Lexmark X925 Common Criteria Installation Supplement and Administrator Guide
Lexmark X925 Manual
View all Lexmark X925 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X925 manual content summary:
- Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation Supplement and Administrator Guide November 2011 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 2
will be incorporated in later editions. Improvements or changes in the products or the programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 3
3 Contents Overview and first steps 5 Overview...5 Using this guide...5 Supported devices ...5 Operating environment ...6 Before configuring the device (required 6 Verifying physical interfaces and installed firmware 6 Attaching a lock ...7 Encrypting the hard disk ...7 Disabling the USB buffer - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 4
functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return Certificate has not been installed" error message 39 "The KDC did not respond within the required time" error message 39 "User's Realm was not - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 5
This guide describes how to implement an evaluated configuration on the following models: • Lexmark X548 • Lexmark XS548 • Lexmark X792 • Lexmark XS796 • Lexmark X925 • Lexmark XS925 • Lexmark X950 • Lexmark X952 • Lexmark X954 • Lexmark XS955 • Lexmark 6500e scanner with T650 printer • Lexmark - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 6
, or if a DLE card has been installed, then contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate Base =, and Network =. 7 Contact your Lexmark representative to verify that the Base and Network values are correct and up‑to‑date. - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 7
you are using a Lexmark 6500e scanner with a T650, T652, T654, or T656 printer, then you must attach a lock to both the scanner and the printer. 1 Verify that : Encrypting the hard disk Hard disk encryption helps prevent the loss of sensitive data in the event your MFP-or its hard disk-is stolen - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 8
Enable. Warning: Enabling disk encryption will erase the contents of the hard disk. 6 The following message appears: Contents will be lost. and then touch Exit Config Menu. The MFP will undergo a power‑on reset, and then return to normal operating mode. Disabling the USB buffer Disabling the - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 9
Installing the minimum configuration You can achieve an evaluated configuration on a non-networked to securely overwrite files stored on the hard drive that have been marked for deletion. Multi . • Not be a dictionary word or a variation of the user ID. 1 From the home screen, touch > Security > Edit - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 10
then you will apply a security template to each device function to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch > Security > Edit Security Setups > Edit Building Blocks > Internal Accounts - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 11
Administrator groups as needed. If you have created multiple groups to grant access to specific device functions, then select all groups in which the administrator should be included. • For all other users, add only the Authenticated_Users group. 10 After selecting the appropriate group or groups - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 12
access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. No change is required, although it is recommended the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Configuration Menu - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 13
Configuration Administrator access only Remote Management Administrator access only Firmware Updates Disabled PJL Device Setting Changes Disabled Operator Panel Lock Authenticated users only Address Book Authenticated users only Create Profiles Disabled Create Bookmarks at the Device - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 14
Change Language from Home Screen Cancel Jobs at the Device PictBridge Printing Solution 1 Solutions 2‑10 New Solutions Level of protection Disabled Authenticated users only Authenticated users and USB Drive to Do not display. Note: If other functions (such as Fax) are not available to users, then - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 15
for a network-connected device. Creating and modifying digital certificates Certificates are needed for domain controller verification and for SSL support in LDAP. organization issuing the certificate. • Unit Name-Type the name of the unit within the company or organization issuing the certificate. - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 16
host name as the Common Name. • Organization Name-Type the name of the company or organization issuing the certificate. • Unit Name-Type the name of the unit within the company or organization issuing the certificate. • Country/Region-Type the country or region where the company or organization - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 17
as a .csr file. • Install Signed Certificate-Upload a previously signed certificate. Installing a CA certificate A Certificate Authority Setting up IPSec IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle authentication or restrict access. 1 From - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 18
return to the AppleTalk screen. From there you can touch Back to return to the Std Network Setup screen or the home icon to return to the home screen. Shutting down port access 9700 (Plug‑n‑Print) • TCP 10000 (Telnet) • ThinPrint • TCP 65002 (WSD Print Service) • TCP 65004 (WSD Scan Service) - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 19
