Gestetner DSc525 Security Manual

Gestetner dsc525: reference guide

Hide thumbs Also See for DSc525:

Operating instructions manual (71 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

Table of Contents

Quick Links

Download this manual

Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the

Safety Information in "About This Machine" before using the machine.

Getting Started

Authentication and its Application

Preventing Information Leaks

Managing Access to the Machine

Enhanced Network Security

Specifying the Extended Security Functions

Troubleshooting

Appendix

Operating Instructions

Security Reference

Table of Contents

Summary of Contents for Gestetner DSc525

Page 1: Operating Instructions
Operating Instructions Security Reference Getting Started Authentication and its Application Preventing Information Leaks Managing Access to the Machine Enhanced Network Security Specifying the Extended Security Functions Troubleshooting Appendix Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information in "About This Machine"...
Page 2 Introduction This manual contains detailed instructions and notes on the operation and use of this machine. For your safety and benefit, read this manual carefully before using the machine. Keep this manual in a handy place for quick reference. Do not copy or print any item for which reproduction is prohibited by law. Copying or printing the following items is generally prohibited by local law: bank notes, revenue stamps, bonds, stock certificates, bank drafts, checks, passports, driver's licenses.
Page 4: Manuals For This Machine
Manuals for This Machine Refer to the manuals that are relevant to what you want to do with the machine. ❖ About This Machine Be sure to read the Safety Information in this manual before using the ma- chine. This manual provides an introduction to the functions of the machine. It also explains the control panel, preparation procedures for using the machine, how to enter text, and how to install the CD-ROMs provided.
Page 5 ❖ Other manuals • PostScript3 Supplement • UNIX Supplement • Manuals for DeskTopBinder Lite • DeskTopBinder Lite Setup Guide • DeskTopBinder Introduction Guide • Auto Document Link Guide Note ❒ Manuals provided are specific to machine types. ❒ Adobe Acrobat Reader/Adobe Reader must be installed in order to view the manuals as PDF files.
Page 6: Table Of Contents
TABLE OF CONTENTS Manuals for This Machine ..................i How to Read This Manual ..................1 Symbols ........................1 1. Getting Started Enhanced Security....................3 Glossary ........................4 Setting Up the Machine....................5 Security Measures Provided by this Machine............. 7 Using Authentication and Managing Users ..............7 Preventing Information Leaks ..................7 Limiting and Controlling Access .................9 Enhanced Network Security..................10...
Page 7 3. Preventing Information Leaks Guarding Against Unauthorized Copying ............73 Unauthorized Copy Prevention ................74 Data Security for Copying ..................75 Printing Limitations....................76 Notice ........................77 Printing with Unauthorized Copy Prevention and Data Security for Copying...77 Printing a Confidential Document ..............80 Choosing a Locked Print file ..................80 Printing a Locked Print File ..................81 Deleting Locked Print Files ..................83 Changing Passwords of Locked Print Files..............84...
Page 8 5. Enhanced Network Security Preventing Unauthorized Access..............129 Enabling/Disabling Protocols .................129 Access Control .......................130 Specifying Network Security Level.................131 Encrypting Transmitted Passwords..............135 Driver Encryption Key .................... 136 Group Password for PDF files................138 IPP Authentication Password.................139 Protection Using Encryption ................140 SSL (Secure Sockets Layer) Encryption..............141 User Settings for SSL (Secure Sockets Layer) ............
Page 9 Network Administrator Settings ...............183 System Settings .....................183 Facsimile Features....................184 Scanner Features....................184 Settings via Web Image Monitor ................184 Settings via SmartDeviceMonitor for Admin............186 File Administrator Settings ................187 System Settings .....................187 Facsimile Features....................187 Printer Features .....................187 Settings via Web Image Monitor ................188 User Administrator Settings ................
Page 10: How To Read This Manual
How to Read This Manual Symbols This manual uses the following symbols: Indicates important safety notes. Ignoring these notes could result in serious injury or death. Be sure to read these notes. They can be found in the "Safety Information" section of About This Ma- chine.
Page 12: Getting Started
1. Getting Started Enhanced Security This machine's security function can be enhanced through the management of the machine and its users using the improved authentication functions. By specifying access limits on the machine’s functions and the documents and data stored in the machine, you can prevent information leaks and unauthorized access.
Page 13: Glossary
Getting Started Glossary ❖ Administrator There are four types of administrator: machine administrator, network ad- ministrator, file administrator, and user administrator. We recommend only one person take each administrator role. You can spread the workload and limit unauthorized operation by a single administrator. Basically, administrators make machine settings and manage the machine;...
Page 14: Setting Up The Machine
Enhanced Security Setting Up the Machine If you want higher security, make the following setting before using the ma- chine: Turn the machine on. Press the {User Tools/Counter} key. Press {System Settings}. Press {Interface Settings}. Specify IP Address. For details, see the General Settings Guide. Connect the machine to the network.
Page 15 Getting Started Enter the administrator’s user name and password. The administrator's default account (user name: "admin"; password: blank) is unencrypted between steps . If acquired during this time, this account information could be used to gain unauthorized access to the machine over the network.
Page 16: Security Measures Provided By This Machine
Security Measures Provided by this Machine Security Measures Provided by this Machine Using Authentication and Managing Users ❖ Enabling Authentication To control administrators’ and users’ access to the machine, perform admin- istrator authentication and user authentication using login user names and login passwords.
Page 17 Getting Started Reference For details, see p.73 “Guarding Against Unauthorized Copying”. ❖ Printing confidential files Using the printer’s Locked Print, you can store files in the machine as confi- dential files and then print them. You can print a file using the machine’s con- trol panel and collect it on the spot to prevent others from seeing it.
Page 18: Limiting And Controlling Access
Security Measures Provided by this Machine ❖ Managing Log Files You can improve data security by deleting log files stored in the machine. By transferring the log files, you can check the history data and identify unau- thorized access. To transfer the log data, the log collection server is required. Reference For details, see p.126 “Managing Log Files”.
Page 19: Enhanced Network Security
Getting Started Enhanced Network Security ❖ Preventing Unauthorized Access You can limit IP addresses or disable ports to prevent unauthorized access over the network and protect the address book, stored files, and default set- tings. Reference For details, see p.129 “Preventing Unauthorized Access”. ❖...
