Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information
Operating Instructions Security Reference Getting Started Authentication and its Application Ensuring Information Security Managing Access to the Machine Enhanced Network Security Specifying the Extended Security Functions Troubleshooting Appendix Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information in "About This Machine"...
Page 2
Introduction This manual contains detailed instructions and notes on the operation and use of this machine. For your safety and benefit, read this manual carefully before using the machine. Keep this manual in a handy place for quick reference. Important Contents of this manual are subject to change without prior notice.
Manuals for This Machine Refer to the manuals that are relevant to what you want to do with the machine. • Media differ according to manual. • The printed and electronic versions of a manual have the same contents. • Adobe Acrobat Reader/Adobe Reader must be installed in order to view the manuals as PDF files. •...
Page 4
• In addition to the above, manuals are also provided for the Printer function.
TABLE OF CONTENTS Manuals for This Machine..........................1 How to Read This Manual..........................7 Symbols................................7 IP Address...............................7 1. Getting Started Before Using the Security Functions........................9 Setting Up the Machine...........................10 Enhanced Security............................12 Glossary................................13 Security Measures Provided by this Machine....................14 Using Authentication and Managing Users....................14 Ensuring Information Security........................14 Limiting and Controlling Access........................15 Enhanced Network Security........................15...
Page 6
Basic Authentication............................43 Specifying Basic Authentication........................43 Authentication Information Stored in the Address Book................45 Windows Authentication..........................49 Specifying Windows Authentication......................50 LDAP Authentication............................56 Specifying LDAP Authentication.........................57 Integration Server Authentication........................62 Specifying Integration Server Authentication....................62 If User Authentication is Specified........................69 Login (Using the Control Panel)........................69 Log Off (Using the Control Panel)......................71 Login (Using Web Image Monitor)......................72 Log Off (Using Web Image Monitor)......................72 Auto Logout..............................72...
Page 7
SSL (Secure Sockets Layer) Encryption....................108 User Settings for SSL (Secure Sockets Layer)..................113 Setting the SSL / TLS Encryption Mode....................113 SNMPv3 Encryption..........................115 6. Specifying the Extended Security Functions Specifying the Extended Security Functions....................119 Changing the Extended Security Functions.....................119 Procedure for Changing the Extended Security Functions..............119 Settings...............................121 Weekly Timer Code..........................123 Limiting Machine Operation to Customers Only..................128...
Page 8
Settings via Web Image Monitor......................163 User Administrator Settings...........................165 System Settings............................165 Settings via Web Image Monitor......................165 The Privilege for User Account Settings in the Address Book..............167 User Settings - Control Panel Settings......................169 System Settings............................169 User Settings - Web Image Monitor Settings....................174 Device Settings............................174 Interface..............................181 Network..............................182...
How to Read This Manual Symbols This manual uses the following symbols: Indicates points to pay attention to when using the machine, and explanations of likely causes of paper misfeeds, damage to originals, or loss of data. Be sure to read these explanations. Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.
1. Getting Started This chapter describes the machine's security features and how to specify initial security settings. Before Using the Security Functions • If security settings are not made, there is a risk of damage resulting from malicious activity. For this reason, be sure to make the security settings shown in this manual.
1. Getting Started Setting Up the Machine This section explains how to enable encryption of transmitted data and configure the administrator account. If you want higher security, make the following setting before using the machine: Turn the machine on. Press the [User Tools] key. BJH002S Press [System Settings].
Page 13
Setting Up the Machine Connect the machine to the network. Start Web Image Monitor, and then log on to the machine as the administrator. For details about logging on to Web Image Monitor as an administrator, see “Using Web Image Monitor”.
1. Getting Started Enhanced Security This machine's security functions can be enhanced by managing the machine and its users using the improved authentication functions. By specifying access limits for the machine's functions and the documents and data stored in the machine, information leaks and unauthorized access can be prevented.
Glossary Glossary Administrator There are four types of administrators according to administrative function: machine administrator, network administrator, file administrator, and user administrator. We recommend that only one person takes each administrator role. In this way, you can spread the workload and limit unauthorized operation by a single administrator. Basically, administrators make machine settings and manage the machine;...
1. Getting Started Security Measures Provided by this Machine Using Authentication and Managing Users Enabling Authentication To control administrators' and users' access to the machine, perform administrator authentication and user authentication using login user names and login passwords. To perform authentication, the authentication function must be enabled.
Security Measures Provided by this Machine Limiting and Controlling Access Preventing Modification of Machine Settings The machine settings that can be modified depend on the type of administrator account. Register the administrators so that users cannot change the administrator settings. For details about preventing modification of machine settings, see “Preventing Modification of Machine Settings”.
2. Authentication and its Application This chapter describes how to register the administrator and specify the authentication methods. How to log on and log off once authentication is enabled is also described here. Administrators and Users When controlling access using the authentication method specified by an administrator, select the machine's administrator, enable the authentication function, and then use the machine.
2. Authentication and its Application Machine Administrator This is the administrator who mainly manages the machine's default settings. You can set the machine so that the default for each function can only be specified by the machine administrator. By making this setting, you can prevent unauthorized people from changing the settings and allow the machine to be used securely by its many users.
The Management Function The Management Function The machine has an authentication function requiring a login user name and login password. By using the authentication function, you can specify access limits for individual users and groups of users. Using access limits, you can not only limit the machine's available functions but also protect the machine settings, files and data stored in the machine.
2. Authentication and its Application 1. User Administrator This administrator manages personal information in the address book. You can register/delete users in the address book or change users' personal information. 2. Machine Administrator This administrator manages the machine's default settings. You can specify a security setting to allow only the machine administrator to configure system settings such as log deletion.
