Home » Lexmark Manuals » Multifunction Devices » Lexmark X925 » Manual Viewer

Lexmark X925 Common Criteria Installation Supplement and Administrator Guide - Page 34

Controlling access to device functions using the EWS

Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

34 • Verify Job Expiration-This can be set to Off, Same as Confidential Print, or one of four intervals ranging from one hour to one week. • Repeat Job Expiration-This can be set to Off, Same as Confidential Print, or one of four intervals ranging from one hour to one week. 8 Under Advanced Settings, select the Require All Jobs to be Held and Clear Print Data check boxes. 9 Click Apply. Controlling access to device functions using the EWS Access to MFP functions can be restricted by applying security templates to individual functions. A list of access controls and what they do can be found in "Access controls" on page 47. 1 From the Embedded Web Server, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 2 Under Advanced Security Setup, Step 3, click Access Controls. 3 Click Expand All to see all available access controls. 4 Select the appropriate level of protection for each function, as specified in the following table. 5 Click Submit. Levels of protection include: • Administrator access only-This can be an internal account or a security template, as long as it provides administrator‑only authentication and authorization. • Authenticated users only-This can be an internal account or a security template, as long as it provides access to authenticated users only. These access controls must not be set to No Security. • Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. No change is required, although it is recommended that you set these access controls to Administrator access only or Disabled. Administrative Menus Access control Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Configuration Menu Paper Menu at the Device Paper Menu Remotely Reports Menu at the Device Reports Menu Remotely Settings Menu at the Device Settings Menu Remotely Level of protection Administrator access only Administrator access only Administrator access only Administrator access only Disabled Authenticated users only Authenticated users only Administrator access only Administrator access only Administrator access only Administrator access only

Section	Page
Installation Supplement and Administrator Guide	1
Contents	3
Overview and first steps	5
Overview	5
Using this guide	5
Supported devices	5
Operating environment	6
Before configuring the device (required)	6
Verifying physical interfaces and installed firmware	6
Attaching a lock	7
Encrypting the hard disk	7
Disabling the USB buffer	8
Installing the minimum configuration	9
Configuring the device	9
Configuration checklist	9
Configuring disk wiping	9
Enabling the backup password (optional)	9
Creating user accounts	10
Creating security templates	11
Controlling access to device functions	12
Disabling home screen icons	14
Administering the device	15
Using the Embedded Web Server	15
Settings for network-connected devices	15
Creating and modifying digital certificates	15
Setting up IPSec	17
Disabling the AppleTalk protocol	18
Shutting down port access	18
Other settings and functions	19
Network Time Protocol	19
Kerberos	19
Security audit logging	20
E-mail	22
Fax	24
Configuring security reset jumper behavior	25
User access	25
Creating user accounts through the EWS	25
Configuring LDAP+GSSAPI	27
Configuring Common Access Card access	30
Creating security templates using the EWS	32
Controlling access to device functions	33
Configuring PKI Held Jobs	33
Controlling access to device functions using the EWS	34
Troubleshooting	37
Login issues	37
“Unsupported USB Device” error message	37
Make sure a supported Smart Card reader is attached	37
The printer home screen fails to return to a locked state when not in use	37
Make sure the authentication token is installed and running	37
Make sure PKI Authentication is installed and running	37
Login screen does not appear when a Smart Card is inserted	37
Make sure the Smart Card is recognized by the reader	37
“The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time” err ...	38
Verify the date and time on the printer	38
“Kerberos configuration file has not been uploaded” error message	38
Make sure the Kerberos file has been uploaded	38
Users are unable to authenticate	38
Make sure the Realm specified in the Kerberos settings is in uppercase	38
“The Domain Controller Issuing Certificate has not been installed” error message	39
Make sure that the correct certificate has been installed on the printer	39
“The KDC did not respond within the required time” error message	39
Make sure the IP address or host name of the KDC is correct	39
Make sure the KDC is available	39
Make sure Port 88 is not blocked by a firewall	39
“User's Realm was not found in the Kerberos Configuration file” error message	39
Make sure the Windows Domain is specified in the Kerberos settings	39
“Realm on the card was not found in the Kerberos Configuration File” error message	40
Upload a Kerberos configuration file and make sure the realm has been added to the file	40
“Client [NAME] unknown” error message	40
Verify that the Domain Controller information is correct	40
Login does not respond at “Getting User Info”	40
User is logged out almost immediately after logging in	40
Increase the Panel Login Timeout interval	40
LDAP issues	41
LDAP lookups take a long time and then fail	41
Make sure Port 389 (non-SSL) and Port 636 (SSL) are not blocked by a firewall	41
Make sure the LDAP search base is not too broad in scope	41
LDAP lookups fail almost immediately	41
Verify that the Address Book Setup contains the host name for the LDAP server	41
Verify or adjust Address Book Setup settings	41
Narrow the LDAP search base	41
Verify that the LDAP attributes being searched for are correct	41
Held Jobs/Print Release Lite issues	42
“You are not authorized to use this feature” Held Jobs error message	42
Add the user to the appropriate Active Directory group	42
“Unable to determine Windows User ID” error message	42
Make sure PKI Authentication is setting the user ID for the session	42
“There are no jobs available for [USER]” error message	42
Make sure PKI Authentication is setting the correct user ID	42
Make sure the jobs were sent to the correct printer and were printed	42
Jobs are printing out immediately	43
Make sure PKI Held Jobs is installed and running	43
Make sure all jobs are required to be held	43
Appendix A: Using the touch screen	44
Appendix B: Acronyms	46
Appendix C: Description of access controls	47
Access controls	47
Appendix D: Using Common Access Cards	50
Using a Common Access Card to access the printer	50
Notices	51
LEXMARK SOFTWARE LICENSE AGREEMENT	51