Page 20: Authentication And Its Application
2. Authentication and its Application Administrators and Users When controlling access using the authentication specified by an administrator, select the machine’s administrator, enable the authentication function, and then use the machine. The administrators manage access to the allocated functions, and users can use only the functions they are permitted to access.
Page 21: User
Authentication and its Application ❖ Machine Administrator This is the administrator who mainly manages the machine’s default settings. You can set the machine so that the default for each function can only be spec- ified by the machine administrator. By making this setting, you can prevent unauthorized people from changing the settings and allow the machine to be used securely by its many users.
Page 22: The Management Function
The Management Function The Management Function The machine has an authentication function requiring a login user name and login password. By using the authentication function, you can specify access limits for individual users and groups of users. Using access limits, you can not only limit the machine’s available functions but also protect the machine settings and files and data stored in the machine.
Page 23: About Administrator Authentication
Authentication and its Application About Administrator Authentication There are four types of administrator: user administrator, machine administra- tor, network administrator, and file administrator. AYJ002S User Administrator File Administrator This administrator manages personal in- This administrator manages permission formation in the address book. You can to access stored files.
Page 24: About User Authentication
The Management Function About User Authentication This machine has an authentication function to prevent unauthorized access. By using login user name and login password, you can specify access limits for individual users and groups of users. AYJ001S User Authentication A user performs normal operations on Using a login user name and password, the machine, such as copying and print- user authentication is performed.
Page 25: Enabling Authentication
Authentication and its Application Enabling Authentication To control administrators’ and users’ access to the machine, perform administra- tor or user authentication using login user names and passwords. To perform authentication, the authentication function must be enabled. To specify authen- tication, you need to register administrators. Reference For details, see p.20 “Registering the Administrator”.
Page 26: Administrator Authentication
Administrator Authentication Administrator Authentication Administrators are handled differently from the users registered in the address book. When registering an administrator, you cannot use a login user name al- ready registered in the address book. Windows Authentication, LDAP Authen- tication and Integration Server Authentication are not performed for an administrator, so an administrator can log on even if the server is unreachable due to a network problem.
Page 27 Authentication and its Application Note ❒ For details about logging on and logging off with administrator authentica- tion, see p.23 “Logging on Using Administrator Authentication”, p.26 “Log- ging off Using Administrator Authentication”. Press the {User Tools/Counter} key. Press [System Settings]. Press [Administrator Tools].
Page 28 Administrator Authentication Press the [User Management], [Machine Management], [Network Management], or [File Management] key to select which settings to manage. Set "Admin. Authentication" to [On]. [Available Settings] appears. Select the settings to manage from "Available Settings". The selected settings will be unavailable to users. [Available Settings] varies depending on the administrator.
Page 29: Registering The Administrator
Authentication and its Application Press [OK]. Press the {User Tools/Counter} key. Registering the Administrator If administrator authentication has been specified, it is recommended to assign each administrator role to a different person. By sharing the administrative work among different administrators, you can spread the workload and limit unauthorized operation by a single administra- tor.You can register up to four login user names (Administrators 1 to 4) to which you can grant administrator privileges.
Page 30 Administrator Authentication Press [Administrator Tools]. Press [Program / Change Administrator]. In the line for the administrator whose authority you want to specify, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. If you allocate each administrator’s authority to a different person, the screen appears as follows:...
Page 31 Authentication and its Application Press [Change] for the login user name. Enter the login user name, and then press [OK]. Press [Change] for the login password. Enter the login password, and then press [OK]. Follow the password policy to make the login password more secure. For details about the password policy, see p.157 “Password Policy”.
Page 32: Logging On Using Administrator Authentication
Administrator Authentication Enter the encryption password, and then press [OK]. If a password reentry screen appears, enter the encryption password, and then press [OK]. Press [OK] twice. You will be automatically logged off. Press the {User Tools/Counter} key. Logging on Using Administrator Authentication If administrator authentication has been specified, log on using an administra- tor’s user name and password.This section describes how to log on.
Page 33 Authentication and its Application Press [Enter] next to "Login User Name". Enter the login user name, and then press [OK]. Note ❒ When you log on to the machine for the first time as the administrator, en- ter "admin". Press [Enter] next to "Login Password". Note ❒...
Page 34 Administrator Authentication Enter the login password, and then press [OK]. Enter [Login]. " " appears, followed by the screen for Authenticating... Please wait. specifying the default.
Page 35: Logging Off Using Administrator Authentication
Authentication and its Application Logging off Using Administrator Authentication If administrator authentication has been specified, be sure to log off after com- pleting settings. This section explains how to log off after completing settings. Press the {Login/Logout}key. AMG044S Press [Yes].
Page 36: Changing The Administrator
Administrator Authentication Changing the Administrator Change the administrator’s login user name and login password. You can also assign each administrator’s authority to the login user names "Administrator 1" to "Administrator 4" To combine the authorities of multiple administrators, as- sign multiple administrators to a single administrator. For example, to assign machine administrator authority and user administrator authority to [Administrator 1], press [Administrator 1] in the lines for the machine administrator and the user administrator.
Page 37 Authentication and its Application Press [Administrator Tools]. Press [Program / Change Administrator]. In the line for the administrator you want to change, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change]. Press [Change] for the setting you want to change, and re-enter the setting. Press [OK].
Page 38: User Authentication
User Authentication User Authentication There are five types of user authentication method: user code authentication, ba- sic authentication, Windows authentication, Integration Server Authentication, and LDAP authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authen- tication.
Page 39 Authentication and its Application Specifying User Code Authentication This can be specified by the machine administrator. Press the {User Tools/Counter} key. Press [System Settings]. Press [Administrator Tools]. Press [User Authentication Management].