Page 23
The Management Function BBC004S 1. User A user performs normal operations on the machine. 2. Group A group performs normal operations on the machine. 3. Unauthorized User 4. Authentication Using a login user name and password, user authentication is performed. 5.
2. Authentication and its Application Enabling Authentication To control administrators' and users' access to the machine, perform administrator or user authentication using login user names and passwords. To perform authentication, the authentication function must be enabled. To specify authentication, you need to register administrators. For instructions on registering the administrator, see “Registering the Administrator”.
Page 25
Enabling Authentication • You can specify User Code Authentication without specifying administrator authentication. • p.24 "Administrator Authentication" • p.39 "User Authentication" • p.24 "Specifying Administrator Privileges" • p.27 "Registering the Administrator" • p.40 "User Code Authentication" • p.43 "Basic Authentication" •...
2. Authentication and its Application Administrator Authentication Administrators are handled differently from the users registered in the address book. When registering an administrator, you cannot use a login user name already registered in the address book. Windows Authentication, LDAP Authentication and Integration Server Authentication are not performed for an administrator, so an administrator can log on even if the server is unreachable due to a network problem.
Page 28
2. Authentication and its Application Press [Administrator Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [User Management], [Machine Management], [Network Management], or [File Management] key to select which settings to manage. Set “Admin.
Administrator Authentication Select the settings to manage from “Available Settings”. The selected settings will be unavailable to users. “Available Settings” varies depending on the administrator. For details about “Available Settings”, see “Limiting Available Functions”. To specify administrator authentication for more than one category, repeat steps 5 to 7. Press [OK].
Page 30
2. Authentication and its Application Press the [User Tools] key. BJH002S Press [System Settings]. Press [Administrator Tools].
Page 31
Administrator Authentication Press [Program / Change Administrator]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. In the line for the administrator whose authority you want to specify, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. If you allocate each administrator's authority to a different person, the screen appears as follows:...
Page 32
2. Authentication and its Application Press [Change] for the login user name. Enter the login user name, and then press [OK]. Press [Change] for the login password.
Page 33
Administrator Authentication Enter the login password, and then press [OK]. Follow the password policy to make the login password more secure. For details about the password policy and how to specify it, see “Specifying the Extended Security Functions”. If a password reentry screen appears, enter the login password, and then press [OK]. Press [Change] for the encryption password.
2. Authentication and its Application • You can use up to 32 alphanumeric characters and symbols when registering login user names and login passwords. Keep in mind that passwords are case-sensitive. • User names cannot contain numbers only, a space, colon (:), or quotation mark ("), nor can they be left blank.
Page 35
Administrator Authentication Press the [Login/Logout] key. BJH003S The message, "Press [Login], then enter the login user name and login password." appears. Press [Login]. If you do not want to log in, press [Cancel]. Enter the login user name, and then press [OK]. When you log on to the machine for the first time as the administrator, enter “admin”.
2. Authentication and its Application Enter the login password, and then press [OK]. "Authenticating... Please wait." appears, followed by the screen for specifying the default. • If user authentication has already been specified, a screen for authentication appears. • To log on as an administrator, enter the administrator's login user name and login password. •...
Administrator Authentication Press [Yes]. Changing the Administrator Change the administrator's login user name and login password. You can also assign administrator authority to the login user names [Administrator 1] to [Administrator 4]. To combine the authorities of multiple administrators, assign multiple administrators to a single administrator. For example, to assign machine administrator authority and user administrator authority to [Administrator 1], press [Administrator 1] in the lines for the machine administrator and the user administrator.
Page 38
2. Authentication and its Application Press [System Settings]. Press [Administrator Tools]. Press [Program / Change Administrator]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings.
Administrator Authentication In the line for the administrator you want to change, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. Press [Change] for the setting you want to change, and re-enter the setting. Press [OK]. Press [OK] twice.
Page 40
2. Authentication and its Application • When logging on as an administrator use the login name and password of an administrator set in the machine. The default login name is “admin” and the password is blank.
User Authentication User Authentication There are five types of user authentication methods: User Code authentication, Basic authentication, Windows authentication, LDAP authentication, and Integration Server authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authentication.
2. Authentication and its Application User Code Authentication This is an authentication method for limiting access to functions according to a user code. The same user code can be used by more than one user. By specifying user code authentication, you can limit the printer functions available under each user code.
Page 43
User Code Authentication Press [Administrator Tools]. Press [User Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [User Code Auth.]. If you do not want to use user authentication management, select [Off].
Page 44
2. Authentication and its Application Select which of the machine's functions you want to limit. The selected settings will be unavailable to users. For details about specifying available functions for individuals or groups, see “Limiting Available Functions”. Press [OK]. Press the [User Tools] key. A confirmation message appears.
Basic Authentication Basic Authentication Specify this authentication method when using the machine's address book to authenticate each user. Using Basic authentication, you can not only manage the machine's available functions but also limit access to stored files and to the personal data in the address book. Under Basic authentication, the administrator must specify the functions available to each user registered in the address book.
Page 46
2. Authentication and its Application Press [Administrator Tools]. Press [User Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [Basic Auth.]. If you do not want to use user authentication management, select [Off].
Basic Authentication Select which of the machine's functions you want to permit. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. The selected functions are registered as the initial settings for “Available Functions”, in the address book.
Page 48
2. Authentication and its Application User authentication can also be specified via Web Image Monitor. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication" Specifying Login User Name and Login Password In [Address Book Management], specify the login user name and login password to be used for User Authentication Management.
Page 49
Basic Authentication Select the user or group. Press [Auth. Info]. Press [Change] for “Login User Name”. Enter a login user name, and then press [OK].