time‑stamped. Note: If your network uses DHCP, then verify that NTP settings are not automatically provided by the DHCP server before manually Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, then you must first configure Kerberos. Using the - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 20
20 3 Under Simple Kerberos Setup, for KDC Address, type the IP address or host name of the KDC (Key Distribution Center) IP. 4 For KDC Port, type the number of the port used by the Kerberos server. 5 For Realm, type the realm used by the Kerberos server. Note: The Realm entry must be typed in all - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 21
• Select Digitally sign exports if you want the device to add a digital signature to e-mail alerts. Note: To use e-mail alerts, click Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. 9 Click Submit. Using the touch screen 1 From the home screen, touch - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 22
send an e-mail when log settings are changed, set "E-mail log settings changed alert" to Yes. • For "Log settings, see "E-mail" on page 22. E-mail User data sent by the MFP using e-mail must be Under E-mail Settings, select Attachment for "E‑mail images sent as." 3 Under Web Link Setup, verify - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 23
will wait for a response from the SMTP server before timing out. 6 If you want to receive responses to If the SMTP server requires user credentials, then select an authentication E‑mail images sent as to Attachment. 5 Touch Submit. SMTP settings 1 From the home screen, touch > Network/Ports - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 24
to Use Device SMTP Credentials. 10 For User‑Initiated E‑mail, select the option most appropriate for your network or server environment. 11 If the MFP On. 4 Click Submit to save your changes and return to the Settings page. 5 Under Fax Send Settings, clear the Driver to fax check box. 6 Under Fax - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 25
changes. Warning-Potential Damage: If No Effect is selected and the password (or other applicable credential) is lost, then you will not be able to access the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 26
Color Printing Fax Function When creating internal accounts in Scenario 1, you would select the group that corresponds to the user's department. Scenario 2: Creating groups based on device function Security template basic_user color_user fax_user Groups included in template black_and_white color - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 27
+GSSAPI to take advantage of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 28
Specify the node in the LDAP server where user accounts reside. Multiple search bases can be such as cn (common name), ou (organizational unit), o (organization), c (country), or dc printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 29
needed (optional): • Use Active Directory Device Credentials-Touch to select or clear. When the printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP's Kerberos Username and MFP - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 30
applications comes installed on the Using a Common Access Card to access the printer" on page 50. Note: You must authentication mechanism and supports user authorization to the Screen Text with special instructions for users or a custom Logon Screen Image. Custom screen images must be in GIF - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 31
time the MFP should wait for a response from the domain controller before moving to the next one in the list. 11 If users are allowed to log in manually, then provide at least one Manual message disappears when the network becomes available. 17 Click Apply. Note: You must install at least one - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 32
5 From the Authentication Setup list, select a method for authenticating users. This list will be populated with the authentication building blocks that the fields as necessary. 5 Click Modify to save your changes, Delete Entry to delete the template, or Cancel to retain previously configured values - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 33
jobs to expire, either at the same time Confidential jobs expire or at another time: Note: The interval chosen for Job Expiration represents the minimum time a job will be held before being removed. Depending on how often a specific device polls for state changes, jobs marked for removal may remain - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 34
must not be set to No Security. • Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. No change is required, although it is recommended that you set these access controls to Administrator access only or - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 35
Configuration Remote Management Firmware Updates PJL Device Setting Changes Operator Panel Lock Function Access Access control Address Book Create Profiles Create Bookmarks at the Device Create Bookmarks Remotely Flash Drive Print Flash Drive Color Printing Flash Drive Scan Copy Function Copy - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 36
36 Access control Use Profiles Change Language from Home Screen Cancel Jobs at the Device PictBridge Printing Level of protection Authenticated users only Authenticated users only Administrator access only Not applicable-USB port disabled Device Solutions Access control Solution 1 Solutions 2-10 - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 37
37 Troubleshooting Login issues "Unsupported USB Device" error message MAKE SURE A SUPPORTED SMART CARD READER IS ATTACHED Only the OmniKey reader that came with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen fails to return to a locked - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 38