Page 40 User Authentication Select [User Code Auth.]. Note ❒ If you do not want to use user authentication management, select [Off]. Select which of the machine’s functions you want to limit. The selected settings will be unavailable to users. For details about Limiting Available Functions see p.124 “Limiting Available Functions”.
Page 41 Authentication and its Application Select the "Printer Job Authentication" level. Note ❒ If you select [Entire], you cannot print using a printer driver or a device that does not support authentication. To print under an environment that does not support authentication, select [Simple (All)]. ❒...
Page 42: Basic Authentication
User Authentication Specify the range in which [Simple (Limitation)] is applied to Printer Job Au- thentication. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 43 Authentication and its Application Press [Administrator Tools]. Press [User Authentication Management]. Select [Basic Auth.]. Note ❒ If you do not want to use user authentication management, select [Off].
Page 44 User Authentication Select which of the machine’s functions you want to permit. The selected settings will be available to users. For details about Limiting Available Functions see p.124 “Limiting Available Functions”. Select the "Printer Job Authentication" level. Note ❒ If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 45 Authentication and its Application Press [Simple (Limitation)] Press [Change]. Specify the range in which [Simple (Limitation)] is applied to Printer Job Au- thentication. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 46 User Authentication Authentication Information Stored in the Address Book This can be specified by the user administrator. If you have specified [User Authentication], you can specify access limits for indi- vidual users and groups of users. Specify the setting in the address book for each user.
Page 47 Authentication and its Application Select the user or group. Press [Auth. Info]. Press [Change] for [Login User Name]. Enter a login user name, and then press [OK]. Press [Change] for [Login Password].
Page 48 User Authentication Enter a login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK]. Press [Exit] twice. Press the {User Tools/Counter} key. Specifying Authentication Information to Log on The login user name and password specified in [User Authentication Management] can be used as the login information for "SMTP Authentication", "Folder Au- thentication", and "LDAP Authentication".
Page 49 Authentication and its Application Press [Address Book Management]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Select the user or group. Press [Auth. Info]. Specify the login user name and password.
Page 50 User Authentication Select [Use Auth. Info at Login] in "SMTP Authentication". If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Limitation ❒ When using [Use Auth. Info at Login] for "SMTP Authentication", "Folder Au- thentication", or "LDAP Authentication", a user name other than "other"...
Page 51: Windows Authentication
Authentication and its Application Windows Authentication Specify this authentication when using the Windows domain controller to au- thenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group regis- tered in the directory server.
Page 52 User Authentication ❒ Users who are registered in multiple groups can use all the functions availa- ble to those groups. ❒ If you specify in the address book which functions are available to global group members, those settings have priority. ❒...
Page 53 Authentication and its Application Press [Administrator Tools]. Press [User Authentication Management]. Select [Windows Auth.]. Note ❒ If you do not want to use user authentication management, select [Off].
Page 54 User Authentication Press [Change] for "Domain Name", enter the name of the domain controller to be authenticated, and then press [OK]. Select the "Printer Job Authentication" level. Note ❒ If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 55 Authentication and its Application Press [Simple (Limitation)] Press [Change]. Specify the range in which [Simple (Limitation)] is applied to Printer Job Au- thentication. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 56 User Authentication Press [On] for "SSL". If you are not using secure sockets layer (SSL) for authentication, press [Off]. If global groups have been registered under Windows server, you can limit the use of functions for each global group. You need to create global groups in the Windows server in advance and reg- ister in each group the users to be authenticated.
Page 57 Authentication and its Application Under "Group Name", press [Change], and then enter the group name. Press [OK]. Select which of the machine’s functions you want to permit. The selected settings will be available to users. For details about limiting available functions, see p.124 “Limiting Available Functions”.
Page 58 User Authentication -Installing Internet Information Services (IIS) and Certificate services Specify this setting if you want the machine to automatically obtain e-mail ad- dresses registered in Active Directory. We recommended you install Internet Information Services (IIS) and Certificate services as the Windows components. Install the components, and then create the server certificate.
Page 59: Ldap Authentication
Authentication and its Application -If the fax number cannot be obtained If the fax number cannot be obtained during authentication, specify the setting as follows: Start [C:\WINNT\SYSTEM32\adminpak]. Start Setup Wizard. Select [Install all of the Administrator Tools], and then click [Next]. On the [Start] menu, select [Run].
Page 60 User Authentication ❖ Operational Requirements for LDAP Authentication To specify LDAP authentication, the following requirements must be met: • The Printer/Scanner unit must be installed. • The network configuration must allow the machine to detect the presence of the LDAP server. •...
Page 61 Authentication and its Application Specifying LDAP Authentication This can be specified by the machine administrator. Press the {User Tools/Counter} key. Press [System Settings]. Press [Administrator Tools]. Press [User Authentication Management].
Page 62 User Authentication Select [LDAP Auth.]. Note ❒ If you do not want to use user authentication management, select [Off]. Select the LDAP server to be used for LDAP authentication.
Page 63 Authentication and its Application Select the "Printer Job Authentication" level. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Note ❒ If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 64 User Authentication Press [Change]. Specify the range in which [Simple (Limitation)] is applied to Printer Job Au- thentication. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 65 Authentication and its Application Press [Change] for "Login Name Attribute". Enter the login name attribute , and then press [OK]. Note ❒ You can use the Login Name Attribute as a search criterion to obtain infor- mation about an authenticated user. You can create a search filter based on the Login Name Attribute, select a user, and then retrieve the user infor- mation from the LDAP server so it is transferred to the machine’s address book.
Page 66: Integration Server Authentication
User Authentication Enter the unique attribute and then press [OK]. Note ❒ Specify Unique Attribute on the machine to match the user information in the LDAP server with that in the machine. By doing this, if the Unique At- tribute of a user registered in the LDAP server matches that of a user regis- tered in the machine, the two instances are treated as referring to the same user.You can enter an attribute such as "serialNumber"...