Page 50
2. Authentication and its Application Press [Change] for “Login Password”. Enter a login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK]. Press [Exit] twice. Press the [User Tools] key.
Windows Authentication Windows Authentication Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group registered in the directory server.
2. Authentication and its Application • If the “Guest” account on the Windows server is enabled, even users not registered in the domain controller can be authenticated. When this account is enabled, users are registered in the address book and can use the functions available under [*Default Group]. Specifying Windows Authentication This can be specified by the machine administrator.
Page 53
Windows Authentication Press [Administrator Tools]. Press [User Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [Windows Auth.]. If you do not want to use user authentication management, select [Off].
Page 54
2. Authentication and its Application Press [Change] for “Domain Name”, enter the name of the domain controller to be authenticated, and then press [OK]. Press [On] for “Use Secure Connection (SSL)”. If you are not using secure sockets layer (SSL) for authentication, press [Off]. If global groups have been registered under Windows server, you can limit the use of functions for each global group.
Page 55
Windows Authentication Under “Group Name”, press [Change], and then enter the group name. Press [OK]. Select which of the machine's functions you want to permit. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Windows Authentication will be applied to the selected functions.
Page 56
2. Authentication and its Application Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be automatically logged out. • Under Windows Authentication, you can select whether or not to use secure sockets layer (SSL) authentication.
Page 57
Windows Authentication Enter the device certificate contents issued by the certificate authority. Open a Web browser. Enter “http://(the machine's IP address or host name)/” in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is “192.168.001.010”, you must enter it as “192.168.1.10”...
2. Authentication and its Application LDAP Authentication Specify this authentication method when using the LDAP server to authenticate users who have their accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the LDAP server. The address book stored in the LDAP server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the address book.
LDAP Authentication You do not have to enter the password if the LDAP server supports “Anonymous Authentication”. • Under LDAP Authentication, if “Anonymous Authentication” in the LDAP server's settings is not set to Prohibit, users who do not have an LDAP server account might still be able to gain access. •...
Page 60
2. Authentication and its Application Press [System Settings]. Press [Administrator Tools]. Press [User Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings.
Page 61
LDAP Authentication Select [LDAP Auth.]. If you do not want to use user authentication management, select [Off]. Select the LDAP server to be used for LDAP authentication. Select which of the machine's functions you want to permit. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. LDAP Authentication will be applied to the selected functions.
Page 62
2. Authentication and its Application Press [Change] for “Login Name Attribute”. Enter the login name attribute, and then press [OK]. Use the Login Name Attribute as a search criterion to obtain information about an authenticated user. You can create a search filter based on the Login Name Attribute, select a user, and then retrieve the user information from the LDAP server so it is transferred to the machine's address book.
Page 63
LDAP Authentication Press [Change] for “Unique Attribute”. Enter the unique attribute and then press [OK]. Specify Unique Attribute on the machine to match the user information in the LDAP server with that in the machine. By doing this, if the Unique Attribute of a user registered in the LDAP server matches that of a user registered in the machine, the two instances are treated as referring to the same user.
2. Authentication and its Application Integration Server Authentication To use Integration Server authentication with this machine, you need a server on which Authentication Manager or another application that supports authentication is installed. For external authentication, the Integration Server authentication collectively authenticates users accessing the server over the network, providing a server-independent, centralized user authentication system that is safe and convenient.
Page 65
Integration Server Authentication Press [System Settings]. Press [Administrator Tools]. Press [User Authentication Management]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [Integration Svr. Auth.]. If you do not want to use User Authentication Management, select [Off].
Page 66
2. Authentication and its Application Press [Change] for “Server Name”. Specify the name of the server for external authentication. Enter the server name, and then press [OK]. Enter the IPv4 address or host name. In “Authentication Type”, select the authentication system for external authentication. Select an available authentication system.
Page 67
Integration Server Authentication Press [Change] for “Domain Name”. Enter the domain name, and then press [OK]. You cannot specify a domain name under an authentication system that does not support domain login.
Page 68
2. Authentication and its Application Press [Obtain URL]. The machine obtains the URL of the server specified in “Server Name”. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. If “Server Name” or the setting for enabling SSL is changed after obtaining the URL, the URL is “Not Obtained”.
Page 69
Integration Server Authentication Under “Group Name”, press [Change], and then enter the group name. Press [OK]. Select which of the machine's functions you want to permit. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Authentication will be applied to the selected functions.
Page 70
2. Authentication and its Application If the setting to be specified does not appear, press [ Next] to scroll down to other settings. To not use secure sockets layer (SSL) for authentication, press [Off]. Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be automatically logged out.
If User Authentication is Specified If User Authentication is Specified If user authentication (Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authentication) has been specified, the machine cannot be operated unless login user names and passwords for individual users are entered. Log on to operate the machine, and log off when you are finished operations.
Page 72
2. Authentication and its Application Press the [Login/Logout] key. BJH003S Press [Login]. Enter the login user name, and then press [OK].
If User Authentication is Specified Enter the login password, and then press [OK]. The message, "Authenticating... Please wait." appears. Log Off (Using the Control Panel) Follow the procedure below to log off when Basic Authentication, Windows Authentication, Authentication, LDAP Authentication, or Integration Server Authentication is set. Press the [Login/Logout] key.
2. Authentication and its Application • You can log off using the following procedures also. • Press the [Power] key. • Press the [Energy Saver] key. Login (Using Web Image Monitor) This section explains how to log on to the machine via Web Image Monitor. Click [Login] on the top page of the Web Image Monitor.
Page 75
If User Authentication is Specified Press the [User Tools] key. BJH002S Press [System Settings]. Press [Timer Settings].
