Page 1: Operating Instructions
Operating Instructions Security Reference Getting Started Administrators/Authentication and its Application Users/Authentication and its Application Protecting Document Data Information from Leaks Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Managing Access to the Machine Enhanced Network Security Specifying the Extended Security Functions Troubleshooting Appendix...
Page 3: Manuals For This Machine
Manuals for This Machine Read this manual carefully before you use this machine. Refer to the manuals that are relevant to what you want to do with the machine. • Media differ according to manual. • The printed and electronic versions of a manual have the same contents. •...
Page 4 Network and System Settings Guide Explains how to connect the machine to a network, configure and operate the machine in a network environment, and use the software provided. Also explains how to change User Tools settings and how to register information in the Address Book. Security Reference This manual is for administrators of the machine.
Page 5: Table Of Contents
TABLE OF CONTENTS Manuals for This Machine..........................1 Notice................................10 Important..............................10 How to Read This Manual..........................11 Symbols................................11 IP Address..............................11 Note................................11 Laws and Regulations............................12 Legal Prohibition............................12 1. Getting Started Before Using the Security Functions........................13 Setting Up the Machine...........................14 Enhanced Security............................16 Glossary................................17 Security Measures Provided by this Machine....................18 Using Authentication and Managing Users....................18 Ensuring Information Security........................18 Limiting and Controlling Access........................20...
Page 6 Using Web Image Monitor.........................36 3. Users/Authentication and Its Application Users..................................37 About User Authentication..........................38 Authentication Setting Procedure........................39 Enabling User Authentication..........................41 User Code Authentication..........................42 Specifying User Code Authentication......................42 Basic Authentication............................46 Specifying Basic Authentication........................46 Authentication Information Stored in the Address Book................48 Specifying Login User Name and Login Password...................49 Specifying Authentication Information to Log on..................51 Windows Authentication..........................53 Specifying Windows Authentication......................54...
Page 7 Unauthorized Copy Prevention........................91 Data Security for Copying..........................92 Printing Limitations............................94 Notice................................94 Printing with Unauthorized Copy Prevention and Data Security for Copying........94 Printing a Confidential Document........................97 Specifying a Locked Print File........................97 Printing a Locked Print File...........................98 Deleting Locked Print Files...........................99 Changing Passwords of Locked Print Files....................100 Unlocking Locked Print Files........................101 Specifying Access Permission for Stored Files.....................103 Assigning Users and Access Permission for Stored Files................104...
Page 8 Auto Erase Memory..........................135 Erase All Memory............................140 6. Managing Access to the Machine Preventing Modification of Machine Settings....................143 Menu Protect..............................145 Set up Menu Protect..........................145 Limiting Available Functions..........................150 Specifying Which Functions are Available.....................150 Managing Log Files............................152 Using the Control Panel to Specify Log File Settings................152 Using Web SmartDeviceMonitor to Manage Log Files.................154 Using Web Image Monitor to Manage Log Files...................154 7.
Page 9 Authentication by telnet..........................206 "authfree" Command..........................206 Authentication by IEEE802.1X........................207 8. Specifying the Extended Security Functions Specifying the Extended Security Functions....................209 Changing the Extended Security Functions.....................209 Procedure for Changing the Extended Security Functions..............209 Settings...............................210 Other Security Functions..........................215 Fax Function...............................215 Scanner Function............................215 Limiting Machine Operation to Customers Only..................217 Settings...............................217 Specifying Service Mode Lock Preparation....................217 Canceling Service Mode Lock.........................218...
Page 10 Settings via SmartDeviceMonitor for Admin...................257 Network Administrator Settings........................258 System Settings............................258 Facsimile Features.............................259 Scanner Features............................259 Settings via Web Image Monitor......................259 Settings via SmartDeviceMonitor for Admin...................262 File Administrator Settings..........................263 System Settings............................263 Facsimile Features.............................263 Printer Features............................263 Settings via Web Image Monitor......................264 User Administrator Settings...........................265 System Settings............................265 Settings via Web Image Monitor......................265 Settings via SmartDeviceMonitor for Admin...................266...
Page 11 Functions That Require Options........................319 Trademarks..............................320 INDEX ................................323...
Page 12: Notice
Notice Important In no event will the company be liable for direct, indirect, special, incidental, or consequential damages as a result of handling or operating the machine. For good copy quality, the supplier recommends that you use genuine toner from the supplier. The supplier shall not be responsible for any damage or expense that might result from the use of parts other than genuine parts from the supplier with your office products.
Page 13: How To Read This Manual
How to Read This Manual Symbols This manual uses the following symbols: Indicates points to pay attention to when using the machine, and explanations of likely causes of paper misfeeds, damage to originals, or loss of data. Be sure to read these explanations. Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.
Page 14: Laws And Regulations
Laws and Regulations Legal Prohibition Do not copy or print any item for which reproduction is prohibited by law. Copying or printing the following items is generally prohibited by local law: bank notes, revenue stamps, bonds, stock certificates, bank drafts, checks, passports, driver's licenses. The preceding list is meant as a guide only and is not inclusive.
Page 15: Getting Started
1. Getting Started This chapter describes the machine's security features and how to specify initial security settings. Before Using the Security Functions • If the security settings are not specified, the machine may be damaged by malicious attackers. 1. To prevent this machine being stolen or willfully damaged, etc., install it in a secure location. 2.
Page 16: Setting Up The Machine
1. Getting Started Setting Up the Machine This section explains how to enable encryption of transmitted data and configure the administrator account. If you want higher security, make the following setting before using the machine. Turn the machine on. Press the [User Tools/Counter] key. BHL006S Press [System Settings].
Page 17 Setting Up the Machine Specify IPv4 Address. For details on how to specify the IPv4 address, see "Interface Settings", Network and System Settings Guide. Connect the machine to the network. Start Web Image Monitor, and then log on to the machine as the administrator. For details about logging on to Web Image Monitor as an administrator, see "Using Web Image Monitor".
Page 18: Enhanced Security
1. Getting Started Enhanced Security This machine's security functions can be enhanced by managing the machine and its users using the improved authentication functions. By specifying access limits for the machine's functions and the documents and data stored in the machine, information leaks and unauthorized access can be prevented.
Page 19: Glossary
Glossary Glossary Administrator There are four types of administrators according to administrative function: machine administrator, network administrator, file administrator, and user administrator. We recommend that only one person takes each administrator role. In this way, you can spread the workload and limit unauthorized operation by a single administrator. Basically, administrators make machine settings and manage the machine;...
Page 20: Security Measures Provided By This Machine
1. Getting Started Security Measures Provided by this Machine Using Authentication and Managing Users Enabling Authentication To control administrators' and users' access to the machine, perform administrator authentication and user authentication using login user names and login passwords. To perform authentication, the authentication function must be enabled.
Page 21 Security Measures Provided by this Machine Printing Confidential files Using the printer's Locked Print, you can store files in the machine as confidential files and then print them. You can print a file using the machine's control panel and collect it on the spot to prevent others from seeing it.
Page 22: Limiting And Controlling Access
1. Getting Started Overwriting the Data on the Hard Disk To prevent data leaks, you can set the machine to automatically overwrite temporary data. We recommend that before disposing of the machine, you overwrite all the data on the hard disk. To overwrite the hard disk data, the optional DataOverwriteSecurity Unit is required.
Page 23: Enhanced Network Security
Security Measures Provided by this Machine • p.150 "Limiting Available Functions" Enhanced Network Security Preventing Unauthorized Access You can limit IP addresses or disable ports to prevent unauthorized access over the network and protect the Address Book, stored files, and default settings. For details about preventing unauthorized access, see "Preventing Unauthorized Access".
Page 24 1. Getting Started...
Page 25: Administrators/Authentication And Its Application
2. Administrators/Authentication and Its Application Administrators Administrators manage user access to the machine and various other important functions and settings. When an administrator controls limited access and settings, first select the machine's administrator, enable the authentication function, and then use the machine. When the authentication function is enabled, the login user name and login password are required in order to use the machine.
Page 26: Machine Administrator
2. Administrators/Authentication and Its Application Machine Administrator This is the administrator who mainly manages the machine's default settings. You can set the machine so that the default for each function can only be specified by the machine administrator. By making this setting, you can prevent unauthorized people from changing the settings and allow the machine to be used securely by its many users.
Page 27: About Administrator Authentication
About Administrator Authentication About Administrator Authentication There are four types of administrators: user administrator, machine administrator, network administrator, and file administrator. For details about each administrator, see "Administrators". BBC005S 1. User Administrator This administrator manages personal information in the Address Book. You can register/delete users in the Address Book or change users' personal information.
Page 28 2. Administrators/Authentication and Its Application • p.23 "Administrators"...
Page 29: Enabling Administrator Authentication
Enabling Administrator Authentication Enabling Administrator Authentication To control administrators' access to the machine, perform administrator authentication using login user names and passwords. When registering an administrator, you cannot use a login user name already registered in the Address Book. Administrators are handled differently from the users registered in the Address Book.
Page 30 2. Administrators/Authentication and Its Application • If you have enabled "Administrator Authentication Management", make sure not to forget the administrator login user name and login password. If an administrator login user name or login password is forgotten, a new password must be specified using the supervisor's authority. For instructions on registering the supervisor, see "Supervisor Operations".
Page 31 Enabling Administrator Authentication Press [User Management], [Machine Management], [Network Management], or [File Management] to select which settings to manage. Set "Admin. Authentication" to [On]. "Available Settings" appears. Select the settings to manage from "Available Settings". The selected settings will be unavailable to users. "Available Settings"...
Page 32: Registering The Administrator