Page 67 Authentication and its Application Note ❒ The built-in default administrator name is "Admin" on the Server and "ad- min" on the machine. Specifying Integration Server Authentication This can be specified by the machine administrator. This section explains how to specify the machine settings. For details, see the Authentication Manager manual.
Page 68 User Authentication Select [Integration Svr. Auth.]. Note ❒ If you do not wish to use User Authentication Management, select [Off]. Press [Change] for "Server Name". Specify the name of the server for external authentication. Enter the server name, and then press [OK]. Enter the IPv4 address or host name.
Page 69 Authentication and its Application In "Authentication Type", select the authentication system for external au- thentication. Select an available authentication system. Press [Change] for "Domain Name". Enter the domain name, and then press [OK]. Note ❒ You cannot specify a domain name under an authentication system that does not support domain login.
Page 70 User Authentication Press [OK] If you set "Authentication Type" to "Windows", you can use the global group. If you set "Authentication Type" to "Notes", you can use the Notes group. If you set "Authentication Type" to "Basic (Integration Server)", you can use the groups created using the Authentication Manager.
Page 71 Authentication and its Application Press [Simple (Limitation)] Press [Change]. Specify the range in which [Simple (Limitation)] is applied to Printer Job Au- thentication. You can specify the IPv4 address range to which this setting is applied, and whether or not to apply the setting to the parallel and USB interfaces. Press [Exit].
Page 72 User Authentication Press [On] for "SSL". To not use secure sockets layer (SSL) for authentication, press [Off]. Press the {User Tools/Counter} key.
Page 73 Authentication and its Application ❖ Printer Job Authentication Levels and Printer Job Types This section explains the relationship between printer job authentication lev- els and printer job types. Depending on the combination of printer job authentication level and printer job type, the machine may not print properly. Set an appropriate combination according to the operating environment.
Page 74 User Authentication ❖ Printer Job Types In the RPCS printer driver dialog box, the [Confirm authentication information when printing] and [Encrypt] check boxes are selected. In the PCL printer driver dialog box, the [User Authentication] and [Encrypt] check boxes are selected. Personal authentication information is added to the printer job.
Page 75: If User Authentication Is Specified
Authentication and its Application If User Authentication is Specified When user authentication (User Code Authentication, Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authen- tication) is set, the authentication screen is displayed. Unless a valid user name and password are entered, operations are not possible with the machine. Log on to operate the machine, and log off when you are finished operations.
Page 76: Login (Using The Control Panel)
If User Authentication is Specified Login (Using the Control Panel) Follow the procedure below to log on when Basic Authentication, Windows Au- thentication, LDAP Authentication, or Integration Server Authentication is set. Press [Enter] for [Login User Name]. Enter a login user name, and then press [OK]. Press [Enter] for [Login Password].
Page 77: Log Off (Using The Control Panel)
Authentication and its Application Enter a login password, and then press [OK]. Press [Login]. When the user is authenticated, the screen for the function you are using ap- pears. Log Off (Using the Control Panel) Follow the procedure below to log off when Basic Authentication, Windows Au- thentication, or LDAP Authentication is set.
Page 78: Login (Using A Printer Driver)
If User Authentication is Specified Login (Using a Printer Driver) When Basic Authentication, Windows Authentication, or LDAP Authentication is set, make encryption settings in the printer properties of a printer driver, and then specify a login user name and password. For details, see the printer driver Help.
Page 79: Auto Logout
Authentication and its Application Auto Logout This can be specified by the machine administrator. When using user authentication management, the machine automatically logs you off if you do not use the control panel within a given time. This feature is called "Auto Logout".
Page 80: Authentication Using An External Device
If User Authentication is Specified Select [On]. Note ❒ If you do not want to specify [Auto Logout Timer], select [Off]. Enter "60" to "999" (seconds) using the number keys, and then press [q]. Press [OK]. Press the {User Tools/Counter} key. Authentication using an external device If you authenticate using an external device, see the Kit manual.
Page 81 Authentication and its Application...
Page 82: Preventing Information Leaks
3. Preventing Information Leaks Guarding Against Unauthorized Copying Using the printer driver, you can embed a pattern in the printed copy to discour- age or prevent unauthorized copying. If you enable data security for copying on the machine, printed copies of a doc- ument with data security for copying are grayed out to prevent unauthorized copying.
Page 83: Unauthorized Copy Prevention
Preventing Information Leaks Unauthorized Copy Prevention Using the printer driver, you can embed mask and pattern (for instance, a warn- ing such as "No Copying") in the printed document. If the document is copied, scanned, or stored in a Document Server by a copier or multifunction printer, the embedded pattern appears clearly on the copy, dis- couraging unauthorized copying.
Page 84: Data Security For Copying
Guarding Against Unauthorized Copying Data Security for Copying Using the printer driver to enable data security for the copying function, you can print a document with an embedded pattern of hidden text. Such a document is called a data security for copying document. If a data security for copying document is copied or stored in the Document Server using a copier or multi-function printer with the Copy Data Security Unit, protected pages are grayed out in the copy, preventing confidential information...
Page 85: Printing Limitations
Preventing Information Leaks Note ❒ You can also embed pattern in a document protected by data security for cop- ying. However, if such a document is copied or stored in the Document Serv- er using a copier or multi-function printer with the Copy Data Security Unit, the copy is grayed out, so the embedded pattern does not appear on the copy.
Page 86: Notice
Guarding Against Unauthorized Copying Notice 1.The supplier does not guarantee that unauthorized copy prevention and data security for copying will always work. Depending on the paper, the model of copier or multi-function printer, and the copier or printer settings, unauthorized copy prevention and data security for copying may not work properly.
Page 87 Preventing Information Leaks Specifying Printer Settings for Data security for copying (Printer Driver Setting) If a document printed using this function is copied or stored in the Document Server by a copier or multi-function printer, the copy is grayed out. Using the printer driver, specify the printer settings for data security for copy- ing.
Page 88 Guarding Against Unauthorized Copying Press [System Settings]. Press [Administrator Tools]. Press [Data Security for Copying]. If the setting you want to specify does not appear, press [TNext] to scroll down to other settings. Press[On]. If you do not want to specify [Data Security for Copying], select [Off]. Press[OK].
Page 89: Printing A Confidential Document
Preventing Information Leaks Printing a Confidential Document To use this function, Printer/Scanner unit must be installed. Depending on the location of the machine, it is difficult to prevent unauthorized persons from viewing prints lying in the machine’s output trays. When printing confidential documents, use the Locked Print function.