Page 76
2. Authentication and its Application Press [Auto Logout Timer]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select [On]. If you do not want to specify [Auto Logout Timer], select [Off]. Enter “60”...
Page 77
If User Authentication is Specified • If a paper jam occurs or a print cartridge runs out of toner, the machine might not be able to perform the Auto Log function. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication"...
2. Authentication and its Application Authentication Using an External Device To authenticate using an external device, see the device manual. For details, contact your sales representative.
3. Ensuring Information Security This chapter describes how to protect data that is stored on the machine and transmitted information from unauthorized viewing and modification. Protecting the Address Book If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user.
Page 80
3. Ensuring Information Security Press [System Settings]. Press [Administrator Tools]. Press [Address Book Management].
Page 81
Protecting the Address Book Select the user or group. Press [Protection]. Press [Program/Change/Delete] for “Permissions for Users/Groups”, under “Protect Destination”. Press [New Program].
3. Ensuring Information Security Select the users or groups to register. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign access permission to, and then select the permission. Select the permission, from [Read-only], [Edit], [Edit / Delete], or [Full Control].
Page 83
Protecting the Address Book You can encrypt the data in the address book using the extended security function, “Encrypt Address Book”. For details about this and other extended security functions, see “Specifying the Extended Security Functions”. For details about logging on and logging off with administrator authentication, see “Logging on Using Administrator Authentication”, “Logging off Using Administrator Authentication”.
Page 84
3. Ensuring Information Security Press [Extended Security]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [On] for “Encrypt Address Book”. Press [Change] for “Encryption Key”. Enter the encryption key, and then press [OK]. Enter the encryption key using up to 32 alphanumeric characters.
Page 85
Protecting the Address Book The time it takes to encrypt the data in the address book depends on the number of registered users. The machine cannot be used during encryption. Normally, once encryption is complete, "Encryption / Decryption is successfully complete. Press [Exit]."...
3. Ensuring Information Security Deleting Data on the Hard Disk This can be specified by the machine administrator. To use this function, the optional DataOverwriteSecurity Unit must be installed. The machine's hard disk lets you store data under the printer, as well as the address book and counters stored under each user code.
Page 87
Deleting Data on the Hard Disk Clear This icon is lit when there is no temporary data to be overwritten. • If the Data Overwrite icon is not displayed, first check if Auto Erase Memory has been set to [Off]. If the icon is not displayed even though Auto Erase Memory is [On], contact your service representative.
Page 88
3. Ensuring Information Security Press [Auto Erase Memory Setting]. Press [On]. Select the method of overwriting. If you select [NSA] or [DoD], proceed to step 10. If you select [Random Numbers], proceed to step 8. For details about the methods of overwriting, see “Methods of Overwriting”. Press [Change].
Page 89
Deleting Data on the Hard Disk • If the main power switch is turned to [Off] before Auto Erase Memory is completed, overwriting will stop and data will be left on the hard disk. • Do not stop the overwrite mid-process. Doing so will damage the hard disk. •...
3. Ensuring Information Security Data Not Overwritten by Auto Erase Memory • Information registered in the address book • Counters stored under each user code Erase All Memory You can erase all the data on the hard disk by writing over it. This is useful if you relocate or dispose of your machine.
Page 91
Deleting Data on the Hard Disk Press [Erase All Memory]. Select the method of overwriting. If you select [NSA] or [DoD], proceed to step 10. If you select [Random Numbers], proceed to step 8. For details about the methods of overwriting, see “Methods of Overwriting”. Press [Change].
Page 92
3. Ensuring Information Security Press [Yes]. The machine restarts automatically, and overwriting begins. When overwriting is completed, press [Exit], and then turn off the main power. Before turning the power off, see “Turning On the Power”, About This Machine. • If an error occurs before overwriting is completed, turn off the main power. Turn it on again, and then repeat from step 2.
4. Managing Access to the Machine This chapter describes how to prevent unauthorized access to and modification of the machine's settings. Preventing Modification of Machine Settings This section describes Preventing Modification of Machine Settings. The administrator type determines which machine settings can be modified. Users cannot change the administrator settings.
4. Managing Access to the Machine Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine's functions. To limit what extended features and printer functions can be used, use the [Available Functions] setting on the [Auth.
Page 95
Limiting Available Functions Press [System Settings]. Press [Administrator Tools]. Press [Address Book Management].
Page 96
4. Managing Access to the Machine Select the user. Press [Auth. Info]. In “Available Functions”, select the functions you want to specify. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. For details about printer job authentication, see “User Code Authentication”.
Page 97
Limiting Available Functions • p.34 "Logging off Using Administrator Authentication" • p.40 "User Code Authentication"...
5. Enhanced Network Security This chapter describes how to increase security over the network using the machine's functions. Preventing Unauthorized Access You can limit IP addresses, disable ports and protocols, or use Web Image Monitor to specify the network security level to prevent unauthorized access over the network and protect the address book, stored files, and default settings.
5. Enhanced Network Security Click [Logout]. Enabling/Disabling Protocols This can be specified by the network administrator. Specify whether to enable or disable the function for each protocol. By making this setting, you can specify which protocols are available and so prevent unauthorized access over the network. Network settings can be specified on the control panel, or using Web Image Monitor or telnet.
Page 101
Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition Functions that require sftp cannot be used. You can restrict personal information • Web Image Monitor sshd/sftpd TCP:22 from being displayed by • telnet making settings on the control panel using “Restrict Display of User Information”.*1 Commands using telnet...
Page 102
5. Enhanced Network Security Protocol Port Setting Method Disabled Condition SMB printing functions via TCP/IP, as well as UDP:137 • telnet NetBIOS designated UDP:138 functions on the WINS server cannot be used. Functions that require SNMPv1, v2 cannot be used. Using the control panel, •...