2. Administrators/Authentication and Its Application • p.243 "Supervisor Operations" • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" • p.143 "Managing Access to the Machine" Registering the Administrator If administrator authentication has been specified, we recommend only one person take each administrator role.
Page 33 Enabling Administrator Authentication In the line for the administrator whose authority you want to specify, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. If you allocate each administrator's authority to a different person, the screen appears as follows: Press [Change] for the login user name.
Page 34 2. Administrators/Authentication and Its Application Enter the login user name, and then press [OK]. Press [Change] for the login password. Enter the login password, and then press [OK]. Follow the password policy to make the login password more secure. For details about the password policy and how to specify it, see "Specifying the Extended Security Functions".
Page 35 Enabling Administrator Authentication Press [Change] for the encryption password. Enter the encryption password, and then press [OK]. If a password reentry screen appears, enter the encryption password, and then press [OK]. Press [OK] twice. You will be logged off. Press the [User Tools/Counter] key. •...
Page 36: Logging On Using Administrator Authentication
2. Administrators/Authentication and Its Application Logging on Using Administrator Authentication If administrator authentication has been specified, log on using an administrator's user name and password. This section describes how to log on. When you log in with a user name that has multiple administrator authorities, one of the authorities associated with that name is displayed.
Page 37: Logging Off Using Administrator Authentication
Enabling Administrator Authentication Enter the login password, and then press [OK]. "Authenticating... Please wait." appears, followed by the screen for specifying the default. • If user authentication has already been specified, a screen for authentication appears. • To log on as an administrator, enter the administrator's login user name and login password. •...
Page 38: Using Web Image Monitor
2. Administrators/Authentication and Its Application Press the [User Tools/Counter] key. Press [System Settings]. Press [Administrator Tools]. Press [Program / Change Administrator]. In the line for the administrator you want to change, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. Press [Change] for the setting you want to change, and re-enter the setting.
Page 39: Users/Authentication And Its Application
3. Users/Authentication and Its Application Users A user performs normal operations on the machine, such as copying and printing. Users are managed using the personal information in the machine's Address Book, and can use only the functions they are permitted to access by administrators. By enabling user authentication, you can allow only people registered in the Address Book to use the machine.
Page 40: About User Authentication
3. Users/Authentication and Its Application About User Authentication This machine has an authentication function to prevent unauthorized access. By using login user name and login password, you can specify access limits for individual users and groups of users. BBC004S 1. User A user performs normal operations on the machine, such as copying and printing.
Page 41: Authentication Setting Procedure
Authentication Setting Procedure Authentication Setting Procedure Specify administrator authentication and user authentication according to the following chart: Administrator Authentication Specifying Administrator Privileges See "Enabling Administrator Authentication". See "Specifying Administrator Privileges". Registering the Administrator See "Registering the Administrator". User Authentication Specifying User Authentication See "Enabling User Authentication".
Page 42 3. Users/Authentication and Its Application • p.65 "LDAP Authentication" • p.73 "Integration Server Authentication"...
Page 43: Enabling User Authentication
Enabling User Authentication Enabling User Authentication To control users' access to the machine, perform user authentication using login user names and passwords. There are five types of user authentication methods: User Code authentication, Basic authentication, Windows authentication, LDAP authentication, and Integration Server authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authentication.
Page 44: User Code Authentication
3. Users/Authentication and Its Application User Code Authentication This is an authentication method for limiting access to functions according to a user code. The same user code can be used by more than one user. For details about specifying user codes, see "Authentication Information", Network and System Settings Guide.
Page 45 User Code Authentication Select which of the machine's functions you want to limit. The selected settings will be unavailable to users. For details about limiting available functions for individuals or groups, see "Limiting Available Functions". Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)".
Page 46 3. Users/Authentication and Its Application If you select [Simple (All)], you can print even with unauthenticated printer drivers or devices. Specify this setting if you want to print with a printer driver or device that cannot be identified by the machine or if you do not require authentication for printing.
Page 47 User Code Authentication Specify the range in which [Simple (Limitation)] is applied to "Printer Job Authentication". You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 48: Basic Authentication
3. Users/Authentication and Its Application Basic Authentication Specify this authentication method when using the machine's Address Book to authenticate each user. Using Basic authentication, you can not only manage the machine's available functions but also limit access to stored files and to the personal data in the Address Book. Under Basic authentication, the administrator must specify the functions available to each user registered in the Address Book.
Page 49 Basic Authentication Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)". If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)". For a description of the printer job authentication levels, see "Printer Job Authentication". •...
Page 50: Authentication Information Stored In The Address Book
3. Users/Authentication and Its Application Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface: Simple], [USB: Simple] and the clients' IPv4 address range in which printer job authentication is not required.
Page 51: Specifying Login User Name And Login Password
Basic Authentication Users must have a registered account in the Address Book in order to use the machine when User Authentication is specified. For details about user registration, see "Registering Names", Network and System Settings Guide. User authentication can also be specified via SmartDeviceMonitor for Admin or Web Image Monitor. •...
Page 52 3. Users/Authentication and Its Application Press [Auth. Info]. Press [Change] for "Login User Name". Enter a login user name, and then press [OK]. Press [Change] for "Login Password". Enter a login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK].
Page 53: Specifying Authentication Information To Log On
Basic Authentication Specifying Authentication Information to Log on The login user name and password specified in "Address Book Management" can be used as the login information for "SMTP Authentication", "Folder Authentication", and "LDAP Authentication". If you do not want to use the login user name and password specified in "Address Book Management" for "SMTP Authentication", "Folder Authentication", or "LDAP Authentication", see "Address Book"...
Page 54 3. Users/Authentication and Its Application Press the [User Tools/Counter] key. • p.49 "Specifying Login User Name and Login Password"...
Page 55: Windows Authentication
Windows Authentication Windows Authentication Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group registered in the directory server.
Page 56: Specifying Windows Authentication
3. Users/Authentication and Its Application • Users managed in other domains are subject to user authentication, but they cannot obtain items such as e-mail addresses. • If you have created a new user in the domain controller and selected "User must change password at next logon", log on to the machine from the computer to change the password before logging on from the machine's control panel.
Page 57 Windows Authentication If you want to use Kerberos authentication, press [On]. If you want to use NTLM authentication, press [Off] and proceed to step 8. Select Kerberos authentication realm and proceed to step 9. To enable Kerberos authentication, a realm must be registered beforehand. The realm name must be registered in capital letters.
Page 58 3. Users/Authentication and Its Application Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)". If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)". For a description of the printer job authentication levels, see "Printer Job Authentication". •...
Page 59 Windows Authentication Press [On] for "Use Secure Connection (SSL)". If you are not using secure sockets layer (SSL) for authentication, press [Off]. If global groups have been registered under Windows server, you can limit the use of functions for each global group. You need to create global groups in the Windows server in advance and register in each group the users to be authenticated.
Page 60 3. Users/Authentication and Its Application Under "Group Name", press [Change], and then enter the group name. Press [OK]. Select which of the machine's functions you want to permit. Windows Authentication will be applied to the selected functions. Users can use the selected functions only. For details about specifying available functions for individuals or groups, see "Limiting Available Functions".
Page 61 Windows Authentication Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface: Simple], [USB: Simple] and the clients' IPv4 address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticated printer drivers or without any printer driver.
Page 62 3. Users/Authentication and Its Application Press [On] for "Use Secure Connection (SSL)". If you are not using secure sockets layer (SSL) for authentication, press [Off]. If global groups have been registered under Windows server, you can limit the use of functions for each global group.
Page 63 Windows Authentication Under "Group Name", press [Change], and then enter the group name. Press [OK]. Select which of the machine's functions you want to permit. Windows Authentication will be applied to the selected functions. Users can use the selected functions only. For details about specifying available functions for individuals or groups, see "Limiting Available Functions".
Page 64 3. Users/Authentication and Its Application Installing Internet Information Services (IIS) and Certificate services Specify this setting if you want the machine to automatically obtain e-mail addresses registered in Active Directory. We recommend you install Internet Information Services (IIS) and Certificate services as the Windows components.
Page 65 Windows Authentication Check the specified data, which appears as "Request File Summary", and then click [Next]. The server certificate is created. If the fax number cannot be obtained If the fax number cannot be obtained during authentication, specify the setting as follows: Start C:\WINNT\SYSTEM32\adminpak.
Page 66 3. Users/Authentication and Its Application Click [Install]. Enter the contents of the device certificate. In the "Certificate Request" box, enter the contents of the device certificate received from the certificate authority. Click [OK]. "Installed" appears under "Certificate Status" to show that a device certificate for the machine has been installed.
Page 67: Ldap Authentication
LDAP Authentication LDAP Authentication Specify this authentication method when using the LDAP server to authenticate users who have their accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the LDAP server. The Address Book stored in the LDAP server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the Address Book.
Page 68: Specifying Ldap Authentication
3. Users/Authentication and Its Application • User Name You do not have to enter the user name if the LDAP server supports "Anonymous Authentication". • Password You do not have to enter the password if the LDAP server supports "Anonymous Authentication".
Page 69 LDAP Authentication Select [LDAP Auth.]. If you do not want to use user authentication management, select [Off]. Select the LDAP server to be used for LDAP authentication. Select the "Printer Job Authentication" level. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces.
Page 70 3. Users/Authentication and Its Application • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" • p.68 "Selecting Entire or Simple (All)" • p.70 "Selecting Simple (Limitation)" • p.80 "Printer Job Authentication" Selecting Entire or Simple (All) If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 71 LDAP Authentication Press [Change] for "Login Name Attribute". Enter the login name attribute, and then press [OK]. Use the Login Name Attribute as a search criterion to obtain information about an authenticated user. You can create a search filter based on the Login Name Attribute, select a user, and then retrieve the user information from the LDAP server so it is transferred to the machine's Address Book.