Match case Limit results 1 per page

•

Verify Job Expiration

—This can be set to

Off

Same as Confidential Print

, or one of four intervals ranging from

one hour to one week.

•

Repeat Job Expiration

—This can be set to

Off

Same as Confidential Print

, or one of four intervals ranging from

one hour to one week.

Under Advanced Settings, select the

Require All Jobs to be Held

and

Clear Print Data

check boxes.

Click

Apply

Controlling access to device functions using the EWS

Access to MFP functions can be restricted by applying security templates to individual functions. A list of access controls

and what they do can be found in “Access controls” on page 47.

From the Embedded Web Server, click

Settings

Security

Security Setup

Note:

For information about accessing the EWS, see “Using the Embedded Web Server” on page 15.

Under Advanced Security Setup, Step 3, click

Access Controls

Click

Expand All

to see all available access controls.

Select the appropriate level of protection for each function, as specified in the following table.

Click

Submit

Levels of protection include:

•

Administrator access only

—This can be an internal account or a security template, as long as it provides

administrator

‑

only authentication and authorization.

•

Authenticated users only

—This can be an internal account or a security template, as long as it provides access to

authenticated users only. These access controls must

not

be set to

No Security

•

Disabled

—This disables access to a function for all users and administrators.

•

Not applicable

—The function has been disabled by another setting. No change is required, although it is

recommended that you set these access controls to

Administrator access only

Disabled

Administrative Menus

Access control

Level of protection

Security Menu at the Device

Administrator access only

Security Menu Remotely

Administrator access only

Service Engineer Menus at the Device

Administrator access only

Service Engineer Menus Remotely

Administrator access only

Configuration Menu

Disabled

Paper Menu at the Device

Authenticated users only

Paper Menu Remotely

Authenticated users only

Reports Menu at the Device

Administrator access only

Reports Menu Remotely

Administrator access only

Settings Menu at the Device

Administrator access only

Settings Menu Remotely

Administrator access only