Page 103
Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition Device discovery using • Web Image Monitor SSDP UDP:1900 UPnP from Windows • telnet cannot be used. TCP:7443 @Remote cannot be @Remote • telnet used. TCP:7444 You can attempt to TCP:10021 •...
Page 105
Preventing Unauthorized Access Press [Inactive] for the protocol you want to disable. Press [OK]. Press the [User Tools] key. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication" Making Settings Using Web Image Monitor Open a Web browser. Enter “http://(the machine's IP address or host name)/”...
5. Enhanced Network Security Specifying Network Security Level This can be specified by the network administrator. This setting lets you change the security level to limit unauthorized access. You can make network security level settings on the control panel, as well as Web Image Monitor.
Page 107
Preventing Unauthorized Access Press [Administrator Tools]. Press [Network Security Level]. If the setting you want to specify does not appear, press [ Next] to scroll down to other settings. Select the network security level. Select [Level 0], [Level 1], or [Level 2]. Press [OK].
Page 108
5. Enhanced Network Security • p.34 "Logging off Using Administrator Authentication" Making Settings Using Web Image Monitor Open a Web browser. Enter “http://(the machine's IP address or host name)/” in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is “192.168.001.010”, you must enter it as “192.168.1.10”...
Page 109
Preventing Unauthorized Access Function Level 0 Level 1 Level 2 RSH/RCP Available Available Unavailable SNMP Available Available Available SNMP v1v2> Setting Available Unavailable Unavailable SNMP v1v2> Browse Available Available Unavailable SNMP v3 Available Available Available SNMP v3> SNMP Encryption Automatic Automatic Ciphertext Only TELNET...
5. Enhanced Network Security Protection Using Encryption This machine uses the SSL and SNMPv3 protocols to protect the data that it transmits. These protocols encrypt the data, preventing it from being intercepted, analyzed, or tampered with. SSL (Secure Sockets Layer) Encryption This can be specified by the network administrator.
Page 111
Protection Using Encryption 2. The device certificate and public key are sent from the machine to the user's computer. 3. Create a shared key from the user's computer, and then encrypt it using the public key. 4. The encrypted shared key is sent to the machine. 5.
Page 112
5. Enhanced Network Security Click [Login]. The network administrator can log on. Enter the login user name and login password. Click [Configuration], and then click [Device Certificate] under “Security”. Click [Certificate1]. Click [Create]. Make the necessary settings. Click [OK]. The setting is changed. Click [OK].
Page 113
Protection Using Encryption Click [Request]. Make the necessary settings. Click [OK]. "Requesting" appears for “Certificate Status” in the “Certificates” area. Click [Logout]. Apply to the certificate authority for the device certificate. The application procedure depends on the certificate authority. For details, contact the certificate authority.
Page 114
5. Enhanced Network Security Enter the contents of the device certificate. In the “Certificate Request” box, enter the contents of the device certificate received from the certificate authority. Click [OK]. "Installed" appears under “Certificate Status” to show that a device certificate for the machine has been installed.
Protection Using Encryption User Settings for SSL (Secure Sockets Layer) If you have installed a device certificate and enabled SSL (Secure Sockets Layer), you need to install the certificate on the user's computer. The network administrator must explain the procedure for installing the certificate to users. If a warning dialog box appears while accessing the machine using Web Image Monitor, start the Certificate Import Wizard and install a certificate.
Page 116
5. Enhanced Network Security Setting the SSL / TLS Encryption Mode This can be specified by the network administrator. After installing the device certificate, specify the SSL/TLS encrypted communication mode. By making this setting, you can change the security level. For details about logging on and logging off with administrator authentication, see “Logging on Using Administrator Authentication”, “Logging off Using Administrator Authentication”.
Protection Using Encryption Press [Permit SSL / TLS Communication]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Select the encrypted communication mode. Select [Ciphertext Only], [Ciphertext Priority], or [Ciphertext / Cleartext] as the encrypted communication mode.
Page 118
5. Enhanced Network Security By making this setting, you can protect data from being tampered with. For details about logging on and logging off with administrator authentication, see “Logging on Using Administrator Authentication”, “Logging off Using Administrator Authentication”. Press the [User Tools] key. BJH002S Press [System Settings].
Page 119
Protection Using Encryption Press [Permit SNMPv3 Communication]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [Encryption Only]. Press [OK]. Press the [User Tools] key. • To use Web Image Monitor for encrypting setting configuration data, you must first specify [Permit SNMPv3 Communication] on the machine, and then configure the network administrator's [Encryption Password] setting and specify the encryption key in Web Image Monitor.
6. Specifying the Extended Security Functions This chapter describes the machine's extended security features and how to specify them. Specifying the Extended Security Functions In addition to providing basic security through user authentication and administrator specified access limits on the machine, security can also be increased by encrypting transmitted data and data in the address book.
Page 122
6. Specifying the Extended Security Functions Press the [User Tools] key. BJH002S Press [System Settings]. Press [Administrator Tools].
Specifying the Extended Security Functions Press [Extended Security]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press the setting you want to change, and change the setting. Press [OK]. Press the [User Tools] key. Settings Default settings are shown in bold type.
Page 124
6. Specifying the Extended Security Functions • On • Off Settings by SNMP v1 and v2 This can be specified by the network administrator. When the machine is accessed using the SNMPv1, v2 protocol, authentication cannot be performed, allowing machine administrator settings such as the paper setting to be changed.
Specifying the Extended Security Functions Weekly Timer Code If the weekly timer is enabled and [Weekly Timer Code] is set to [On], you must enter the weekly timer code to turn the power back on after the timer has turned it off. Specifying Weekly Timer Code This can be specified by the machine administrator.