Page 72 3. Users/Authentication and Its Application Press [Change] for "Unique Attribute". Enter the unique attribute and then press [OK]. Specify Unique Attribute on the machine to match the user information in the LDAP server with that in the machine. By doing this, if the Unique Attribute of a user registered in the LDAP server matches that of a user registered in the machine, the two instances are treated as referring to the same user.
Page 73 LDAP Authentication you do not require authentication for printing. However, note that, because the machine does not require authentication in this case, it may be used by unauthorized users. Press [Simple (Limitation)]. Press [Change]. Specify the range in which [Simple (Limitation)] is applied to "Printer Job Authentication". You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces.
Page 74 3. Users/Authentication and Its Application For details about specifying available functions for individuals or groups, see "Limiting Available Functions". Press [Change] for "Login Name Attribute". Enter the login name attribute, and then press [OK]. Use the Login Name Attribute as a search criterion to obtain information about an authenticated user. You can create a search filter based on the Login Name Attribute, select a user, and then retrieve the user information from the LDAP server so it is transferred to the machine's Address Book.
Page 75: Integration Server Authentication
Integration Server Authentication Integration Server Authentication To use Integration Server authentication, you need a server on which ScanRouter software that supports authentication is installed. For external authentication, the Integration Server authentication collectively authenticates users accessing the server over the network, providing a server-independent, centralized user authentication system that is safe and convenient.
Page 76 3. Users/Authentication and Its Application Select [Integration Svr. Auth.]. If you do not want to use User Authentication Management, select [Off]. Press [Change] for "Server Name". Specify the name of the server for external authentication. Enter the server name, and then press [OK]. Enter the IPv4 address or host name.
Page 77 Integration Server Authentication Press [Change] for "Domain Name". Enter the domain name, and then press [OK]. You cannot specify a domain name under an authentication system that does not support domain login. Press [Obtain URL]. The machine obtains the URL of the server specified in "Server Name". If "Server Name"...
Page 78 3. Users/Authentication and Its Application If you set "Authentication Type" to [Windows (Native)] or [Windows (NT Compatible)], you can use the global group. If you set "Authentication Type" to [Notes], you can use the Notes group. If you set "Authentication Type"...
Page 79 Integration Server Authentication Users can use the selected functions only. For details about specifying available functions for individuals or groups, see "Limiting Available Functions". Press [OK]. Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)". If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)".
Page 80 3. Users/Authentication and Its Application Press [On] for "Use Secure Connection (SSL)", and then press [OK]. To not use secure sockets layer (SSL) for authentication, press [Off]. Press the [User Tools/Counter] key. Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface: Simple], [USB: Simple] and the clients' IPv4 address range in which printer job authentication is not required.
Page 81 Integration Server Authentication Press [Change]. Specify the range in which [Simple (Limitation)] is applied to "Printer Job Authentication". You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 82: Printer Job Authentication
3. Users/Authentication and Its Application Printer Job Authentication This section explains Printer Job Authentication. Printer Job Authentication Levels and Printer Job Types This section explains the relationship between printer job authentication levels and printer job types. Depending on the combination of printer job authentication level and printer job type, the machine may not print properly.
Page 83 Printer Job Authentication Settings: Disabled • Simple (All) The machine authenticates printer jobs and remote settings that have authentication information, and cancels the jobs and settings that fail authentication. Printer jobs and settings without authentication information are performed without being authenticated.
Page 84 3. Users/Authentication and Its Application 7. A PDF file is printed via ftp. Personal authentication is performed using the user ID and password used for logging on via ftp. However, the user ID and password are not encrypted. • p.209 "Specifying the Extended Security Functions"...
Page 85: If User Authentication Is Specified
If User Authentication is Specified If User Authentication is Specified When user authentication (User Code Authentication, Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authentication) is set, the authentication screen is displayed. Unless a valid user name and password are entered, operations are not possible with the machine. Log on to operate the machine, and log off when you are finished operations.
Page 86: User Code Authentication (Using A Printer Driver)
3. Users/Authentication and Its Application User Code Authentication (Using a Printer Driver) When User Code Authentication is set, specify a user code in printer properties on the printer driver. For details, see the printer driver Help. Login (Using the Control Panel) Use the following procedure to log in when Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authentication is enabled.
Page 87: Login (Using Web Image Monitor)
If User Authentication is Specified Login (Using Web Image Monitor) This section explains how to log on to the machine via Web Image Monitor. Click [Login] on the top page of the Web Image Monitor. Enter a login user name and password, and then click [Login]. •...
Page 88 3. Users/Authentication and Its Application Setting Item Description Setting Values Default Setting Specify whether or not • Active to cancel lockout after Lockout Release Timer • Inactive a specified period • Inactive elapses. Specify the number of Lock Out User for minutes after which 1-9999 min.
Page 89: Auto Logout
If User Authentication is Specified Set the "Lockout Release Timer" to [Active]. In the "Lock Out User for" field, enter the number of minutes until lockout is disabled. Click [OK]. User Lockout Policy is set. Click [OK]. Click [Logout]. Unlocking a Locked User Account A locked user account can be unlocked by the administrator or supervisor with unlocking privileges using Web Image Monitor.
Page 90 3. Users/Authentication and Its Application Press the [User Tools/Counter] key. Press [System Settings]. Press [Timer Settings]. Press [Auto Logout Timer]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [On]. If you do not want to specify [Auto Logout Timer], select [Off].
Page 91 If User Authentication is Specified Enter "60" to "999" (seconds) using the number keys, and then press [ ]. Press the [User Tools/Counter] key. • If a paper jam occurs or a print cartridge runs out of ink, the machine might not be able to perform the Auto Logout function.
Page 92: Authentication Using An External Device
3. Users/Authentication and Its Application Authentication Using an External Device To authenticate using an external device, see the device manual. For details, contact your sales representative.
Page 93: Protecting Document Data Information From Leaks
4. Protecting Document Data Information from Leaks This chapter describes how to protect document data. Preventing Unauthorized Copying In Printer Features, using the printer driver, you can embed a pattern in the printed copy to discourage or prevent unauthorized copying. The unauthorized copy prevention function prevents unauthorized copies of documents by embedding a text pattern (for instance, a warning such as "No Copying") that you can set on the print driver (which will appear on printed copies).
Page 94: Data Security For Copying
4. Protecting Document Data Information from Leaks If the document is copied, faxed and scanned, or stored in the Document Server by a copier or multifunction printer, the embedded pattern appears clearly on the copy, discouraging unauthorized copying. To use the printer function when User Authentication is enabled, you must enter the login user name and password for the printer driver.
Page 95 Preventing Unauthorized Copying confidential information from being copied. Also if a document with embedded pattern is detected, the machine beeps. An unauthorized copy log is also stored. To gray out copies of data security for copying documents when they are copied, faxed and scanned, or stored in the Document Server, the optional Copy Data Security Unit must be installed in the machine.
Page 96: Printing Limitations
4. Protecting Document Data Information from Leaks • If a document with embedded pattern for data security for copying is copied, faxed and scanned, or stored in the Document Server using a copier or multi-function printer without the Copy Data Security Unit, the embedded pattern appears clearly on the copy.
Page 97 Preventing Unauthorized Copying Specifying Printer Settings for Unauthorized Copy Prevention (Printer Driver Setting) Using the printer driver, specify the printer settings for unauthorized copy prevention. To use the printer function when User Authentication is enabled, you must enter the login user name and password for the printer driver.
Page 98 4. Protecting Document Data Information from Leaks • If a document that is not copy-guarded is copied, faxed, scanned, or stored, the copy or stored file is not grayed out. Press the [User Tools/Counter] key. Press [System Settings]. Press [Administrator Tools]. Press [Data Security for Copying].
Page 99: Printing A Confidential Document
Printing a Confidential Document Printing a Confidential Document Depending on the location of the machine, it is difficult to prevent unauthorized persons from viewing prints lying in the machine's output trays. When printing confidential documents, use the Locked Print function. Locked Print •...
Page 100: Printing A Locked Print File
4. Protecting Document Data Information from Leaks Printing a Locked Print File To print a Locked Print file, you must be at the machine and print the file using the control panel. To print Locked Print files, the password is required. If you do not enter the correct password, you cannot print the files.
Page 101: Deleting Locked Print Files
Printing a Confidential Document Press [Print]. Enter the password for the stored file, and then press [OK]. Enter the password specified in step 4 of "Specifying a Locked Print File". Press [Yes]. • p.83 "If User Authentication is Specified" Deleting Locked Print Files This can be specified by the file creator (owner).
Page 102: Changing Passwords Of Locked Print Files
4. Protecting Document Data Information from Leaks Press [Delete]. Enter the password of the Locked Print file, and then press [OK]. The password entry screen does not appear if the file administrator is logged in. Press [Yes]. • Locked Print files can also be deleted by the file administrator. Changing Passwords of Locked Print Files This can be specified by the file creator (owner) or file administrator.
Page 103: Unlocking Locked Print Files
Printing a Confidential Document Enter the password for the stored file, and then press [OK]. The machine administrator does not need to enter the password. Enter the new password for the stored file, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. The password entry screen does not appear if the file administrator is logged in.
Page 104 4. Protecting Document Data Information from Leaks Select the file. Press [Unlock File]. Press [Yes]. • You can use the same procedure to unlock stored print files also. • p.209 "Specifying the Extended Security Functions" • p.34 "Logging on Using Administrator Authentication" •...
Page 105: Specifying Access Permission For Stored Files
Specifying Access Permission for Stored Files Specifying Access Permission for Stored Files This section describes Specifying Access Permission for Stored Files. You can specify who is allowed to access stored scan files and files stored in the Document Server. This can prevent activities such as printing or sending of stored files by unauthorized users. You can also specify which users can change or delete stored files.
Page 106: Assigning Users And Access Permission For Stored Files
4. Protecting Document Data Information from Leaks Assigning Users and Access Permission for Stored Files This can be specified by the file creator (owner) or file administrator. Specify the users and their access permissions for each stored file. By making this setting, only users granted access permission can access stored files. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 107 Specifying Access Permission for Stored Files Press [Change Access Priv.]. Press [Program/Change/Delete]. Press [New Program].
Page 108: Specifying Access Privileges For Files Stored Using The Scanner And Fax Functions
4. Protecting Document Data Information from Leaks Select the users or groups you want to assign permission to. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign access permission to, and then select the permission. Select the access permission from [Read-only], [Edit], [Edit / Delete], or [Full Control].