Page 90: Printing A Locked Print File
Printing a Confidential Document Perform Locked Print. Reference For details, see the printer driver Help. Printing a Locked Print File Print Locked Print files using the control panel. Consult your administrator if you have forgotten your password. This can also be specified via Web Image Monitor. For details see the Web Image Monitor Help.
Page 91 Preventing Information Leaks Press [Print]. Enter the password for the stored file, and then press [OK]. Note ❒ Enter the password specified in step on p.80 “Choosing a Locked Print file”. Press [Yes].
Page 92: Deleting Locked Print Files
Printing a Confidential Document Deleting Locked Print Files This can be specified by the file creator (owner). To delete Locked Print files, you must enter the password for the files. If the password has been forgotten, ask the file administrator to change the password. This can also be specified via Web Image Monitor.
Page 93: Changing Passwords Of Locked Print Files
Preventing Information Leaks Press [Delete]. Enter the password of the Locked Print file, and then press [OK]. Press [Yes]. Changing Passwords of Locked Print Files This can be specified by the file creator (owner) or file administrator. If the password has been forgotten, the file administrator change the password. This can also be specified via Web Image Monitor.
Page 94 Printing a Confidential Document Press [Change Password]. Enter the password for the stored file, and then press [OK]. The machine administrator does not need to enter the password. Enter the new password for the stored file, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK].
Page 95: Unlocking Locked Print Files
Preventing Information Leaks Unlocking Locked Print Files If you specify "Enhance File Protection", the file will be locked and become inac- cessible if an invalid password is entered ten times. This section explains how to unlock files. Only the file administrator can unlock files. This can also be specified via Web Image Monitor.
Page 96: Specifying Access Permission For Stored Files
Specifying Access Permission for Stored Files Specifying Access Permission for Stored Files You can specify who is allowed to access stored scan files and files stored in the Document Server. This can prevent activities such as printing or sending of stored files by unau- thorized users.
Page 97: Assigning Users And Access Permission For Stored Files
Preventing Information Leaks Assigning Users and Access Permission for Stored Files This can be specified by the file creator (owner) or file administrator. Specify the users and their access permissions for each stored file. By making this setting, only users granted access permission can access stored files.
Page 98 Specifying Access Permission for Stored Files Press [Change Access Priv.]. Press [Program/Change/Delete]. Press [New Program].
Page 99 Preventing Information Leaks Select the users or groups you want to assign permission to. You can select more than one users. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign an access permission to, and then select the permission.
Page 100: Specifying Access Privileges For Files Stored Using The Scanner And Fax Functions
Specifying Access Permission for Stored Files Specifying Access Privileges for Files Stored using the Scanner and Fax Functions If user authentication is set for the scanner and fax functions, you can specify ac- cess privileges for made using these functions when storing them in the Docu- ment Server.
Page 101 Preventing Information Leaks Press [New Program]. Select the users or groups you want to assign permission to. You can select more than one users. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign an access permission to, and then se- lect the permission.
Page 102 Specifying Access Permission for Stored Files Press[Manage / Delete File]. Press [Change Access Priv.]. Press [Program/Change/Delete]. Press [New Program]. Select the users or groups you want to assign permission to. You can select more than one users. By pressing [All Users], you can select all the users. Press [Exit].
Page 103: Assigning The User And The Access Permission For The User's Stored Files
Preventing Information Leaks Assigning the User and the Access Permission for the User’s Stored Files This can be specified by the file creator (owner) or user administrator. Specify the users and their access permission to files stored by a particular user. Only those users granted access permission can access stored files.
Page 104 Specifying Access Permission for Stored Files Press [Address Book Management]. Select the user or group. Press [Protection].
Page 105 Preventing Information Leaks Under "Protect File(s)", press [Program/Change/Delete] for "Permissions for Users/Groups". If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Press [New Program]. Select the users or groups to register. You can select more than one users. By pressing [All Users], you can select all the users.
Page 106: Specifying Passwords For The Stored Files
Specifying Access Permission for Stored Files Select the user who you want to assign an access permission to, and then select the permission. Select the access permission from [Read-only], [Edit], [Edit / Delete], or [Full Control]. Press [Exit]. Press [OK]. Press [Exit].
Page 107 Preventing Information Leaks Press [File Management]. Press [Change Password]. Enter the password using the number keys. You can use 4 to 8 numbers as the password for the stored file. Press [OK]. Confirm the password by re-entering it using the number keys. Press [OK].
Page 108: Unlocking Files
Specifying Access Permission for Stored Files Unlocking Files If you specify "Enhance File Protection", the file will be locked and become inac- cessible if an invalid password is entered ten times. This section explains how to unlock files. Only the file administrator can unlock files. For details about "Enhance File Protection", see p.151 “Changing the Extended Security Functions”.
Page 109 Preventing Information Leaks Press [Unlock Files]. Press [Yes]. Press [OK].
Page 110: Preventing Data Leaks Due To Unauthorized Transmission
Preventing Data Leaks Due to Unauthorized Transmission Preventing Data Leaks Due to Unauthorized Transmission If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person mas- querading as the user.
Page 111 Preventing Information Leaks Press [System Settings]. Press [Administrator Tools]. Press [Extended Security]. Press [On] for "Restrict Use of Destinations".
Page 112 Preventing Data Leaks Due to Unauthorized Transmission Press [OK]. Press the {User Tools/Counter} key. Reference This can also be specified using Web Image Monitor or SmartDeviceMon- itor for Admin. For details, see the Help for each application.
Page 113: Protecting The Address Book
Preventing Information Leaks Protecting the Address Book If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person mas- querading as the user. To protect the data from unauthorized reading, you can also encrypt the data in the address book.
Page 114 Protecting the Address Book Press [Address Book Management]. Select the user or group. Press [Protection]. Under "Protect Destination", press [Program/Change/Delete] for "Permissions for Users/Groups".
Page 115 Preventing Information Leaks Press [New Program]. Select the users or groups to register. You can select more than one users. By pressing [All Users], you can select all the users. Press [Exit]. Select the user who you want to assign an access permission to, and then select the permission.
Page 116: Encrypting The Data In The Address Book