Page 127
Specifying the Extended Security Functions Using the number keys, enter the weekly timer code. The weekly timer code must be one to eight digits long. Press [OK]. Press the [User Tools] key. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication" Canceling Weekly Timer Code This can be specified by the machine administrator.
Page 129
Specifying the Extended Security Functions Press [Off], and then press [OK]. Press the [User Tools] key. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication"...
6. Specifying the Extended Security Functions Limiting Machine Operation to Customers Only The machine can be set so that operation is impossible without administrator authentication. The machine can be set to prohibit operation without administrator authentication and also prohibit remote registration in the address book by a service representative.
Page 131
Limiting Machine Operation to Customers Only Press [System Settings]. Press [Administrator Tools]. Press [Service Mode Lock]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings.
6. Specifying the Extended Security Functions Press [On], and then press [OK]. A confirmation message appears. Press [Yes]. Press the [User Tools] key. • p.32 "Logging on Using Administrator Authentication" • p.34 "Logging off Using Administrator Authentication" Canceling Service Mode Lock For a service representative to carry out inspection or repair in service mode, the machine administrator must log on to the machine and cancel the service mode lock.
Page 133
Limiting Machine Operation to Customers Only Press [System Settings]. Press [Administrator Tools]. Press [Service Mode Lock]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Press [Off], and then press [OK]. Press the [User Tools] key.
Page 134
6. Specifying the Extended Security Functions...
7. Troubleshooting This chapter describes what to do if the machine does not function properly. Authentication Does Not Work Properly This section explains what to do if a user cannot operate the machine because of a problem related to user authentication.
Page 136
7. Troubleshooting Messages Cause Solutions "Failed to obtain URL." The machine cannot connect to Make sure the server's settings, the server or cannot establish such as the IP address and host communication. name, are specified correctly on the machine. Make sure the host name of the UA Server is specified correctly.
Authentication Does Not Work Properly An Error Code Appears When authentication fails, the message "Authentication has failed." appears with an error code. The following tables list the error codes, likely causes of the problems they indicate, and what you can do to resolve those problems.
Page 138
7. Troubleshooting Error Code Cause Solution An authentication error occurred because the address Wait a few minutes and then try B0207-001 book is being used at another again. location. The account is locked because you have reached the Ask the user administrator to B0208-000 maximum number of failed unlock the account.
Page 139
Authentication Does Not Work Properly Error Code Cause Solution Wait a few minutes and then try again. If the situation does not return to Authentication cannot be normal, make sure that an completed because of the high authentication attack is not W0406-101 number of authentication occurring.
Page 140
7. Troubleshooting Error Code Cause Solution Specify the IP address in the domain name and confirm that authentication is successful. If authentication was successful: 1. If the top-level domain name is specified in the domain name (such as 4. Cannot resolve the domain W0406-104 domainname.xxx.com), make name.
Page 141
Authentication Does Not Work Properly Error Code Cause Solution Specify the IP address in the domain name and confirm that authentication is successful. If authentication was unsuccessful: 1. Make sure that Restrict LM/ NTLM is not set in either “Domain Controller Security Policy”...
Page 142
7. Troubleshooting Error Code Cause Solution The user group cannot be obtained if the UserPrincipleName 1. The UserPrincipleName (user@domainname.xxx.com) (user@domainname.xxx.com) W0400-105 form is used. form is being used for the login Use “sAMAccountName user name. (user)” to log in, because this account allows you to obtain the user group.
Page 143
Authentication Does Not Work Properly Error Code Cause Solution 1. The SSL settings on the Make sure the SSL settings on W0400-202 authentication server and the the authentication server and machine do not match. the machine match. If a user enters sAMAccountName as the login 2.
Page 144
7. Troubleshooting Error Code Cause Solution Authentication failed because no more users can be Ask the user administrator to W0612-005 registered. (The number of delete unused user accounts in users registered in the address the address book. book has reached capacity.) An authentication error occurred because the address Wait a few minutes and then try...
Page 145
Authentication Does Not Work Properly Error Code Cause Solution Wait a few minutes and then try again. If the situation does not return to Authentication cannot be normal, make sure that an completed because of the high authentication attack is not L0406-200 number of authentication occurring.
Page 146
7. Troubleshooting Error Code Cause Solution 1. Make sure the login user name and password are entered correctly. 2. Make sure a useable login name is registered on the L0406-202 2. A login user name or machine. L0406-203 password error occurred. Authentication will fail in the following cases: If the login user name contains...
Page 147
Authentication Does Not Work Properly Error Code Cause Solution An authentication error occurred because the address Wait a few minutes and then try L0607-001 book is being used at another again. location. Authentication failed because Do not use “other”, “admin”, the user name contains L606-004 “supervisor”...
Page 148
7. Troubleshooting Error Code Cause Solution An authentication error occurred because the address Wait a few minutes and then try I0207-001 book is being used at another again. location. Recreate the account if the An authentication error account name contains any of occurred because the user these prohibited characters.
Authentication Does Not Work Properly Error Code Cause Solution The authentication server login 1. Delete the old, duplicated name is the same as a user name or change the login name already registered on the name. I0511-000 machine. (Names are 2.
Page 150
7. Troubleshooting Condition Cause Solution User authentication is enabled, User authentication may have Re-enable user authentication, yet destinations specified using been disabled while [All Users] is and then enable [All Users] for the machine do not appear. not specified. the destinations that did not appear.
8. Appendix Supervisor Operations The supervisor can delete an administrator's password and specify a new one. If any of the administrators forget their passwords or if any of the administrators change, the supervisor can assign a new password. If logged on using the supervisor's user name and password, you cannot use normal functions or specify defaults.