Page 109 Specifying Access Permission for Stored Files Specifying Access Privileges When Storing Files This section explains how to specify the access privileges and then store a file in the Document Server under the scanner or fax function. The scanner screen is used to illustrate the procedure. Press [Store File].
Page 110 4. Protecting Document Data Information from Leaks Press [Exit]. Select the user who you want to assign access permission to, and then select the permission. Select the access permission from [Read-only], [Edit], [Edit / Delete], or [Full Control]. Press [Exit]. Press [OK].
Page 111 Specifying Access Permission for Stored Files Press [Manage / Delete File]. Press [Change Access Priv.]. Press [Program/Change/Delete].
Page 112: Assigning The User And The Access Permission For The User's Stored Files
4. Protecting Document Data Information from Leaks Press [New Program]. Select the users or groups you want to assign permission to. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign access permission to, and then select the permission.
Page 113 Specifying Access Permission for Stored Files Select the user or group. Press [Protection]. Under "Protect File(s)", press [Program/Change/Delete] for "Permissions for Users/ Groups". If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [New Program].
Page 114: Specifying Passwords For Stored Files
4. Protecting Document Data Information from Leaks • p.35 "Logging off Using Administrator Authentication" Specifying Passwords for Stored Files This can be specified by the file creator (owner) or file administrator. Specify passwords for stored files. This provides increased protection against unauthorized use of files. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 115: Unlocking Files
Specifying Access Permission for Stored Files Press [OK]. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" Unlocking Files If you specify "Enhance File Protection", the file will be locked and become inaccessible if an invalid password is entered ten times.
Page 116 4. Protecting Document Data Information from Leaks...
Page 117: Protecting Information Transmitted Through The Network Or Stored On The Hard Disk From Leaks
5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks This chapter describes how to protect information transmitted through the network or stored on the hard disk from unauthorized viewing and modification. Preventing Data Leaks Due to Unauthorized Transmission This section describes Preventing Data Leaks Due to Unauthorized Transmission.
Page 118 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Press the [User Tools/Counter] key. Press [System Settings]. Press [Administrator Tools]. Press [Extended Security]. Press [On] for "Restrict Use of Destinations". If "Restrict Use of Destinations" is set to [On], "Restrict Adding of User Destinations" does not appear. Press [OK].
Page 119: Using S/Mime To Protect Email Transmission
Using S/MIME to Protect Email Transmission Using S/MIME to Protect Email Transmission By registering a user certificate in the Address Book, you can send e-mail that is encrypted with a public key which prevents its content from being altered during transmission. You can also prevent sender impersonation (spoofing) by installing a device certificate on the machine, and attaching an electronic signature created with a private key.
Page 120 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks 2. Install the user certificate in the Address Book using Web Image Monitor. (The public key on the certificate is specified in the Address Book.) 3.
Page 121: Attaching An Electronic Signature
Using S/MIME to Protect Email Transmission Click [OK]. Click [Logout]. Specifying the Encryption Algorithm This can be specified by the network administrator. Open a Web browser. Enter "http://(the machine's IP address or host name)/" in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is "192.168.001.010", you must enter it as "192.168.1.10"...
Page 122 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks 2. Attach the electronic signature to an e-mail using the secret key provided by the device certificate. 3. Send the e-mail with the electronic signature attached to the user. 4.
Page 123 Using S/MIME to Protect Email Transmission Click [Login]. The network administrator can log on. Enter the login user name and login password. Click [Configuration], and then click [Device Certificate] under "Security". Check the radio button next to the number of the certificate you want to create. Click [Create].
Page 124 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Check the radio button next to the number of the certificate you want to request. Click [Request]. Make the necessary settings. Click [OK]. "Requesting" appears for Certificate Status in the "Certificates" area. Click [Logout].
Page 125 Using S/MIME to Protect Email Transmission Check the radio button next to the number of the certificate you want to install. Click [Install]. Enter the details of the device certificate. In the Certificate Request box, enter the details of the device certificate received from the certificate authority.
Page 126 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks After installing the device certificate on the machine, configure the electronic signature using Web Image Monitor. The configuration procedure is the same regardless of whether you are using a self-signed certificate or a certificate issued by a certificate authority.
Page 127: Protecting The Address Book
Protecting the Address Book Protecting the Address Book If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user. To protect the data from unauthorized reading, you can also encrypt the data in the Address Book. Address Book Access Permission This can be specified by the registered user.
Page 128: Encrypting Data In The Address Book
5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Select the user who you want to assign access permission to, and then select the permission. Select the permission, from [Read-only], [Edit], [Edit / Delete], or [Full Control]. Press [Exit].
Page 129 Protecting the Address Book Press [Change] for "Encryption Key". Enter the encryption key, and then press [OK]. Enter the encryption key using up to 32 alphanumeric characters. Press [Encrypt / Decrypt].
Page 130 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Press [Yes]. Do not switch the main power off during encryption, as doing so may corrupt the data. Encrypting the data in the Address Book may take a long time. The time it takes to encrypt the data in the Address Book depends on the number of registered users.
Page 131: Encrypting Data On The Hard Disk
Encrypting Data on the Hard Disk Encrypting Data on the Hard Disk This can be specified by the machine administrator. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication". In order to use this function, the HDD Encryption Unit option is required.
Page 132 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks about three hours. If both the erase-by-overwrite function and the encryption function are specified, encryption begins after the data that is stored on the hard disk has been overwritten and the machine has been rebooted using the [Stand by] - [On] procedure.
Page 133: Printing The Encryption Key
Encrypting Data on the Hard Disk Press the [Start] key. The encryption key for backup data is printed. Press [OK]. Press [Exit]. Press [Exit]. Press the [User Tools/Counter] key. Turn off the power and the main power switch, and then turn the main power switch back For details about turning off the power, see "Turning On the Power", About This Machine.
Page 134: Updating The Encryption Key
5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Press [Print Encryption Key]. Press the [Start] key. The encryption key for retrieving backup data is printed. Press [Exit]. Updating the Encryption Key You can update the encryption key and create a new key. Updates are possible when the machine is functioning normally.
Page 135: Canceling Data Encryption
Encrypting Data on the Hard Disk Press [Update Encryption Key]. Select the data to be carried over to the hard disk and not be reset. To carry all of the data over to the hard disk, select [All Data]. To carry over only the machine settings data, select [File System Data Only].
Page 136 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks • After completing this procedure on the machine's control panel, turn off the power and restart the machine to enable the new settings. Restarting can be slow when there is data to be carried over to the hard disk.
Page 137: Deleting Data On The Hard Disk
Deleting Data on the Hard Disk Deleting Data on the Hard Disk This can be specified by the machine administrator. To use this function, the optional DataOverwriteSecurity Unit must be installed. The machine's hard disk stores all document data from the copier, printer, fax, and scanner functions. It also stores the data of users' document servers and code counters, and the Address Book.
Page 138 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks This icon is lit when there is temporary data to be overwritten, and Dirty blinks during overwriting. Clear This icon is lit when there is no temporary data to be overwritten. •...
Page 139 Deleting Data on the Hard Disk • When Auto Erase Memory is set to [On], temporary data that remained on the hard disk when Auto Erase Memory was set to [Off] might not be overwritten. Press the [User Tools/Counter] key. Press [System Settings].
Page 140 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Enter the number of times that you want to overwrite using the number keys, and then press [ ]. Press [OK]. Auto Erase Memory is set. •...
Page 141 Deleting Data on the Hard Disk • To set Auto Erase Memory to [On] again, repeat the procedure in "Using Auto Erase Memory". • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" Types of Data that Can or Cannot Be Overwritten The following are the types of data that can or cannot be overwritten by "Auto Erase Memory".
Page 142: Erase All Memory
5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Data stored in the Address Book can be encrypted for security. For details, see "Protecting the Address Book". • Counters stored under each user code •...
Page 143 Deleting Data on the Hard Disk Press [ Next] repeatedly until [Erase All Memory] appears. Press [Erase All Memory]. Select the method of overwriting. If you select [NSA] or [DoD], proceed to step 10. If you select [Random Numbers], proceed to step 8. For details about the methods of overwriting, see "Methods of Overwriting".
Page 144 5. Protecting Information Transmitted Through the Network or Stored on the Hard Disk from Leaks Press [Yes]. When overwriting is completed, press [Exit], and then turn off the main power. Before turning the power off, see "Turning On the Power", About This Machine. •...
Page 145: Managing Access To The Machine
6. Managing Access to the Machine This chapter describes how to prevent unauthorized access to and modification of the machine's settings. Preventing Modification of Machine Settings This section describes Preventing Modification of Machine Settings. The administrator type determines which machine settings can be modified. Users cannot change the administrator settings.
Page 146 6. Managing Access to the Machine For a list of settings that users can specify according to the Menu Protect level, see "User Settings - Control Panel Settings", "User Settings - Web Image Monitor Settings". • p.23 "Administrators" • p.30 "Registering the Administrator" •...
Page 147: Menu Protect
Menu Protect Menu Protect The administrator can also limit users' access permission to the machine's settings. The machine's "System Settings" menu and the printer's regular menus can be locked so they cannot be changed. This function is also effective when management is not based on user authentication. For a list of settings that users can specify according to the Menu Protect level, see "User Settings - Control Panel Settings", or "User Settings - Web Image Monitor Settings".
Page 148 6. Managing Access to the Machine Press [Administrator Tools]. Press [Menu Protect]. Select the menu protect level, and then press [OK]. Press the [User Tools/Counter] key. Fax Functions To specify "Menu Protect" in "Facsimile Features", set "Machine Management" to [On] in "Administrator Authentication Management"...
Page 149 Menu Protect Press [Initial Settings]. Press [Menu Protect]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select the menu protect level, and then press [OK]. Press the [User Tools/Counter] key. Printer Functions To specify "Menu Protect"...
Page 150 6. Managing Access to the Machine Press [Printer Features]. Press [Maintenance]. Press [Menu Protect]. Select the menu protect level, and then press [OK]. Press the [User Tools/Counter] key. Scanner Functions To specify "Menu Protect" in "Scanner Features", set "Machine Management" to [On] in "Administrator Authentication Management"...
Page 151 Menu Protect Press [Scanner Features]. Press [Initial Settings]. Press [Menu Protect]. Select the menu protect level, and then press [OK]. Press the [User Tools/Counter] key.
Page 152: Limiting Available Functions
6. Managing Access to the Machine Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine's functions. Available Functions Specify the available functions from the copier, Document Server, fax, scanner, and printer functions. Specifying Which Functions are Available This can be specified by the user administrator.
Page 153 Limiting Available Functions • p.35 "Logging off Using Administrator Authentication"...
Page 154: Managing Log Files
