Lexmark X652DE Common Criteria Installation Supplement and Administrator Guide
Lexmark X652DE - Mfp Taa Gov Compliant Manual
UPC - 734646093835
View all Lexmark X652DE manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X652DE manual content summary:
- Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 2
instead. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2010 Lexmark International, Inc. All rights reserved. UNITED STATES GOVERNMENT RIGHTS This software and - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 3
and installed firmware...6 Attaching a lock...6 Encrypting the hard disk...7 Disabling the USB Buffer...8 Installing the minimum configuration 9 Configuring the device...9 Configuration checklist...9 Configuring disk wiping...9 Enabling the backup password (optional)...9 Creating user accounts...10 - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 4
or may not work 42 LDAP lookups fail almost immediately...43 Held Jobs/Print Release Lite Issues...43 "You are not authorized to use this feature" Held Jobs error message 43 "Unable to determine Windows User ID" error message 44 "There are no jobs available for [USER]" error message...44 Jobs are - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 5
User Guide that came with your MFP. For information about using the MFP touch screen, see"Appendix A: Using the touch screen" on page 45. Supported devices This guide describes how to implement an evaluated configuration on the following models: • Lexmark X463 • Lexmark X464 • Lexmark X466 • Lexmark - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 6
processing functions are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen touch Menus > Reports > Menu Settings Page. Several pages of device information will print. 4 Under Installed Features, verify that no Download Emulator (DLE) option cards have been - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 7
hard disk-is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on the numeric keypad while turning the device back on. It takes approximately a minute to boot into the Configuration menu. Once the MFP is fully powered up, the touch screen should - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 8
Back, and then Exit Config Menu. The MFP will power-on reset, and then return to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of the device. 1 From the home screen, touch Menus > Network/Ports > Standard USB. 2 Scroll to the left - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 9
1 Set up disk wiping. 2 Create user accounts. 3 Create security templates. 4 Restrict access to device functions. 5 Disable home screen icons. Configuring disk wiping Note: Not all devices have a hard disk installed. This section applies only to devices containing a hard disk. Disk wiping is used to - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 10
only assigning a user ID and password to each user, but also segmenting users into groups. You will select one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 11
> General Settings. 2 On the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP will return to the Internal Accounts screen. 3 From the Internal Accounts screen, select Add Entry. 4 Type the user's account name (example: "Jack Smith"), and - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 12
do, see "Access Controls" on page 48. 1 From the home screen, touch Menus > Security > Edit as long as it provides administrator-only authentication and authorization. • Any valid setting- Disabled- Disables access to a function for all users and administrators. • Not applicable-The function has - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 13
mail Function eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 14
are configured, Solution 1 controls access to Held Jobs. Administrator access only Any valid setting Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled Disabling home screen icons The final step is to remove unneeded icons from the MFP home - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 15
part of the evaluated configuration on network-attached devices. Once a device is in the evaluated configuration, administrators can still adjust many settings using the touch screen 6 Touch the home icon to return to the home screen. 7 Reboot the MFP by turning it off and back on using the power - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 16
page. Printing a network setup page 1 From the home screen, touch Menus. 2 Touch Reports. 3 Touch Network Setup Page. After the network setup page prints, the MFP will return to the home screen. Settings for network-attached devices After attaching the MFP to a network, you will need to configure - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 17
, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS .255.255, or a DNS address using the format DNS:ldap.company.com. Leave this field blank to use the IPv4 window. 4 From here, you can: • Delete-Remove a previously stored certificate. • Download to File-Download - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 18
IP address of the client device you want to connect to the MFP. If using Pre-Shared Key (PSK) Authentication, also type the key. Note: If using PSK Authentication, retain the key to use later when configuring client devices. 9 Configure IPSec, as needed, on client devices that will connect to the - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 19
Submit. The MFP will return to the NetWare screen. From there you can select Back to return to Std Network Setup, or the home icon to return to the home screen. 3 To disable LexLink: a If not starting from Std Network Setup, from the home screen, touch Menus > Network/Ports > Standard Network > STD - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 20
9500/TCP 9501 (NPAP) • TCP 9600 (IPDS) • UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. Other settings and functions Network Time Protocol Use Network Time Protocol (NTP), to automatically sync MFP date and time settings with a trusted clock, so that Kerberos requests - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 21
of the NTP server. 4 If the NTP server requires authentication, set Enable Authentication to On. 5 Touch Submit. Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must first configure Kerberos. Using the EWS 1 From the EWS, click Settings - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 22
Test Setup to verify that the Kerberos configuration file for the selected device is functional. Using the touch screen Simple Kerberos settings can be configured or adjusted using the touch screen. 1 From the home screen see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 23
link to configure SMTP settings. 9 Click Submit. Using the touch screen 1 From the home screen, touch Menus > Security > Security Audit Log > Configure Log. field. 9 If you want the MFP to add a digital signature to E-mail alerts, set "Digitally sign exports" to On. 10 For Severity of events to log, - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 24
to E-mail alerts. 13 Touch Submit. Note: In order to use E-mail alerts, you must also configure SMTP settings. For information about SMTP settings, see "E-mail" on page 24. E-mail User data sent by the MFP using E-mail must be sent as an attachment. Using the EWS 1 From the EWS, click Settings - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 25