Protecting the Address Book Encrypting the Data in the Address Book This can be specified by the user administrator. Encrypt the data in the address book. Reference See p.151 “Changing the Extended Security Functions”. Preparation For details about logging on and logging off with administrator authentica- tion, see p.23 “Logging on Using Administrator Authentication”, p.26 “Log- ging off Using Administrator Authentication”.
Page 117 Preventing Information Leaks Press [Extended Security]. Press [On] for "Encrypt Address Book". Press [Change] for [Encryption Key]. Enter the encryption key, and then press [OK]. Enter the encryption key using up to 32 alphanumeric characters. Press [Encrypt / Decrypt].
Page 118 Protecting the Address Book Press [Yes]. Do not switch the main power off during encryption, as doing so may corrupt the data. Encrypting the data in the address book may take a long time. The time it takes to encrypt the data in the address book depends on the number of registered users.
Page 119: Deleting Data On The Hard Disk
Preventing Information Leaks Deleting Data on the Hard Disk Hard Disk The machine’s hard disk lets you store data under the copy, printer, fax, scan- ner, and document server functions, as well as the address book and counters stored under each user code. Data Not Overwritten in the Hard Disk The machine’s memory lets you store fax numbers and data transmitted us- ing the fax function, and network TWAIN scanner.
Page 120 Deleting Data on the Hard Disk Reference For details, see the manual supplied with the DataOverwriteSecurity unit. "Auto Erase Memory Setting" This can be specified by the machine administrator. A document scanned in Copier, Fax, or Scanner mode, or print data sent from a printer driver is temporarily stored on the machine's hard disk.
Page 121 Preventing Information Leaks Press [Auto Erase Memory Setting]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Press [On], and then select the method of erasing the data. Select the method of erasing the data from [NSA], [DoD], or [Random Numbers]. If you select [Random Numbers], proceed to step If you select [NSA] or [DoD], proceed to step Press [Change].
Page 122 Deleting Data on the Hard Disk Enter the number of times that you want to overwrite using the number keys, and then press [q]. Press [OK]. Auto Erase Memory is set. Important ❒ When Auto Erase Memory is set to "On", temporary data that remained on the hard disk when Auto Erase Memory was "Off"...
Page 123 Preventing Information Leaks Types of Data that Can or Cannot Be Overwritten The following table shows the types of data that can or cannot be overwritten by Auto Erase Memory. Data overwritten by Auto Copier • Copy jobs Erase Memory Printer •...
Page 124 Deleting Data on the Hard Disk "Erase All Memory" This can be specified by the machine administrator. You can erase all the data on the hard disk by writing over it. This is useful if you relocate or dispose of your machine. Preparation For details about logging on and logging off with administrator authentica- tion, see p.23 “Logging on Using Administrator Authentication”, p.26 “Log-...
Page 125 Preventing Information Leaks Press [Erase All Memory]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Select the method of erasing the data. Select the method of erasing the data from [NSA], [DoD], or [Random Numbers]. If you select [Random Numbers], proceed to step If you select [NSA] or [DoD], proceed to step Press [Change].
Page 126 Deleting Data on the Hard Disk Enter the number of times that you want to overwrite using the number keys, and then press [q]. Press [OK]. Press [Yes]. When overwriting is completed, press [Exit], and then turn off the power. Reference Before turning the power off, see "Turning On the Power", About This Ma- chine..
Page 127 Preventing Information Leaks Canceling Erase All Memory Press [Cancel] while Erase All Memory is in progress. Press [Yes]. Erase All Memory is canceled. Note ❒ If you stop this before completion, the data is not fully erased. Execute [Erase All Memory] again to erase the data. Turn off the main power.
Page 128: Managing Access To The Machine
4. Managing Access to the Machine Preventing Modification of Machine Settings Administrator type determines which machine settings can be modified. Users cannot change the administrator settings. In [Admin. Authentication], [Available Set- tings], the administrator can select which settings users cannot specify. Register the administrators before using the machine.
Page 129: Menu Protect
Managing Access to the Machine Menu Protect The administrator can also limit users’ access permission to the machine’s set- tings. The machine’s System Settings menu and the printer’s regular menus can be locked so they cannot be changed. This function is also effective when man- agement is not based on user authentication.
Page 130 Menu Protect Select the menu protect level, and then press [OK]. Press the {User Tools/Counter} key. Fax Functions To specify [Menu Protect] in [Facsimile Features]: Under [System Settings], [Adminis- trator Tools], [Administrator Authentication Management], set [Machine Management], to [On]. Press the {User Tools/Counter} key. Press [Facsimile Features].
Page 131 Managing Access to the Machine Select the menu protect level, and then press [OK]. Press the {User Tools/Counter} key. Printer Functions To specify [Menu Protect] in [Printer Features], set [Machine Management] to [On] in [Administrator Authentication Management] in [Administrator Tools] in [System Set- tings].
Page 132 Menu Protect Press the {User Tools/Counter} key. Scanner Functions To specify [Menu Protect] in [Scanner Features], set [Machine Management] to [On] in [Administrator Authentication Management] in [Administrator Tools] in [System Set- tings]. Press the {User Tools/Counter} key. Press [Scanner Features]. Press [Initial Settings].
Page 133: Limiting Available Functions
Managing Access to the Machine Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine’s functions. ❖ Available Functions Specify the available functions from the copier, Document Server, fax, scan- ner, and printer functions. Copier [Full Color/Two Color/Single Color/Black &...
Page 134 Limiting Available Functions Press [Administrator Tools]. Press [Address Book Management]. Select the user. Press [Auth. Info]. In [Available Functions], select the functions you want to specify. If the setting to be specified does not appear, press [TNext] to scroll down to other settings.
Page 135: Managing Log Files
Managing Access to the Machine Managing Log Files Log information To view the log, the log collection server is required. The following log information is stored in the machine’s memory and on its hard disk: • Job log Stores information about workflow related to user files, such as copying, printing, fax deliverly, and scan file delivery •...
Page 136: Transfer Log Setting
Managing Log Files Press [Administrator Tools]. Press [Delete All Logs]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. A confirmation message appears. Press [Yes]. Press [Exit]. Press the {User Tools/Counter}key. Transfer Log Setting The machine administrator can select [On] from the log server only.
Page 137 Managing Access to the Machine Press [Administrator Tools]. Press [Transfer Log Setting]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Press [Off]. Press [OK]. Press the {User Tools/Counter}key.
Page 138: Enhanced Network Security
5. Enhanced Network Security Preventing Unauthorized Access You can limit IP addresses, disable ports and protocols, or use Web Image Mon- itor to specify the network security level to prevent unauthorized access over the network and protect the address book, stored files, and default settings. Enabling/Disabling Protocols This can be specified by the network administrator.
Page 139: Access Control