6. Managing Access to the Machine Managing Log Files 1. Log information To view the log, Web SmartDeviceMonitor is required. The following log information is stored in the machine's memory and on its hard disk: • Job log Stores information about user file-related activities, such as copying, printing, sending and receiving faxes, and sending scanned files.
Page 155 Managing Log Files Press the [User Tools/Counter] key. Press [System Settings]. Press [Administrator Tools]. Press [Transfer Log Setting]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [Off]. Press [OK]. Press the [User Tools/Counter] key.
Page 156: Using Web Smartdevicemonitor To Manage Log Files
6. Managing Access to the Machine Press [Exit]. Press the [User Tools/Counter] key. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" Using Web SmartDeviceMonitor to Manage Log Files For details about using Web SmartDeviceMonitor to manage Log Files, see the manual supplied with the Using Web SmartDeviceMonitor.
Page 157 Managing Log Files Enter " http://(the machine's IP address or host name)/" in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is "192.168.001.010", you must enter it as "192.168.1.10" to connect to the machine. The top page of Web Image Monitor appears.
Page 158 6. Managing Access to the Machine Click [OK]. The log is encrypted. If other changes have been made in related log settings, they will occur at the same time. Click [Logout]. • In order to enable encryption, either Collect Job Logs or Collect Access Logs, or both must be set to [Active].
Page 159: Enhanced Network Security
7. Enhanced Network Security This chapter describes how to increase security over the network using the machine's functions. Preventing Unauthorized Access You can limit IP addresses, disable ports and protocols, or use Web Image Monitor to specify the network security level to prevent unauthorized access over the network and protect the Address Book, stored files, and default settings.
Page 160: Enabling/Disabling Protocols
7. Enhanced Network Security Click [OK]. Access control is set. Click [Logout]. Enabling/Disabling Protocols This can be specified by the network administrator. Specify whether to enable or disable the function for each protocol. By making this setting, you can specify which protocols are available and so prevent unauthorized access over the network.
Page 161 Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition Functions that require FTP cannot be used. • Web Image Monitor You can restrict • telnet personal information • SmartDeviceMonitor TCP:21 from being displayed by for Admin making settings on the •...
Page 162 7. Enhanced Network Security Protocol Port Setting Method Disabled Condition You can also make settings to require SSL transmission using the control panel or Web Image Monitor. • Control Panel • Web Image Monitor • telnet SMB printing functions TCP:139 •...
Page 163 Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition Web Image Monitor, or telnet. Functions that require RSH and network TWAIN functions • Web Image Monitor cannot be used. • telnet You can restrict • SmartDeviceMonitor RSH/RCP TCP:514 personal information for Admin from being displayed by •...
Page 164 7. Enhanced Network Security Protocol Port Setting Method Disabled Condition TCP/UDP:49152 (T. Device discovery using • Web Image Monitor SSDP UDP:1900 UPnP from Windows • telnet cannot be used. • Web Image Monitor • telnet Bonjour functions • SmartDeviceMonitor Bonjour UDP:5353 cannot be used.
Page 165 Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition • Web Image Monitor • telnet TCP:53000 WSD (Device) functions • SmartDeviceMonitor WSD (Device) cannot be used. (variable) for Admin • Web SmartDeviceMonitor • Web Image Monitor • telnet TCP:53001 WSD (Printer) functions •...
Page 166 7. Enhanced Network Security Making Settings Using the Control Panel Press the [User Tools/Counter] key. Press [System Settings]. Press [Interface Settings]. Press [Effective Protocol]. Press [Inactive] for the protocol you want to disable. Press [OK]. Press the [User Tools/Counter] key. Making Settings Using Web Image Monitor Open a Web browser.
Page 167: Specifying Network Security Level
Preventing Unauthorized Access Click [Configuration], and then click [Network Security] under "Security". Set the desired protocols to active/inactive (or open/close). Click [OK]. Click [OK]. Click [Logout]. • To disable SMTP from Web Image Monitor, specify a protocol other than SMTP as the mail receiving protocol.
Page 168 7. Enhanced Network Security Press [Network Security Level]. If the setting you want to specify does not appear, press [ Next] to scroll down to other settings. Select the network security level. Select [Level 0], [Level 1], or [Level 2]. Press [OK].
Page 169 Preventing Unauthorized Access Select the network security level in "Security Level". Click [OK]. Click [OK]. Click [Logout]. Status of Functions under each Network Security Level Tab Name:TCP/IP Function Level 0 Level 1 Level 2 TCP/IP Active Active Active HTTP> Port 80 Open Open Open...
Page 170 7. Enhanced Network Security Function Level 0 Level 1 Level 2 WSD (Device) Active Active Inactive WSD (Printer) Active Active Inactive WSD (Scanner) Active Active Inactive RHPP Active Active Inactive Tab Name:NetWare Function Level 0 Level 1 Level 2 NetWare Active Active Inactive...
Page 171: Encrypting Transmitted Passwords
Encrypting Transmitted Passwords Encrypting Transmitted Passwords Prevent login passwords, group passwords for PDF files, and IPP authentication passwords from being revealed by encrypting them for transmission. Also, encrypt the login password for administrator authentication and user authentication. Driver Encryption Key Encrypt the password transmitted when specifying user authentication.
Page 172 7. Enhanced Network Security For "Driver Encryption Key", press [Change]. "Driver Encryption Key" is one of the extended security functions. For details about this and other security functions, see "Specifying the Extended Security Functions". Enter the driver encryption key, and then press [OK]. Enter the driver encryption key using up to 32 alphanumeric characters.
Page 173: Group Password For Pdf Files
Encrypting Transmitted Passwords Group Password for PDF files This can be specified by the machine administrator. On the machine, specify the group password for PDF files. By using a PDF group password, you can enhance security and so protect passwords from being analyzed. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 174 7. Enhanced Network Security Enter the password, and then press [OK]. For "Confirm New Password", press [Enter]. Enter the password and press [OK]. Press [OK]. Press the [User Tools/Counter] key. • The machine administrator must give users the group password for PDF files that are already registered on the machine.
Page 175: Ipp Authentication Password
Encrypting Transmitted Passwords • The group password for PDF files can also be specified using Web Image Monitor. For details, see Web Image Monitor Help. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" IPP Authentication Password This can be specified by the network administrator.
Page 176: Protection Using Encryption
7. Enhanced Network Security Protection Using Encryption Establish encrypted transmission on this machine using SSL, SNMPv3, and IPsec. By encrypting transmitted data and safeguarding the transmission route, you can prevent sent data from being intercepted, analyzed, and tampered with. SSL (Secure Sockets Layer) Encryption This can be specified by the network administrator.
Page 177 Protection Using Encryption 2. The device certificate and public key are sent from the machine to the user's computer. 3. Create a shared key from the user's computer, and then encrypt it using the public key. 4. The encrypted shared key is sent to the machine. 5.
Page 178 7. Enhanced Network Security Enter "http://(the machine's IP address or host name)/" in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is "192.168.001.010", you must enter it as "192.168.1.10" to connect to the machine. The top page of Web Image Monitor appears.
Page 179 Protection Using Encryption Click [Configuration], and then click [Device Certificate] under "Security". The "Device Certificate" page appears. Check the radio button next to the number of the certificate you want to request. Click [Request]. Make the necessary settings. Click [OK]. "Requesting"...
Page 180 7. Enhanced Network Security Click [Configuration], and then click [Device Certificate] under "Security". The "Device Certificate" page appears. Check the radio button next to the number of the certificate you want to install. Click [Install]. Enter the contents of the device certificate. In the "Certificate Request"...
Page 181: User Settings For Ssl (Secure Sockets Layer)
Protection Using Encryption User Settings for SSL (Secure Sockets Layer) If you have installed a device certificate and enabled SSL (Secure Sockets Layer), you need to install the certificate on the user's computer. The network administrator must explain the procedure for installing the certificate to users. If a warning dialog box appears while accessing the machine using Web Image Monitor or IPP, start the Certificate Import Wizard and install a certificate.
Page 182 7. Enhanced Network Security Setting the SSL / TLS Encryption Mode This can be specified by the network administrator. After installing the device certificate, specify the SSL/TLS encrypted communication mode. By making this setting, you can change the security level. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 183: Snmpv3 Encryption
Protection Using Encryption • The SSL/TLS encrypted communication mode can also be specified using Web Image Monitor. For details, see Web Image Monitor Help. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" SNMPv3 Encryption This can be specified by the network administrator.
Page 184 7. Enhanced Network Security SNMPv3 Communication] on the machine. For details about specifying [Encryption Key] in SmartDeviceMonitor for Admin, see SmartDeviceMonitor for Admin Help. • If network administrator's [Encryption Password] setting is not specified, the data for transmission may not be encrypted or sent. For details about specifying the network administrator's [Encryption Password] setting, see "Registering the Administrator".
Page 185: Transmission Using Ipsec
Transmission Using IPsec Transmission Using IPsec This can be specified by the network administrator. For communication security, this machine supports IPsec. IPsec transmits secure data packets at the IP protocol level using the shared key encryption method, where both the sender and receiver retain the same key.
Page 186: Encryption Key Auto Exchange Settings And Encryption Key Manual Settings
7. Enhanced Network Security • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically. AH Protocol The AH protocol provides secure transmission through authentication of packets only, including headers.
Page 187: Ipsec Settings
Transmission Using IPsec Settings 1-4 and Default Setting Using either the manual or auto exchange method, you can configure four separate sets of SA details (such as different shared keys and IPsec algorithms). In the default settings of these sets, you can include settings that the fields of sets 1 to 4 cannot contain.
Page 188 7. Enhanced Network Security Security Level Security Level Features Since the data is sent in cleartext, data packets are vulnerable to eavesdropping attacks. Do not select this if you are exchanging sensitive information. Select this level if you want to encrypt the data packets as well as authenticate the transmission partner and prevent unauthorized Authentication and Low Level packet tampering.
Page 189 Transmission Using IPsec Authentication and Low Authentication and High Setting Authentication Only Level Encryption Level Encryption Phase 2 HMAC-MD5-96/ HMAC-MD5-96/ Authentication HMAC-SHA1-96 HMAC-SHA1-96 HMAC-SHA1-96 Algorithm DES/3DES/ Phase 2 Encryption Cleartext (NULL 3DES/AES-128/ AES-128/AES-192/ Algorithm encryption) AES-192/AES-256 AES-256 Phase 2 PFS Inactive Inactive Encryption Key Auto Exchange Setting Items...
Page 190 7. Enhanced Network Security Setting Description Setting Value • apply Security Policy Specify how IPsec is handled. • bypass • discarded • Transport • Tunnel (Tunnel beginning address - Tunnel ending address) Specify the encapsulation If you specify "Tunnel", you mode.
Page 191 Transmission Using IPsec Setting Description Setting Value Specify the encryption Phase 1 algorithm to be used in phase • DES Encryption Algorithm • 3DES (auto setting) Select the Diffie-Hellman group • 1 Phase 1 number used for IKE encryption • 2 key generation.
Page 192 7. Enhanced Network Security Setting Description Setting Value (auto setting) • 14 Specify the time period for Specify a period (in seconds) Phase 2 which the SA settings in phase from 300 (5min.) to 172800 Validity Period 2 are valid. (48 hrs.).
Page 193 Transmission Using IPsec Setting Description Setting Value the beginning point as you set in "Local Address". Specify the same value as your Any number between 256 and SPI (Output) transmission partner's SPI input 4095 value. Specify the same value as your Any number between 256 and SPI (Input) transmission partner's SPI...
Page 194: Encryption Key Auto Exchange Settings Configuration Flow
7. Enhanced Network Security Setting Description Setting Value • AES-128 • AES-192 • AES-256 Specify a value within the ranges shown below, according to the encryption algorithm. hexadecimal value 0-9, a-f, A-F • DES, set 16 digits • 3DES, set 48 digits •...