TIME ON THE PRINTER 1 From the Embedded Web Server, click Settings > Security > Set Date and Time. 2 If you have manually configured date and time settings, then verify and correct them as needed. Make sure the time zone and daylight savings time settings are correct. Note: If your network Users are - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 39
INSTALLED ON THE PRINTER For information on installing, viewing, or modifying certificates, see "Creating and modifying digital certificates" on page 15. "The KDC did not respond within the required time to save any needed changes. 3 If a krb5 printer and the KDC for authentication to work. "User - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 40
Authentication settings do not support multiple Kerberos Realm entries User is logged out almost immediately after logging in INCREASE THE PANEL LOGIN TIMEOUT INTERVAL 1 From the Embedded Web Server, click Settings > Security > Miscellaneous Security Settings > Login Restrictions. 2 Increase the time - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 41
issues LDAP lookups take a long time and then fail This issue can occur during login (at "Getting User Info") or during address book searches. Try one or more of the following: MAKE SURE PORT 389 (NON‑SSL) AND PORT 636 (SSL) ARE NOT BLOCKED BY A FIREWALL The printer uses these ports to communicate - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 42
LDAP Lookup for the Session Userid setting. 3 Click Apply to save any needed changes. MAKE SURE THE JOBS WERE SENT TO THE CORRECT PRINTER AND WERE PRINTED The user may have sent the job or jobs to a different printer, or the jobs may have been automatically deleted because they were not printed - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 43
the check box next to the application name, and then click Start. • If PKI Held Jobs does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. MAKE SURE ALL JOBS ARE REQUIRED TO BE HELD 1 From the Embedded Web Server, click Settings > Device - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 44
E-mail @ Search FTP Held Jobs Held jobs Status/ Supplies Ready. Touch on the lower right to access settings and Some device settings require one or more alphanumeric entries, such as server addresses, user names, and passwords. When an alphanumeric entry is needed, a keyboard appears: - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 45
45 To type a single uppercase or shift character, touch Shift, and then touch the letter or number you need to uppercase. To turn on Caps Lock, touch Caps, and then continue typing. Caps Lock will remain engaged until you touch Caps again. Password ~ 1! @# $ %^ 23456 &* 7 8 ( 9 ) 0 _ + - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 46
Multifunction printer NT LAN Manager Network Time Protocol Online Certificate Status Protocol Privacy Enhanced Mail Public Key Infrastructure Pre‑Shared Key Request for Comment Simple Mail Transfer Protocol Secure Sockets Layer Transmission Control Protocol Transport Layer Security User Datagram - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 47
all network adapter NPA settings change commands are ignored. Option Card Configuration at the Device This controls access to the Option Card Configuration section of the Settings menu from the printer control panel. This applies only when an Option Card with configuration options is installed on - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 48
other than a flash drive. Firmware files that are received through FTP, the Embedded Web Server, etc., will be ignored (flushed) when this function is protected. This protects access to the locking function of the printer control panel. If this is enabled, then users with appropriate credentials can - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 49
drive. Users who are denied will have their print jobs printed in black and white. This controls the ability to update firmware from a flash drive. This controls the ability to print from a flash drive. This controls the ability to scan documents to a flash drive. This controls access to the Scan - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 50
the keypad that appears on the touch screen, and then touch Next. It may take a moment for the printer to validate your credentials. After your credentials have been validated, the printer will return to the home screen. Note: For more information about using the touch screen, see "Appendix A: Using - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 51
suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 52
time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer NEGLIGENCE OR STRICT LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, AFFILIATES, OR REMARKETERS - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 53
No choice of law rules in any jurisdiction will apply. 14 UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Software has been developed entirely at by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 54
22 Embedded Web Server using 15 encrypting network data 17 encrypting the hard disk 7 encryption IPSec 17 environment operating 6 EWS using 15 F fax forwarding 24 fax settings Driver to fax 24 fax forwarding 24 held faxes 24 fax storage 24 firmware verifying 6 function access using the EWS to - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 55
40 domain certificate error 39 domain controller certificate not installed 39 home screen does not lock 37 jobs not being held at printer 43 jobs print immediately 43 KDC and MFP clocks out of sync 38 KDC did not respond within the required time 39 Kerberos file not uploaded 38 LDAP lookup failure - Lexmark X925 | Common Criteria Installation Supplement and Administrator Guide - Page 56
PN 3065326 Rev. 001 www.lexmark.com *3065326*
Common Criteria
Installation Supplement and Administrator Guide
November 2011
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2011 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3065326-001