Enhanced Network Security Press [Effective Protocol]. Press [Invalid] for the protocol you want to disable. Press [OK]. Press the {User Tools/Counter} key. Reference Advanced network settings can be specified using Web Image Monitor. For details, see the Web Image Monitor Help. Access Control This can be specified by the network administrator.
Page 140: Specifying Network Security Level
Preventing Unauthorized Access Open Web Image Monitor. Enter "http://(machine's-address)/" in the address bar to access the machine. Log onto the machine. The network administrator can log on using the appropriate login user name and login password. Click [Configuration], under [Security], click [Access Control]. The [Access Control] page appears.
Page 141 Enhanced Network Security Press the {User Tools/Counter}key. Press [System Settings]. Press [Administrator Tools]. Press [Network Security Level]. If the setting you want to specify does not appear, press [TNext] to scroll down to other settings.
Page 142 Preventing Unauthorized Access Select the network security level. Select [Level 0], [Level 1], or [Level 2]. Press [OK]. Press [Exit]. Press the {User Tools/Counter}key. -Status of Functions under each Network Security Level ❍= Available — = Unavailable U = Port is open. | = Port is closed.
Page 143 Enhanced Network Security Function Network Security Level Level 0 Level 1 Level 2 ❍ ❍ ❍ TCP/IP TCP/IP HTTP Port 80 Port 443 Port 631 Port 7443/7444 Port 80 Port 631 Port 443 ❍ ❍ DIPRINT — ❍ ❍ — Port 21 Port 22 sftp...
Page 144: Encrypting Transmitted Passwords
Encrypting Transmitted Passwords Encrypting Transmitted Passwords Prevent login passwords, group passwords for PDF files, and IPP authentication passwords being revealed by encrypting them for transmission. Also, encrypt the login password for administrator authentication and user au- thentication. ❖ Driver Encryption Key Encrypt the password transmitted when specifying user authentication.
Page 145: Driver Encryption Key
Enhanced Network Security Driver Encryption Key This can be specified by the network administrator. Specify the driver encryption key on the machine. By making this setting, you can encrypt login passwords for transmission to pre- vent them from being analyzed. Reference See p.151 “Changing the Extended Security Functions”.
Page 146 Encrypting Transmitted Passwords Press [Extended Security]. For [Driver Encryption Key], press [Change]. Enter the driver encryption key, and then press [OK]. Enter the driver encryption key using up to 32 alphanumeric characters. Note ❒ The network administrator must give users the driver encryption key specified on the machine so they can register it on their computers.
Page 147: Group Password For Pdf Files
Enhanced Network Security Group Password for PDF files This can be specified by the network administrator. On the machine, specify the group password for PDF files. By using a PDF group password, you can enhance security and so protect pass- words from being analyzed.
Page 148: Ipp Authentication Password
Encrypting Transmitted Passwords Enter the password, and then press [OK]. For [Confirm New Password], press [Change]. Enter the password and press [OK]. Press [OK]. Press the {User Tools/Counter} key. IPP Authentication Password This can be specified by the network administrator. Specify the IPP authentication passwords for the machine using Web Image Monitor.
Page 149: Protection Using Encryption
Enhanced Network Security Protection Using Encryption When you access the machine using a Web Image Monitor or IPP, you can estab- lish encrypted communication using SSL. When you access the machine using an application such as SmartDeviceMonitor for Admin, you can establish en- crypted communication using SNMPv3 or SSL.
Page 150: Ssl (Secure Sockets Layer) Encryption
Protection Using Encryption SSL (Secure Sockets Layer) Encryption This can be specified by the network administrator. To protect the communication path and establish encrypted communication, create and install the server certificate. There are two ways of installing a server certificate: create and install a self-cer- tificate using the machine, or request a certificate from a certificate authority and install it.
Page 151 Enhanced Network Security Click [Configuration], under [Security], click [Device Certificate]. Click [Create]. Make the necessary settings. Reference For details about the displayed items and selectable items, see Web Image Monitor Help. Click [OK]. The setting is changed. Click [OK]. A security warning dialog box appears. Check the details, and then click [OK].
Page 152 Protection Using Encryption Click [OK]. [Requesting] appears for [Certificate Status] in the Certificates area. Log off from the machine. Apply to the certificate authority for the server certificate. The application procedure depends on the certificate authority. For details, contact the certificate authority. For the application, click the Web Image Monitor Details icon and use the in- formation that appears in Certificate Details.
Page 153: User Settings For Ssl (Secure Sockets Layer)
Enhanced Network Security Log off from the machine. Enabling SSL After installing the server certificate in the machine, enable the SSL setting. This procedure is used for a self-signed certificate or a certificate issued by a cer- tificate authority. Open Web Image Monitor. Enter "http://(machine's-address)/"...
Page 154: Setting The Ssl / Tls Encryption Mode
Protection Using Encryption Install the certificate by following the Certificate Import Wizard instruc- tions. Note ❒ For details about how to install the certificate, see the Web Image Monitor Help. ❒ If a certificate issued by a certificate authority is installed in the printer, confirm the certificate store location with the certificate authority.
Page 155 Enhanced Network Security Press [System Settings]. Press [Interface Settings]. Press [Permit SSL / TLS Communication] If the setting to be specified does not appear, press [TNext] to scroll down to other settings.
Page 156: Snmpv3 Encryption
Protection Using Encryption Select the encrypted communication mode. Select [Ciphertext Only], [Ciphertext Priority], or [Ciphertext / Clear Text] as the en- crypted communication mode. Press [OK]. Press the {User Tools/Counter} key. Note ❒ The SSL/TLS encrypted communication mode can also be specified using Web Image Monitor.
Page 157 Enhanced Network Security Press [Interface Settings]. Press [Permit SNMPv3 Communication]. If the setting to be specified does not appear, press [TNext] to scroll down to other settings. Press [Encryption Only]. Press [OK].
Page 158 Protection Using Encryption Press the {User Tools/Counter} key. Note ❒ To use SmartDeviceMonitor for Admin for encrypting the data for speci- fying settings, you need to specify the network administrator’s [Encryption Password] setting and [Encryption Key] in [SNMP Authentication Information] in SmartDeviceMonitor for Admin, in addition to specifying [Permit SNMPv3 Communication] on the machine.
Page 159 Enhanced Network Security...
Page 160: Changing The Extended Security Functions
6. Specifying the Extended Security Functions Changing the Extended Security Functions As well as providing basic security through user authentication and the machine access limits specified by the administrators, you can increase security by, for in- stance, encrypting transmitted data and data in the address book. If you need ex- tended security, specify the machine’s extended security functions before using the machine.
Page 161 Specifying the Extended Security Functions Press [Administrator Tools]. Press [Extended Security]. Press the setting you want to change, and change the setting. Press [OK]. Press the {User Tools/Counter} key.
Page 162: Settings