Page 195 Transmission Using IPsec BBD004S • To use a certificate to authenticate the transmission partner in encryption key auto exchange settings, a device certificate must be installed. • After configuring IPsec, you can use "Ping" command to check if the connection is established correctly. However, you cannot use "Ping"...
Page 196 7. Enhanced Network Security Click [Edit] under "Encryption Key Auto Exchange Settings". Make encryption key auto exchange settings in [Settings 1]. If you want to make multiple settings, select the settings number and add settings. Click [OK]. Select [Active] for "IPsec". Set "Exclude HTTPS Transmission"...
Page 197 Transmission Using IPsec Click [OK]. Click [Logout]. Specifying IPsec Settings on the Computer Specify exactly the same settings for IPsec SA settings on your computer as are specified by the machine's security level on the machine. Setting methods differ according to the computer's operating system. The example procedure shown here uses Windows XP when the Authentication and Low Level Encryption Security level is selected.
Page 198 7. Enhanced Network Security If you select "Certificate" for authentication method in Encryption Key Auto Exchange Settings on the machine, specify the device certificate. If you select PSK, enter the same PSK text specified on the machine with the pre-shared key. Click [Add] in the IP Filter List.
Page 199: Encryption Key Manual Settings Configuration Flow
Transmission Using IPsec • If you specify the "Authentication and High Level Encryption" security level in encryption key auto exchange settings, also select the "Master key perfect forward secrecy (PFS)" check box in the Security Filter Properties screen (which appears in step 29). If using PFS in Windows XP, the PFS group number used in phase 2 is automatically negotiated in phase 1 from the Diffie-Hellman group number (set in step 11).
Page 200: Telnet Setting Commands
7. Enhanced Network Security Open a Web browser. Enter "http://(the machine's IP address or host name)/" in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is "192.168.001.010", you must enter it as "192.168.1.10" to connect to the machine. The top page of Web Image Monitor appears.
Page 201 Transmission Using IPsec Display current settings msh> ipsec Displays the following IPsec settings information: • IPsec shared settings values • Encryption key manual settings, SA setting 1-4 values • Encryption key manual settings, default setting values • Encryption key auto exchange settings, IKE setting 1-4 values •...
Page 202 7. Enhanced Network Security Display current settings msh> ipsec manual {1|2|3|4|default} • To display the settings 1-4, specify the number [1-4]. • To display the default setting, specify [default]. • Not specifying any value displays all of the settings. Disable settings msh>...
Page 203 Transmission Using IPsec • If you have set the address type in the default setting to [any], you cannot use [tunnel] in encapsulation mode. • Not specifying an encapsulation mode displays the current setting. Tunnel end point setting msh> ipsec manual {1|2|3|4|default} tunneladdar beginning IP address ending IP address •...
Page 204 7. Enhanced Network Security Display current settings msh> ipsec ike {1|2|3|4|default} • To display the settings 1-4, specify the number [1-4]. • To display the default setting, specify [default]. • Not specifying any value displays all of the settings. Disable settings msh>...
Page 205 Transmission Using IPsec IPsec requirement level setting msh> ipsec ike {1|2|3|4|default} level {require|use} • Enter the separate setting number [1-4] or [default] and specify the IPsec requirement level. • If you specify [require], data will not be transmitted when IPsec cannot be used. If you specify [use], data will be sent normally when IPsec cannot be used.
Page 206 7. Enhanced Network Security • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) hash algorithm. • To use MD5, enter [md5]. To use SHA1, enter [sha1]. • Not specifying the hash algorithm displays the current setting. ISAKMP SA (phase 1) encryption algorithm setting msh>...
Page 207 Transmission Using IPsec • Separate multiple encryption algorithm entries with a comma (,). The current setting values are displayed in order of highest priority. • Not specifying an encryption algorithm displays the current setting. IPsec SA (phase 2) PFS setting msh>...
Page 208: Authentication By Telnet
7. Enhanced Network Security Authentication by telnet This section explains Authentication by telnet. When using telnet, the default login name for administrator login is "admin" and the password is blank. For details on how to login to telnet, see "Using telnet", Network and System Settings Guide.
Page 209: Authentication By Ieee802.1X
Authentication by IEEE802.1X Authentication by IEEE802.1X IEEE802.1X enables authentication in an Ethernet or wireless LAN environment. For details, see "Using telnet", Network and System Settings Guide.
Page 210 7. Enhanced Network Security...
Page 211: Specifying The Extended Security Functions
8. Specifying the Extended Security Functions This chapter describes the machine's extended security features and how to specify them. Specifying the Extended Security Functions In addition to providing basic security through user authentication and administrator specified access limits on the machine, security can also be increased by encrypting transmitted data and data in the Address Book.
Page 212: Settings
8. Specifying the Extended Security Functions Press the setting you want to change, and change the setting. Press [OK]. Press the [User Tools/Counter] key. Settings Default settings are shown in bold type. Driver Encryption Key This can be specified by the network administrator. Encrypt the password transmitted when specifying user authentication.
Page 213 Specifying the Extended Security Functions Restrict Adding of User Destinations This can be specified by the user administrator. When "Restrict Use of Destinations" is set to [Off], after entering a fax or scanner destination directly, you can register it in the Address Book by pressing [Program Dest.]. If [On] is selected for this setting, [Program Dest.] does not appear.
Page 214 8. Specifying the Extended Security Functions • Do not Prohibit Restrict Use of Simple Encryption This can be specified by the network administrator. When a sophisticated encryption method cannot be enabled, simple encryption will be applied. For example, when using User Management Tool and Address Management in Smart Device Monitor for Admin to edit the Address Book, or DeskTopBinder and ScanRouter delivery software and SSL/TLS cannot be enabled, make this setting [Off] to enable simple encryption.
Page 215 Specifying the Extended Security Functions • Login Privilege • Access Privilege • Off Password Policy This can be specified by the user administrator. The password policy setting is effective only if [Basic Auth.] is specified. This setting lets you specify [Complexity Setting] and [Minimum Character No.] for the password. By making this setting, you can limit the available passwords to only those that meet the conditions specified in "Complexity Setting"...
Page 216 8. Specifying the Extended Security Functions If you select [Prohibit], the machine stops during startup when a firmware structure change is detected and a message requesting administrator login is displayed. After the machine administrator logs in, the machine finishes startup with the updated firmware. The administrator can confirm if the updated structure change is permissible or not by checking the firmware version displayed on the control panel screen.
Page 217: Other Security Functions
Other Security Functions Other Security Functions This section explains settings for preventing information leaks, and functions that you can restrict to further increase security. Fax Function Not Displaying Destinations and Senders in Reports and Lists In [Facsimile Features], you can specify whether to display destinations and sender names by setting "Switch 4, Bit No.
Page 218 8. Specifying the Extended Security Functions WSD scanner function WSD scanner function is automatically disabled when user authentication is specified. Even if automatically disabled, it can be enabled from the initial settings available in the Web Image Monitor. For instructions on how to configure this function, see "Before Sending Scan Files Using WSD", Scanner Reference.
Page 219: Limiting Machine Operation To Customers Only
Limiting Machine Operation to Customers Only Limiting Machine Operation to Customers Only The machine can be set so that operation is impossible without administrator authentication. The machine can be set to prohibit operation without administrator authentication and also prohibit remote registration in the Address Book by a service representative.
Page 220: Canceling Service Mode Lock
8. Specifying the Extended Security Functions Press [On], and then press [OK]. A confirmation message appears. Press [Yes]. Press the [User Tools/Counter] key. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication" Canceling Service Mode Lock For a service representative to carry out inspection or repair in service mode, the machine administrator must log on to the machine and cancel the service mode lock.
Page 221 Limiting Machine Operation to Customers Only Press [Off], and then press [OK]. Press the [User Tools/Counter] key. The service representative can switch to service mode. • p.34 "Logging on Using Administrator Authentication" • p.35 "Logging off Using Administrator Authentication"...
Page 222 8. Specifying the Extended Security Functions...
Page 223: Troubleshooting
9. Troubleshooting This chapter describes what to do if the machine does not function properly. Authentication Does Not Work Properly This section explains what to do if a user cannot operate the machine because of a problem related to user authentication.
Page 224 9. Troubleshooting Messages Cause Solutions "Failed to obtain URL." The machine cannot connect to Make sure the server's settings, the server or cannot establish such as the IP address and host communication. name, are specified correctly on the machine. Make sure the host name of the UA Server is specified correctly.
Page 225: An Error Code Appears
Authentication Does Not Work Properly Messages Cause Solutions "Administrator Authentication for Admin. Authentication is not To specify Basic Authentication, User Management must be set to configured under "Administrator Windows Authentication, LDAP on before this selection can be Authentication Management". Authentication, or Integration made."...
Page 226 9. Troubleshooting Basic Authentication Error Code Cause Solution Make sure no other user is A TWAIN operation occurred B0103-000 logged on to the machine, and during authentication. then try again. 1. A password error occurred. Make sure the password is entered correctly.
Page 227 Authentication Does Not Work Properly Error Code Cause Solution If the account name was entered incorrectly, enter it correctly and log in again. An authentication error occurred because the Address Wait a few minutes and then try B0207-001 Book is being used at another again.
Page 228 9. Troubleshooting Error Code Cause Solution The user attempted Only the administrator has authentication from an login privileges on this screen. application on the "System W0206-002 Settings" screen, where only Log in as a general user from the administrator has the application's login screen.
Page 229 Authentication Does Not Work Properly Error Code Cause Solution Make sure that the user is 2. A login name or password registered on the server. W0406-104 error occurred. Use a registered login user name and password. Make sure that the Windows 3.
Page 230 9. Troubleshooting Error Code Cause Solution 2. Make sure that the ports for the domain control firewall and the firewall on the machine to the domain control connection path are open. If you are using a Windows firewall, open "Network Connection Properties".
Page 231 Authentication Does Not Work Properly Error Code Cause Solution specified in lower-case letters. Make sure the realm name is specified in capital letters. 4. Kerberos authentication will fail if automatic retrieval for KDC fails. Ask your service representative to make sure the KDC retrieval settings are set to "automatic retrieval".
Page 232 9. Troubleshooting Error Code Cause Solution Auth. Info in the user account registered on the machine. If there is more than one DC, make sure that a confidential relationship has been configured between each DC. Make sure that DNS/WINS is The domain name cannot be W0400-106 specified in the domain name in...
Page 233 Authentication Does Not Work Properly Error Code Cause Solution 2. If the authentication server attribute specified in LDAP has just been changed, delete authentication settings.) the old name on the server. An authentication error occurred because the Address Wait a few minutes and then try W0607-001 Book is being used at another again.
Page 234 9. Troubleshooting Error Code Cause Solution 3. A driver encryption key error occurred. Make sure that the encryption key is correctly specified on the driver. A login user name was not Set the DeskTopBinder login L0105-000 specified but a DeskTopBinder user name correctly.
Page 235 Authentication Does Not Work Properly Error Code Cause Solution authentication attack is not occurring. Notify the administrator of the screen message by e-mail, and check the system log for signs of an authentication attack. Change the LDAP server Authentication is disabled in the L0406-201 settings in administrator tools, in LDAP server settings.
