP. b From the Std Network Setup screen, select NetWare > Activate. Note: It might be necessary to scroll down to find the - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 20
you can select Back to return to Std Network Setup, or the home icon to return to the home screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using a network connection. Once the HTTP and HTTPS ports have been disabled, you will no longer be - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 21
have finished using the EWS. 2 Under Advanced Security Setup, Step 1, select Kerberos 5. 3 Under Simple Kerberos Setup, for KDC Address, type the IP address or hostname of the KDC (Key Distribution Center) IP. 4 For KDC Port, type the number of the port used by the Kerberos server. 5 For Realm, type - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 22
Setups > Edit Building Blocks >Simple Kerberos Setup. 2 From the Simple Kerberos Setup screen, select KDC Address, type the KDC (Key Distribution Center) IP address or hostname, and then touch Submit. 3 Select KDC Port, type the number of the port Embedded Web Server" on page 15. Be sure to disable - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 23
Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 9 Syslog Server. 5 Type the Remote Syslog Port number used on the destination server. 6 For Remote E-mail alerts, set "Digitally sign exports" to On. 10 For Severity of events to log, select 5 - Notice - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 24
" on page 24. E-mail User data sent Setup, verify the following settings: • Server-must be blank. • Login-must be blank. • Password Setup. 2 Under SMTP Setup, type the IP address or hostname of the Primary SMTP Gateway the MFP will use for sending E-mail. 3 Type the Primary SMTP Gateway Port number - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 25
SMTP Credentials. 10 From the User-Initiated E-mail list, select the option most appropriate for your network/server environment Network/Ports > SMTP Setup. 2 Type the IP address or hostname of the Primary SMTP Gateway the MFP will use for sending E-mail. 3 Select the Primary SMTP Gateway Port number - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 26
10 For User-Initiated E-mail, select the option most appropriate for your network/server environment. 11 If the MFP must provide credentials in order to send E-mail, enter the information appropriate for your network in the Device Userid, Device password, and Kerberos 5 Realm or NTLM Domain fields. - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 27
" is chosen and the password (or other applicable credential) is lost, you will not be able to access the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User access Administrators and users are required to login - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 28
ID and password to each user, but also segmenting users into groups. You will select one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 29
+GSSAPI to take advantage of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 30
a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • MFP Kerberos Username- Type the distinguished name of the print server(s). • MFP Password-Type the Kerberos password for the print server(s). Search specific object - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 31
-The Kerberos password for the print server(s). Touch Submit, to save settings and return to General Information. 7 From the General Information Screen, select Search Specific Object Classes, and then adjust the following settings as needed (optional): • person-Select On or Off, to determine whether - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 32
"Using the Embedded Web Server" on page 15. Be sure to disable HTTP , and supports user authorization to provide custom Logon Screen Text, with special instruction for users, or a custom Logon Screen Image. 9 Set User Validation Mode to Active Directory. 10 Select Use MFP Kerberos Setup to use - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 33
If users are allowed to login manually, provide at least one Manual Login Domain (a Windows OCSP responder/repeater, along with the port being used (usually 80). The Network, to display Waiting for network... on the touch screen after the MFP is powered on. This message disappears when the network - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 34
control which users are permitted users Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page for authenticating users. This page 32. 6 Click Add authorization, and then select from the Authorization Setup Security Setup. 2 Under Advanced Security Setup, Step - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 35
select the Held Jobs icon. • Select Show Copies Screen if you want to enable users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to enable users to select a Print All button, rather than select each print job individually. • Display Print - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 36
page 48. 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page function for all users and administrators. Firmware Updates Flash Drive Color Printing Flash Drive Firmware port disabled Not applicable - USB - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 37
at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel Lock Option Card Configuration at the Device Option Card Configuration Remotely Paper Menu at the Device Paper Menu Remotely PictBridge Printing PJL - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 39
error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Login screen - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 40
but it is not the correct certificate, the error message displayed will be "The Domain Controller Issuing Certificate [NAME OF CERTIFICATE] has not been installed. NO CERTIFICATE, OR AN INCORRECT CERTIFICATE HAS BEEN INSTALLED ON THE PRINTER For information on installing, viewing, or modifying - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 41
resolve the issue. PORT 88 IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 42
the KDC being used to authenticate the user does not recognize the User Principle Name specified in the error message 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication >Configure. 2 If the Simple Kerberos Setup has been configured in PKI Authentication, verify - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 43
normally occurs during address book searches, user E-mail address searches, or user home directory searches. THE ADDRESS BOOK SETUP CONTAINS AN IP ADDRESS FOR THE LDAP SERVER 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify that the Server Address has - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 44
"Unable to determine Windows User ID" error message This error indicates that PKI Authentication is not setting the userid for the session. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Under User Session and Access Control, select a Session - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 45
Some device settings require one or more alphanumeric entries, such as server addresses, user names, or passwords. When an alphanumeric entry is needed, a keyboard will be displayed: As you touch the letters and numbers, your selections will be displayed in a corresponding field at the top of the - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/ - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 47
guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service printer NT LAN Manager Network Time - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 48
printer control panel Controls the ability to use the Color Dropout feature for scan and copy functions Protects access to the Configuration Menu Controls the ability to perform color copy functions. Users ability to update firmware from any source other than a flash drive. Firmware files which are - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 49
at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 50
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 51
card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the touch screen to enter your logon PIN, and then touch Next: 51 - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 52
screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" on page 45. 52 - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 53
and commences on the date the Software Program is delivered to the original end-user. This limited warranty applies only to Software Program media purchased new from Lexmark or an Authorized Lexmark Reseller or Distributor. Lexmark will replace the Software Program should it be determined that the - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 54
the time of download. Use of user. Any transfer must include all software components, media error correction, and security testing. If you have such statutory rights, you will notify Lexmark in writing of any intended reverse engineering, reverse assembly OR OTHERWISE IN CONNECTION WITH ANY PROVISION - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 55
10 TERM. This License Agreement is effective unless terminated or rejected. You any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 56
32 B backup password using the touch screen to enable 9 before configuring the device verifying firmware 6 verifying port finding 6 logging configuring the security audit log 22 N NetWare disabling 19 network protocols allowed 19 network settings finding 15 network setup page printing 15 Network - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 57
44 not authorized to use Held Jobs 43 not authorized to use Print Release Lite 43 printer clock out of sync 40 problem getting user info 42 realm on card not found 41 unable to authenticate 40 unable to determine Windows User ID 44 unexpected logout 42 unknown client 42 unsupported USB device 39 - Lexmark W850 | Common Criteria Installation Supplement and Administrator Guide - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002