Page 152
8. Appendix Press the [Login/Logout] key. BJH003S Press [Login]. Enter a login user name, and then press [OK]. When you assign the administrator for the first time, enter “supervisor”.
Supervisor Operations Enter a login password, and then press [OK]. If a login password has not been specified, press [OK] without entering the password. The message, "Authenticating... Please wait." appears. Logging off as the Supervisor If administrator authentication has been specified, be sure to log off after completing settings. This section describes how to log off after completing settings.
Page 154
8. Appendix Press the [User Tools] key. BJH002S Press the [Login/Logout] key. BJH003S Log on as the supervisor. You can log on in the same way as an administrator. Press [System Settings].
Page 155
Supervisor Operations Press [Administrator Tools]. Press [Program / Change Administrator]. If the setting to be specified does not appear, press [ Next] to scroll down to other settings. Under “Supervisor”, press [Change]. Press [Change] for the login user name. Enter the login user name, and then press [OK]. Press [Change] for the login password.
8. Appendix Press the [User Tools] key. • p.24 "Specifying Administrator Privileges" • p.149 "Supervisor Operations" Resetting an Administrator's Password This section describes how to reset the administrators' passwords. For details about logging on and logging off as the supervisor, see “Supervisor Operations”. Press the [User Tools] key.
Page 157
Supervisor Operations Press [Change] for the administrator you wish to reset. Press [Change] for the login password. Enter the login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK] twice. You will be automatically logged off.
8. Appendix Machine Administrator Settings The machine administrator settings that can be specified are as follows: System Settings The following settings can be specified. General Features All the settings can be specified. Tray Paper Settings All the settings can be specified. Timer Settings All the settings can be specified.
Page 159
Machine Administrator Settings • Address Book Management Search Switch Title • Address Book: Program / Change / Delete Group Search Switch Title • Display / Print Counter Print Counter List • Display / Clear / Print Counter per User Display Counter per User Print Counter per User •...
8. Appendix • Erase All Memory *1 *1 The DataOverwriteSecurity Unit option must be installed. Settings via Web Image Monitor The following settings can be specified. Top Page • Reset Device Device Settings • System Permit Firmware Update Display IP Address on Device Display Panel Output Tray •...
Page 161
Machine Administrator Settings Encryption Password • LDAP Server All the settings can be specified. • Firmware Update All the settings can be specified. Interface Settings • USB Network • SNMPv3 RC Gate All the settings can be specified. Webpage • Webpage Download Help File Extended Feature Settings All the settings can be specified.
8. Appendix Network Administrator Settings The network administrator settings that can be specified are as follows: System Settings The following settings can be specified. Interface Settings If DHCP is set to On, the settings that are automatically obtained via DHCP cannot be specified. •...
Network Administrator Settings Settings via Web Image Monitor The following settings can be specified. Device Settings • System Device Name Comment Location • E-mail Reception SMTP E-mail Communication Port • Auto E-mail Notification You can select groups to notify. • Administrator Authentication Management Network Administrator Authentication Available Settings for Network Administrator •...
Page 164
8. Appendix • SSDP All the settings can be specified. Security • Network Security All the settings can be specified. • Access Control All the settings can be specified. • SSL/TLS All the settings can be specified. • Site Certificate All the settings can be specified.
File Administrator Settings File Administrator Settings The file administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Address Book Management Search Switch Title • Address Book: Program / Change / Delete Group Search Switch Title •...
Page 166
8. Appendix Webpage • Webpage Download Help File...
User Administrator Settings User Administrator Settings The user administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Address Book Management All the settings can be specified. • Address Book: Program / Change / Delete Group All the settings can be specified.
Page 168
8. Appendix Address Book All the settings can be specified. Device Settings • Auto E-mail Notification You can select groups to notify. • Administrator Authentication Management User Administrator Authentication Available Settings for User Administrator • Program/Change Administrator The user administrator settings that can be specified are as follows: Login User Name Login Password Change Encryption Password...
The Privilege for User Account Settings in the Address Book The Privilege for User Account Settings in the Address Book The authorities for using the address book are as follows: The authority designations in the list indicate users with the following authorities. •...
Page 170
8. Appendix Read- Edit / Edit Full Registere User only Delete Settings Control d User Admin. (User) (User) (User) Login Password Available Functions *1 You can only enter the password. Tab Name: Protection Read- Edit / Edit Full Registere User only Delete Settings...
User Settings - Control Panel Settings User Settings - Control Panel Settings This section explains the user access right for accessing the machine's system settings. System Settings When administrator authentication has been specified, the settings available to the user depend on whether or not Available Settings has been specified.
Page 172
8. Appendix *1 the optional Z-folding unit must be installed. Tray Paper Settings Settings Paper Size: Tray 2-7 Paper Thickness: Tray 1-7 Apply Duplex: Tray 1-7 Apply Auto Paper Select: Tray 1-7 Tray Paper Size: Interposer Upper Tray *1 Tray Paper Size: Interposer Lower Tray *1 Paper Type: Tray 1-7 *1 The optional Interposer must be installed.
Page 173
User Settings - Control Panel Settings Network Settings Machine IPv4 Address*1 IPv4 Gateway Address IPv6 Stateless Address Autoconfiguration DNS Configuration*1 DDNS Configuration Domain Name*1 WINS Configuration*1 Effective Protocol SMB Computer Name SMB Work Group Ethernet Speed Ping Command Permit SNMPv3 Communication Permit SSL / TLS Communication Host Name Machine Name...