Page 236 9. Troubleshooting Error Code Cause Solution If the login user name exceeds 128 bytes. 1. Authentication will fail if the password is left blank in simple authentication mode. To allow blank passwords, contact your service representative. 2. In simple authentication mode, the DN of the login user L0406-202 3.
Page 237 Authentication Does Not Work Properly Error Code Cause Solution The login attribute's search criteria might not be specified Failed to obtain user or the specified search L0400-210 information in LDAP search. information is unobtainable. Make sure the login name attribute is specified correctly. Recreate the account if the An authentication error account name contains any of...
Page 238 9. Troubleshooting Error Code Cause Solution An authentication error occurred because the Address Wait a few minutes and then try L0707-001 Book is being used at another again. location. Integration Server Authentication Error Code Cause Solution Make sure no other user is A TWAIN operation occurred I0103-000 logged on to the machine, and...
Page 239 Authentication Does Not Work Properly Error Code Cause Solution Recreate the account if the account name contains any of An authentication error these prohibited characters. occurred because the user I0206-003 name contains a space, colon If the account name was (:), or quotation mark (").
Page 240: Machine Cannot Be Operated
9. Troubleshooting Error Code Cause Solution The authentication server login 1. Delete the old, duplicated name is the same as a user name or change the login name already registered on the name. I0511-000 machine. (Names are 2. If the authentication server distinguished by the unique has just been changed, delete attribute specified in the LDAP...
Page 241 Authentication Does Not Work Properly Condition Cause Solution Send or print with the LAN-Fax Confirm with the user driver administrator if using basic authentication. Cannot perform the following: The encryption key specified in Specify the driver encryption key the driver does not match the registered in the machine.
Page 242 9. Troubleshooting Condition Cause Solution Authentication/Encryption] in Alternatively, "SSL/TLS" has Alternatively, enable "SSL/TLS", DeskTopBinder. been enabled although the install the server certificate in the required certificate is not installed machine, and then install the in the computer. certificate in the computer. See "Setting the SSL / TLS Encryption Mode".
Page 243 Authentication Does Not Work Properly Condition Cause Solution User authentication is enabled, User authentication may have Re-enable user authentication, yet destinations specified using been disabled while [All Users] is and then enable [All Users] for the machine do not appear. not specified.
Page 244 9. Troubleshooting...
Page 245: 10. Appendix
10. Appendix Supervisor Operations The supervisor can delete an administrator's password and specify a new one. If any of the administrators forgets their password or if any of the administrators changes, the supervisor can assign a new password. If logged on using the supervisor's user name and password, you cannot use normal functions or specify defaults.
Page 246: Logging Off As The Supervisor
10. Appendix Logging off as the Supervisor If administrator authentication has been specified, be sure to log off after completing settings. This section describes how to log off after completing settings. Press the [Login/Logout] key. Press [Yes]. Changing the Supervisor This section describes how to change the supervisor's login name and password.
Page 247: Resetting An Administrator's Password
Supervisor Operations Press [Change] for the login user name. Enter the login user name, and then press [OK]. Press [Change] for the login password. Enter the login password, and then press [OK]. You will be automatically logged off. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK] twice.
Page 248 10. Appendix Press [Change] for the administrator you wish to reset. Press [Change] for the login password. Enter the login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK] twice. Press the [User Tools/Counter] key.
Page 249: Machine Administrator Settings
Machine Administrator Settings Machine Administrator Settings The machine administrator settings that can be specified are as follows: System Settings The following settings can be specified. General Features All the settings can be specified. Tray Paper Settings All the settings can be specified. Timer Settings All the settings can be specified.
Page 250 10. Appendix • Reception Protocol • POP3 / IMAP4 Settings Server Name Encryption Connection Test • Administrator's E-mail Address • Default User Name / Password (Send) SMB User Name / SMB Password FTP User Name / FTP Password NCP User Name / NCP Password •...
Page 251: Copier / Document Server Features
Machine Administrator Settings Change Firmware Structure • Program / Change / Delete LDAP Server Name Server Name Search Base Port Number Use Secure Connection (SSL) Authentication User Name Password Connection Test Search Conditions Search Options • LDAP Search • Program / Change / Delete Realm •...
Page 252: Facsimile Features
10. Appendix General Features All the settings can be specified. Reproduction Ratio All the settings can be specified. Edit All the settings can be specified. Stamp All the settings can be specified. Input / Output All the settings can be specified. Adjust Colour Image All the settings can be specified.
Page 253: Printer Features
Machine Administrator Settings • 2 Sided Print • Checkered Mark • Centre Mark • Print Reception Time • Reception File Print Quantity • Paper Tray • Specify Tray for Lines • Folder Transfer Result Report • Memory Lock Reception • FAX Print Colour Initial Settings The following settings can be specified.
Page 254: Scanner Features
10. Appendix System The following settings can be specified. • Print Error Report • Auto Continue • Memory Overflow • Job Separation • Rotate by 180 Degrees • Initial Print Job List • Duplex • Copies • Blank Page Print •...
Page 255: Settings Via Web Image Monitor
Machine Administrator Settings General Settings All the settings can be specified. Scan Settings All the settings can be specified. Send Settings The following settings can be specified. • Compression (Black & White) • Compression (Gray Scale/Full Colour) • High Compression PDF Level •...
Page 256 10. Appendix • Paper All the settings can be specified. • Date/Time All the settings can be specified. • Timer All the settings can be specified. • Logs All the settings can be specified. • E-mail All the settings can be specified. •...
Page 257 Machine Administrator Settings Printer • System All the settings can be specified except the following. Auto Delete Temporary Print Job Auto Delete Stored Print Job • Host Interface All the settings can be specified. • PCL Menu All the settings can be specified. •...
Page 258 10. Appendix All the settings can be specified. • Scan Settings All the settings can be specified. • Send Settings All the settings can be specified. • Initial Settings All the settings can be specified. • Default Settings for Normal Screens on Device Store File Preview Scan Type...
Page 259: Settings Via Smartdevicemonitor For Admin
Machine Administrator Settings Settings via SmartDeviceMonitor for Admin The following settings can be specified. Device Properties • Reset Device • Reset Current Job • Reset All Jobs User Management Tool The following settings can be specified. • User Counter Information •...
Page 260: Network Administrator Settings
10. Appendix Network Administrator Settings The network administrator settings that can be specified are as follows: System Settings The following settings can be specified. Interface Settings If DHCP is set to On, the settings that are automatically obtained via DHCP cannot be specified. •...
Page 261: Facsimile Features
Network Administrator Settings • Extended Security Driver Encryption Key Settings by SNMP V1 and V2 Restrict Use of Simple Encryption • Network Security Level Facsimile Features The following settings can be specified. Send Settings • Max. E-mail Size Initial Settings •...
Page 262 10. Appendix Reception SMTP E-mail Communication Port • Auto E-mail Notification Groups to notify • Administrator Authentication Management Network Administrator Authentication Available Settings for Network Administrator • Program/Change Administrator You can specify the following administrator settings for the network administrator. Login User Name Login Password Encryption Password...
Page 263 Network Administrator Settings Channel Security Method WEP Settings WPA Settings • Bluetooth *2 Operation Mode *1 The wireless LAN interface unit option must be installed. *2 The Bluetooth interface unit option must be installed. Network • IPv4 All the settings can be specified. •...
Page 264: Settings Via Smartdevicemonitor For Admin
10. Appendix All the settings can be specified. • SSL/TLS All the settings can be specified. • ssh All the settings can be specified. • Site Certificate All the settings can be specified. • Device Certificate All the settings can be specified. •...
Page 265: File Administrator Settings
File Administrator Settings File Administrator Settings The file administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Administrator Authentication Management File Management • Program / Change Administrator File Administrator •...
Page 266: Settings Via Web Image Monitor
10. Appendix Settings via Web Image Monitor The following settings can be specified. Document Server All the settings can be specified. Printer: Print Jobs The file administrator can Edit/Delete the Print Job List and Unlock the print job. Device Settings •...
Page 267: User Administrator Settings
User Administrator Settings User Administrator Settings The user administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Address Book Management • Address Book: Program / Change / Delete Group •...
Page 268: Settings Via Smartdevicemonitor For Admin
10. Appendix Device Settings • Auto E-mail Notification Groups to notify • Administrator Authentication Management User Administrator Authentication Available Settings for User Administrator • Program/Change Administrator You can specify the following administrator settings for the user administrator. Login User Name Login Password Encryption Password Webpage...
Page 269: Document Server File Permissions
Document Server File Permissions Document Server File Permissions The authorities for using the files stored in Document Server are as follows. The authority designations in the list indicate users with the following authorities. • Read-only This is a user assigned "Read-only" authority. •...
Page 270 10. Appendix Full File Settings Read-only Edit Edit / Delete Owner Control Admin. Unlocking Files *1 The owner can disallow these operations as necessary.
Page 271: The Privilege For User Account Settings In The Address Book
The Privilege for User Account Settings in the Address Book The Privilege for User Account Settings in the Address Book The authorities for using the Address Book are as follows: The authority designations in the list indicate users with the following authorities. •...
Page 272 10. Appendix Read- Edit / Edit Full Registere User only Delete Settings Control d User Admin. (User) (User) (User) Login Password SMTP Authentication Folder Authentication LDAP Authentication Available Functions *1 You can only enter the password. Tab Name: Protection Read- Edit / Edit Full...
Page 273 The Privilege for User Account Settings in the Address Book Read- Edit / Edit Full Register only Delete Settings User Admin. Control ed User (User) (User) (User) International TX Mode Fax Header Label Insertion Tab Name: E-mail Address Read- Edit / Edit Full Registere...
Page 274: User Settings - Control Panel Settings
10. Appendix User Settings - Control Panel Settings This section explains which functions and system settings are available to users when administrator authentication is specified. The administrator's configuration of Menu Protect and Available Settings determines which functions and system settings are available to users. If user authentication is specified, system settings and functions are available to authorized users only, who must log in to access them.
Page 275: Copier / Document Server Features
Copier / Document Server Features Copier / Document Server Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. •...
Page 276 10. Appendix Reproduction Ratio Settings Level 1 Level 2 Shortcut Reduce/Enlarge Reproduction Ratio Reduce/Enlarge Ratio Priority Ratio for Create Margin Edit Settings Level 1 Level 2 Front Margin: Left / Right Back Margin: Left / Right Front Margin: Top / Bottom Back Margin: Top / Bottom 1 Sided 2 Sided Auto Margin: T to T...
Page 277 Copier / Document Server Features Stamp Background Numbering Settings Level 1 Level 2 Size Density Stamp Colour Preset Stamp Settings Level 1 Level 2 Stamp Language Stamp Priority Stamp Format: COPY*1 Stamp Format: URGENT*1 Stamp Format: PRIORITY*1 Stamp Format: For Your Info.*1 Stamp Format: PRELIMINARY*1 Stamp Format: For Internal Use Only*1 Stamp Format: CONFIDENTIAL*1...
Page 278 10. Appendix Settings Level 1 Level 2 Stamp Colour: DRAFT *1 The print position can be adjusted but not specified. User Stamp Settings Level 1 Level 2 Program / Delete Stamp Stamp Format: 1 Stamp Format: 2 Stamp Format: 3 Stamp Format: 4 Stamp Colour: 1 Stamp Colour: 2...