method from the SMTP Server Authentication list. 9 From the Device-Initiated E-mail list, select Use Device SMTP Credentials. 10 From the User-Initiated E-mail list, select the option most appropriate for your network/server environment. 11 If the MFP must provide credentials in order to - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 26
10 For User-Initiated E-mail, select the option most appropriate for your network/server environment. 11 If the MFP must provide credentials in order to send E-mail, enter the information appropriate for your network in the Device Userid, Device password, and Kerberos 5 Realm or NTLM Domain fields. - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 27
(motherboard). User access Administrators and users are required to login to the MFP using a method that provides both authentication and authorization. Under the evaluated configuration, three options are available for granting access to network-attached devices: internal accounts, LDAP+GSSAPI, or - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 28
user ID and password to each user, but also segmenting users into groups. You will select one or more of these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports Copy Color Printing fax_user - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 29
of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 30
Select either User ID and Password or User ID to specify which credentials a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • MFP Kerberos Username- Type the distinguished name of the print server(s). • MFP Password-Type the - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 31
Information. 6 From the General Information screen, select Device Credentials, and then adjust the following settings as needed (optional): • MFP Kerberos Username- The distinguished name of the print server(s). • MFP Password-The Kerberos password for the print server(s). Touch Submit, to save - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 32
be listed as "Running". Step 2: Configure PKI Authentication PKI Authentication provides the login screen and authentication mechanism, and supports user authorization to the MFP and its functions. 1 From the EWS, click Settings > Embedded Solutions. 2 Under Installed Solutions, select the check box - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 33
, to display Waiting for network... on the touch screen after the MFP is powered on. This message disappears when the network becomes available. 20 Click Apply. Note: You must install at least one Certificate Authority (CA) certificate in order for PKI Authentication to work. For more information - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 34
5 From the Authentication list, select a method for authenticating users. This list will be populated with the authentication building blocks that have been configured on the MFP (internal accounts, LDAP+GSSAPI, and/or PKI Authentication). Notes: • Because a PKI Authentication security template is - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 35
to as Release Print Jobs, is used to securely hold documents at the MFP until released by an authorized user. 1 From the EWS, click Settings > Embedded Solutions > PKI Held Jobs > Configure. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 36
Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Level of - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 37
Access Control Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel Lock Option Card Configuration at the Device Option - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 39
printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen does not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use, check the following: THE AUTHENTICATION TOKEN IS NOT INSTALLED - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 40
before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that those settings are correct, and that the NTP server is functioning correctly. "Kerberos configuration file has not been uploaded" error message This error occurs when PKI Authentication - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 41
BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 42
ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable Reverse DNS Lookups. 3 Click Apply. LDAP REFERRALS ARE - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 43
FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Held Jobs/Print Release Lite Issues "You are not authorized to use this feature" Held Jobs error message This error usually indicates the user in not in an Active Directory group - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 44
name, or the credential provided by manual login is used to set the userid (userid). • LDAP Lookup-The userid is retrieved from Active Directory. 3 Click Apply to save any needed changes. "There are no jobs available for [USER]" error message PKI AUTHENTICATION IS NOT SETTING THE CORRECT USERID - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 45
to access settings and configuration menus for the device. Note: Access to device menus may be restricted to administrators only. Using the on-screen keyboard Some device settings require one or more alphanumeric entries, such as server addresses, user names, or passwords. When an alphanumeric entry - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 47
used in this guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Department of Defense - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 48
your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash Drive - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 49
This applies only when an Option Card with configuration options is installed in the device. Protects access to the Paper menu from the printer control panel. Protects access to the Paper menu from the Embedded Web Server. Controls ability to print from an attached PictBridge capable digital camera - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 50
at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 51
Appendix D: Using Common Access Cards Using a Common Access Card to access the MFP 1 Insert your Common Access Card into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 52
your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" on page 45. 52 - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 53
of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials and electronic documentation - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 54
terms at the time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed materials, and this License - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 55
10 TERM. any form, or as otherwise described herein. Lexmark may terminate your license upon notice if you fail to comply with any of the terms of by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 56
set 36 acronyms 47 AppleTalk disabling 19 assumptions 5 audit logging configuring 22 authentication token 32 B backup password using the touch screen to enable 9 before configuring the device verifying firmware 6 verifying physical interfaces 6 C certificates creating and modifying 16 Common Access - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 57
supported devices 5 syslog configuring 22 T touch screen using the 45 troubleshooting authentication failure 40 authorization to use Held Jobs 43 authorization to use Print Release Lite 43 certificate error 40 client unknown 42 domain certificate error 40 domain controller certificate not installed - Lexmark X652DE | Common Criteria Installation Supplement and Administrator Guide - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002