Page 174
8. Appendix Settings POP3 / IMAP4 Settings Administrator's E-mail Address E-mail Communication Port E-mail Reception Interval E-mail Storage in Server *1 You can only specify the password. Administrator Tools Settings Address Book Management Address Book: Program / Change / Delete Group Address Book: Change Order Address Book: Edit Title...
Page 175
User Settings - Control Panel Settings Settings Service Mode Lock Auto Erase Memory Setting *2 Erase All Memory *2 *1 Only the password can be specified. *2 The DataOverwriteSecurity Unit option must be installed.
8. Appendix User Settings - Web Image Monitor Settings This section explains the user access right for accessing the machine's system settings via Web Image Monitor. Device Settings When administrator authentication has been specified, the settings available to the user depend on whether or not “Available Settings”...
Page 177
User Settings - Web Image Monitor Settings Settings Tray2 : Paper Size Tray2 : Custom Paper Size Tray2 : Paper Type Tray2 : Paper Thickness Tray2 : Apply Auto Paper Select Tray2 : Apply Duplex Tray3 : Paper Size Tray3 : Custom Paper Size Tray3 : Paper Type Tray3 : Paper Thickness Tray3 : Apply Auto Paper Select...
Page 178
8. Appendix Settings Tray6 : Custom Paper Size Tray6 : Paper Type Tray6 : Paper Thickness Tray6 : Apply Auto Paper Select Tray6 : Apply Duplex Tray7 : Paper Size Tray7 : Custom Paper Size Tray7 : Paper Type Tray7 : Paper Thickness Tray7 : Apply Auto Paper Select Tray7 : Apply Duplex Interposer Upper Tray: Paper Size...
Page 179
User Settings - Web Image Monitor Settings Timer Settings Auto Off Timer Energy Saver Timer Panel Off Timer System Auto Reset Timer Auto Logout Timer Weekly Timer Code Weekly Timer E-mail Settings Administrator E-mail Address Reception Protocol E-mail Reception Interval E-mail Storage in Server SMTP Server Name SMTP Port No.
Page 180
8. Appendix Settings POP Password Timeout setting after POP Auth. POP3/IMAP4 Server Name POP3/IMAP4 Encryption POP3 Reception Port No. IMAP4 Reception Port No. E-mail Notification E-mail Address Receive E-mail Notification E-mail Notification User Name E-mail Notification Password Auto E-mail Notification Settings Notification Message Groups to Notify : Address List...
Page 181
User Settings - Web Image Monitor Settings Settings Waste Toner Bottle is Full Waste Toner Bottle is Almost Full Add Staples Supply Required: Fusing Oil Supply Required Soon: Fusing Oil Replacement Required: Fusing Unit Replacement Required: Transfer Unit Replacement Required Soon: Fusing Unit Replacement Required Soon: PCU Hole Punch Receptacle is Full File Storage Memory Full Soon...
Page 182
8. Appendix On-demand E-mail Notification Settings Notification Subject Notification Message Restriction to System Config. Info. Restriction to Network Config. Info. Restriction to Supply Info. Restriction to Device Status Info. Receivable E-mail Address/Domain Name E-mail Language User Authentication Management Settings User Authentication Management User Code Authentication - Available Functions Windows Authentication - SSL Windows Authentication - Domain Name...
User Settings - Web Image Monitor Settings Settings Integration Server Authentication - Domain Name Integration Server Authentication - Group Settings for Integration Server Authentication Administrator Authentication Management Settings User Administrator Authentication Available Settings for User Administrator Machine Administrator Authentication Available Settings for Machine Administrator Network Administrator Authentication Available Settings for Network Administrator File Administrator Authentication...
8. Appendix R (Read) = Reading only. N/A (Not Applicable) = Neither reading nor modifying the setting is available. Interface Settings Settings Ethernet : Network Ethernet : MAC Address Network When administrator authentication has been specified, the settings available to the user depend on whether or not “Available Settings”...
Page 185
User Settings - Web Image Monitor Settings Settings Primary WINS Server Secondary WINS Server Scope ID Default Gateway Address DNS Server RSH/RCP sftp IPv6 Settings IPv6 Host Name Domain Name Link Local Address Stateless Address Manual Configuration Address DHCPv6-lite DDNS Default Gateway Address DNS Server RSH/RCP...
8. Appendix Settings Protocol Workgroup Name Computer Name Comment Share Name Notify Print Completion Webpage When administrator authentication has been specified, the settings available to the user depend on whether or not “Available Settings” has been specified. • Abbreviations in the table heads A = Authorized user when Available functions have not been specified.
Functions That Require Options Functions That Require Options The following functions require certain options and additional functions. • Hard Disk overwrite erase function DataOverwriteSecurity Unit...
INDEX Access Control............Installing the Device Certificate (Certificate Issued by a Certificate Authority)........Address Book Access Permission......Integration Server Authentication......Address Book Privileges........Interface............... Administrator............IP Address..............Administrator Authentication....13, 19, 24 Administrator Privileges......... Authenticate Current Job........LDAP Authentication..........Authentication and Access Limits......LDAP Authentication - Operational Requirements Auto Erase Memory..........
Page 190
Settings by SNMP v1 and v2......SNMPv3.............. Specifying Service Mode Lock Preparation..Specifying Weekly Timer Code......SSL................ SSL (Secure Sockets Layer)........ SSL / TLS Encryption........... Supervisor............18, 149 Suspending Erase All Memory......Symbols..............System Settings............ Type of Administrator..........Types of Data that Can or Cannot Be Overwritten.................
Page 191
Trademarks ® ® ® ® ® Microsoft , Windows , Windows NT , Windows Server , and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Adobe, Acrobat, Acrobat Reader, PostScript, and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Need help?
Do you have a question about the PRO C900 and is the answer not in the manual?
Questions and answers