Page 279 Copier / Document Server Features Settings Level 1 Level 2 Stamp Format Font Size Duplex Back Page Stamping Position Page Numbering in Combine Stamp on Designating Slip Sheet Stamp Position: P1, P2...*1 Stamp Position: 1/5, 2/5... *1 Stamp Position: -1-, -2-...*1 Stamp Position: P.1, P.2...*1 Stamp Position: 1, 2...*1 Stamp Position: 1-1, 1-2...*1...
Page 280 10. Appendix Settings Level 1 Level 2 Punch Type*1 Simplified Screen: Finishing Types*1 *1 The optional finisher must be installed. Adjust Colour Image Settings Level 1 Level 2 Background Density of ADS (Full Colour / Two- colour) Colour Sensitivity A.C.S Sensitivity A.C.S Priority...
Page 281: Printer Functions
Printer Functions Printer Functions When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 282: Printer Features
10. Appendix Printer Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 283 Printer Features System Settings Level 1 Level 2 Print Error Report Auto Continue Memory Overflow Job Separation*1 Rotate by 180 Degrees Auto Delete Temporary Print Jobs Auto Delete Stored Print Jobs Initial Print Job List Duplex Copies Blank Page Print Reserved Job Waiting Time Printer Language Sub Paper Size...
Page 284 10. Appendix Host Interface Settings Level 1 Level 2 I/O Buffer I/O Timeout PCL Menu Settings Level 1 Level 2 Orientation Form Lines Font Source Font Number Point Size Font Pitch Symbol Set Courier Font Extend A4 Width Append CR to LF Resolution PS Menu *1 Settings...
Page 285 Printer Features Settings Level 1 Level 2 Process Colour Model *1 The PostScript 3 Unit option must be installed. PDF Menu *1 Settings Level 1 Level 2 Change PDF Password PDF Group Password Resolution Colour Setting Colour Profile Process Colour Model *1 The PostScript 3 Unit option must be installed.
Page 286: Scanner Features
10. Appendix Scanner Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 287 Scanner Features Settings Level 1 Level 2 Wait Time for Next Original(s): SADF Background Density of ADS (Full Colour) Send Settings Settings Level 1 Level 2 Compression (Black & White) Compression (Gray Scale / Full Colour) High Compression PDF Level Insert Additional E-mail Info No.
Page 288: Facsimile Features
10. Appendix Facsimile Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 289 Facsimile Features Settings Level 1 Level 2 Program/Change/Delete Standard Message Backup File TX Setting Reception Settings Settings Level 1 Level 2 Switch Reception Mode Program Special Sender Program Special Sender: Print List Forwarding Reception File Setting Stored Reception File User Setting SMTP RX File Delivery Setting 2 Sided Print Checkered Mark...
Page 290 10. Appendix Settings Level 1 Level 2 Parameter Setting: Print List Program Closed Network Code Program Memory Lock ID Internet Fax Settings Select Dial/Push Phone Program Fax Information Enable H.323 Enable SIP H.323 Settings SIP Settings Program/Change/Delete Gateway E-mail Setting Folder Setting...
Page 291: System Settings
System Settings System Settings When administrator authentication is specified, the administrator's configuration of Available Settings determines which system settings are available to users. If user authentication is specified, system settings are available to authorized users only, who must log in to access them. •...
Page 292 10. Appendix Tray Paper Settings Settings Paper Tray Priority: Copier Paper Tray Priority: Facsimile Paper Tray Priority: Printer Tray Paper Size: Tray 1-4 Printer Bypass Paper Size Paper Type: Bypass Tray Paper Type: Tray 1-4 Paper Type: LCT Cover Sheet Tray Slip Sheet Tray Timer Settings Settings...
Page 293 System Settings Interface Settings Settings Print List Network Settings Machine IPv4 Address*1 IPv4 Gateway Address IPv6 Stateless Address Autoconfiguration DNS Configuration*1 DDNS Configuration IPsec Domain Name*1 WINS Configuration*1 Effective Protocol NCP Delivery Protocol NW Frame Type SMB Computer Name SMB Work Group Ethernet Speed IEEE 802.1X Authentication For Ethernet Restore IEEE 802.1X Authentication to Defaults...
Page 294 10. Appendix Settings Host Name Machine Name *1 If you select [Auto-Obtain (DHCP)], you can only read the setting. Parallel Interface *2 Settings Parallel Timing Parallel Communication Speed Selection Signal Status Input Prime Bidirectional Communication Signal Control *2 The IEEE 1284 interface board option must be installed. Wireless LAN *3 Settings Communication Mode...
Page 295 System Settings Settings Fax RX File Transmission SMTP Server SMTP Authentication*6 POP before SMTP Reception Protocol POP3 / IMAP4 Settings Administrator's E-mail Address E-mail Communication Port E-mail Reception Interval Max. Reception E-mail Size E-mail Storage in Server Default User Name / Password (Send)*6 Program / Change / Delete E-mail Message Auto Specify Sender name Fax E-mail Account...
Page 296 10. Appendix Settings Address Book: Change Order Print Address Book: Destination List Address Book: Edit Title Address Book: Switch Title Back Up / Restore Address Book Display / Print Counter Display / Clear / Print Counter per User User Authentication Management Administrator Authentication Management Key Counter Management Extended Security...
Page 297: User Settings - Web Image Monitor Settings
User Settings - Web Image Monitor Settings User Settings - Web Image Monitor Settings This section displays the user settings that can be specified on Web Image Monitor when user authentication is specified. Settings that can be specified by the user vary according to the menu protect level and available settings specifications.
Page 298: Device Settings
10. Appendix Device Settings The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 299 Device Settings Settings Slip Sheet Tray : Tray to set Slip Sheet Tray : Apply Duplex Slip Sheet Tray : Display Time Paper Settings Tray1 : Paper Size Tray1 : Custom Paper Size Tray1 : Paper Type Tray1 : Paper Thickness Tray1 : Apply Auto Paper Select Tray1 : Apply Duplex Tray2 : Paper Size...
Page 300 10. Appendix Settings Tray4 : Custom Paper Size Tray4 : Paper Type Tray4 : Paper Thickness Tray4 : Apply Auto Paper Select Tray4 : Apply Duplex Bypass Tray : Paper Size Bypass Tray : Custom Paper Size Bypass Tray : Paper Type Bypass Tray : Paper Thickness Date/Time Settings...
Page 301 Device Settings Settings Printer Auto Reset Timer Auto Logout Timer Logs Settings Collect Job Logs Job Log Collect Level Collect Access Logs Access Log Collect Level Transfer Logs Encrypt Logs Classification Code Delete All Logs E-mail Settings Administrator E-mail Address Reception Protocol E-mail Reception Interval Max.
Page 302 10. Appendix Settings SMTP Auth. Password SMTP Auth. Encryption POP before SMTP POP E-mail Address POP User Name POP Password Timeout setting after POP Auth. POP3/IMAP4 Server Name POP3/IMAP4 Encryption POP3 Reception Port No. IMAP4 Reception Port No. Fax E-mail Address Receive Fax E-mail Fax E-mail User Name Fax E-mail Password...
Page 303 Device Settings Settings FTP Password *1 NCP User Name NCP Password *1 *1 You can only specify the password. User Authentication Management Settings User Authentication Management User Code Authentication - Printer Job Authentication User Code Authentication - Available Function Basic Authentication - Printer Job Authentication Basic Authentication - Available Function Windows Authentication - Printer Job Authentication...
Page 304 10. Appendix Settings Integration Server Authentication - Printer Job Authentication Integration Server Authentication - SSL Integration Server Authentication - Integration Server Name Integration Server Authentication - Authentication Type Integration Server Authentication - Domain Name Integration Server Authentication - Group Settings for Integration Server Authentication LDAP Server Settings...
Page 305: Printer
Printer Printer If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 306 10. Appendix Settings Level 1 Level 2 Letterhead Setting Bypass Tray Setting Priority Edge to Edge Print Default Printer Language Tray Switching Extended Auto Tray Switching Virtual Printer *1 The optional finisher must be installed. Host Interface Settings Level 1 Level 2 I/O Buffer I/O Timeout...
Page 307 Printer Settings Level 1 Level 2 Resolution PS Menu*1 Settings Level 1 Level 2 Job Timeout Wait Timeout Data Format Resolution Color Setting Color Profile Process Color Model *1 The PostScript 3 Unit option must be installed. PDF Menu *1 Settings Level 1 Level 2...
Page 308 10. Appendix PDF Temporary Password *1 Settings Level 1 Level 2 PDF Temporary Password Confirm Password *1 The PostScript 3 Unit option must be installed. PDF Group Password *1 Settings Level 1 Level 2 Current PDF Group Password New PDF Group Password Confirm PDF Group Password *1 The PostScript 3 Unit option must be installed.
Page 309: Scanner
Scanner Scanner If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 310 10. Appendix Settings Level 1 Level 2 Compression (Gray Scale/Full Color) High Compression PDF Level Max. E-mail Size Divide & Send E-mail Insert Additional E-mail Info No. of Digits for Single Page Files Stored File E-mail Method Default Settings for Normal Screens on Device Settings Level 1 Level 2...
Page 311: Fax
If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 312 10. Appendix Settings Level 1 Level 2 Reception File Print Quantity Paper Tray FAX Print Color Memory Lock Reception IP-Fax Settings Settings Level 1 Level 2 Enable H.323 Enable IP-Fax Gatekeeper Gatekeeper Address (Main) Gatekeeper Address (Sub) Own Fax No. Enable SIP Enable Server User Name...
Page 313 Settings Level 1 Level 2 Select Protocol 1-50 Gateway Address 1-50 Parameter Settings Settings Level 1 Level 2 Just Size Printing Combine 2 Originals Convert to PDF When Transferring to Folder Journal Immediate Transmission Result Report Communication Result Report Memory Storage Report SEP Code RX Result Report SEP Code RX Reserve Report Confidential File Report...
Page 314: Interface
10. Appendix Interface The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 315 Interface Settings WEP Authentication WEP Key Number WEP Key WPA Encryption Method WPA Authentication Method WPA-PSK/WPA2-PSK WPA/WPA2 Settings *2 The Wireless LAN interface unit option must be installed.
Page 316: Network
10. Appendix Network The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 317 Network Settings DIPRINT sftp WSD (Device) WSD (Printer) WSD (Scanner) WSD (Printer) / IPP Timeout RHPP IPv6 Settings IPv6 Host Name Domain Name Stateless Address Manual Configuration Address DCHPv6-lite DDNS Default Gateway Address DNS Server RSH/RCP DIPRINT...
Page 318 10. Appendix Settings sftp WSD (Device) WSD (Printer) WSD (Scanner) WSD (Printer) / IPP Timeout RHPP NetWare Settings NetWare Print Server Name Logon Mode File Server Name NDS Tree NDS Context Name Operation Mode Remote Printer No. Job Timeout Frame Type Print Server Protocol NCP Delivery Protocol AppleTalk...
Page 319 Network Settings Printer Name Zone Name Settings Workgroup Name Computer Name Comment Notify Print Completion Bonjour Settings Bonjour Computer Name Location DIPRINT...
Page 320: Webpage
10. Appendix Webpage The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 321: Functions That Require Options
Functions That Require Options Functions That Require Options The following functions require certain options and additional functions. • Hard Disk overwrite erase function DataOverwriteSecurity Unit • Data security for copying function Copy Data Security Unit • PDF Direct Print function PostScript 3 Unit •...
Page 322 ® The Bluetooth word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Ricoh Company, Ltd. is under license. NetWare is a registered trademark of Novell, Inc. UPnP is a trademark of the UPnP Implementers Corporation.
Page 323 Trademarks ® ® Microsoft Windows Vista Business ® ® Microsoft Windows Vista Home Premium ® ® Microsoft Windows Vista Home Basic * The product names of Windows Server 2003 are as follows: ® ® Microsoft Windows Server 2003 Standard Edition ®...
Page 324 10. Appendix...
Page 325 INDEX Encryption Key Auto Exchange Security Level..................Access Control............. Encryption Key Auto Exchange Setting Items..................Access Permission..........Encryption Auto Exchange Settings Address Book Access Permission....... Configuration Flow..........Address Book Privileges........Encryption Key Manual Settings Configuration Administrator............Flow..............Administrator Authentication....17, 25, 27 Encryption Key Manual Settings Items....
Page 326 LDAP Authentication..........LDAP Authentication - Operational Requirements S/MIME.............. for LDAP Authentication........Scanner..............Locked Print............Scanner Features..........Log off (Administrator).......... Security Functions..........Log on (Administrator).......... Self-Signed Certificate........Login............... Service Mode Lock..........Logout..............Settings by SNMP v1 and v2......SNMPv3.............. Machine Administrator......... SSL................
Page 328 Type for MP C2050/Aficio MP C2050 Type for MP C2550/Aficio MP C2550 D041-7762...

This manual is also suitable for:

Aficio mp c2550

Ricoh Aficio MP C2050 Operating Instructions Manual

1 Getting Started

2 Administrators/Authentication and Its Application

3 Users/Authentication and Its Application

4 Protecting Document Data Information from Leaks

5 Protecting Information Transmitted through the Network or Stored on the Hard Disk from Leaks

6 Managing Access to the Machine

7 Enhanced Network Security

8 Specifying the Extended Security Functions

9 Troubleshooting

10 Appendix

Quick Links

Operating Instructions

Related Manuals for Ricoh Aficio MP C2050

Summary of Contents for Ricoh Aficio MP C2050

This manual is also suitable for:

Table of Contents