Changing the Extended Security Functions Settings ❖ Driver Encryption Key This can be specified by the network administrator. Encrypt the password transmitted when specifying user authentication. The Driver Encryption Key must match the encryption key set on the machine. Reference See the printer driver Help.
Page 163 Specifying the Extended Security Functions ❖ Restrict Adding of User Destinations This can be specified by the user administrator. When "Restrict Use of Destinations" is set to [Off]. After entering a fax or scan- ner destination directly, you can register it in the address book by pressing [Program Dest.].
Page 164 Changing the Extended Security Functions ❖ Enhance File Protection This can be specified by the file administrator. By specifying a password, you can limit operations such as printing, deleting, and sending files, and can pre- vent unauthorized people from accessing the files. However, it is still possible for the password to be cracked.
Page 165 Specifying the Extended Security Functions ❖ Transfer to Fax Receiver This can be specified by the machine administrator. If you use [Forwarding] or [Transfer Request] under the fax function, files stored in the machine can be transferred or delivered. If you select [Prohibit] for this setting, stored files cannot be transferred by [For- warding] and [Transfer Request].
Page 166 Changing the Extended Security Functions ❖ Password Policy This can be specified by the user administrator. The password policy setting is effective only if [Basic Auth.] is specified. This setting lets you specify [Complexity Setting] and [Minimum Character No.] for the password.
Page 167: Other Security Functions
Specifying the Extended Security Functions Other Security Functions This section explains settings for preventing information leaks, and functions that you can restrict to further increase security. Fax Function ❖ Not Displaying Destinations and Senders in Reports and Lists You can specify whether or not to display destinations and senders by click- ing [Facsimile Features], [Administrator Tools], [Parameter Setting] and specifying "Bit No.
Page 168: Scanner Function
Other Security Functions Scanner Function ❖ Print & Delete Scanner Journal To prevent personal information in the transmission/delivery history being printed automatically, set user authentication and the journal will not print automatically. Instead, items in the Print&Delete Scanner Journal are over- written one by one when the number of transmissions/deliveries exceeds 250.
Page 169: Limiting Machine Operation To Customers Only
Specifying the Extended Security Functions Limiting Machine Operation to Customers Only The machine can be set so that operation is impossible without administrator au- thentication. The machine can be set to prohibit operation without administrator authentica- tion and also prohibit remote registration in the address book by a service rep- resentative.
Page 170 Limiting Machine Operation to Customers Only Press [Administrator Tools]. Press [Service Mode Lock]. Press [On] and then [OK]. A confirmation message appears. Press [Yes]. Press the {User Tools/Counter} key.
Page 171 Specifying the Extended Security Functions Canceling Service Mode Lock For a customer engineer to carry out inspection or repair in service mode, the machine administrator must log onto the machine and cancel the service mode lock. Preparation For details about logging on and logging off with administrator authentica- tion, see p.23 “Logging on Using Administrator Authentication”, p.26 “Log- ging off Using Administrator Authentication”.
Page 172 Limiting Machine Operation to Customers Only Press [Off] and then press [OK]. Press the {User Tools/Counter} key. The customer engineer can switch to service mode.
Page 173 Specifying the Extended Security Functions...
Page 174: Troubleshooting
7. Troubleshooting Authentication Does Not Work Properly This section explains what to do if a user cannot operate the machine because of a problem related to user authentication. Refer to this section if a user comes to you with such a problem. A Message Appears This section explains how to deal with problems if a message appears on the screen during user authentication.
Page 175 Troubleshooting Messages Causes Solutions The machine cannot connect Make sure the server's set- Failed to obtain to the server or cannot estab- tings, such as the IP Address URL. lish communication. and host name, are specified correctly on the machine. Make sure the host name of the UA Server is specified cor- rectly.
Page 176: Machine Cannot Be Operated
Authentication Does Not Work Properly Machine Cannot Be Operated If the following conditions arise while users are operating the machine, provide instructions on how to deal with them. Condition Cause Solution Cannot print using the printer User authentication has been Enter the login user name and driver or connect using the rejected.
Page 177 Troubleshooting Condition Cause Solution Cannot connect to the Scan- The ScanRouter delivery soft- Update to the latest version of Router delivery software. ware may not be supported by the ScanRouter delivery soft- the machine. ware. Cannot access the machine us- ScanRouter EX Professional V2 does not support user authen- ing ScanRouter EX Profes- tication.
Page 178: Appendix
8. Appendix Operations by the Supervisor The supervisor can delete an administrator’s password and specify a new one. If any of the administrators forget their passwords or if any of the administrators change, the supervisor can assign a new password. If logged on using the super- visor’s user name and password, you cannot use normal functions or specify de- faults.
Page 179: Logging On As The Supervisor
Appendix Logging on as the Supervisor If administrator authentication has been specified, log on using the supervisor login user name and login password. This section describes how to log on. Press the {Login/Logout} key. AMG044S Press [Enter] for [Login User Name]. Enter a login user name, and then press [OK].
Page 180: Logging Off As The Supervisor
Operations by the Supervisor Logging off as the Supervisor If administrator authentication has been specified, be sure to log off after com- pleting settings. This section explains how to log off after completing settings. Press the {Login/Logout} key. AMG044S Press [Yes]. Changing the Supervisor Press the {User Tools/Counter} key.
Page 181 Appendix Under "Supervisor", click [Change]. Press [Change] for the login user name. Enter the login user name, and then press [OK]. Press [Change] for the login password. Enter the login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK].
Page 182: Resetting An Administrator's Password
Operations by the Supervisor Resetting an Administrator’s Password Press the {Login/Logout} key. AMG044S Log on as the supervisor. You can log on in the same way as an administrator. Press [System Settings]. Press [Administrator Tools]. Press [Program / Change Administrator]. Press [Change] for the administrator you wish to reset.
Page 183: Machine Administrator Settings
Appendix Machine Administrator Settings The machine administrator settings that can be specified are as follows: System Settings The following settings can be specified. ❖ General Features All the settings can be specified. ❖ Tray Paper Settings All the settings can be specified. ❖...
Page 184 Machine Administrator Settings • Default User Name / Password (Send) SMB User Name / SMB Password FTP User Name / FTP Password NCP User Name / NCP Password Password • Program / Change / Delete E-mail Message • Fax E-mail Account ❖...
Page 185: Maintenance
Appendix • Erase All Memory • Transfer Log Setting • Data Security for Copying File Format Converter option must be installed. The DataOverwriteSecurity unit option must be installed. Maintenance The following settings can be specified. ❖ Auto Color Calibration ❖ Color Registration Copier / Document Server Features The following settings can be specified.
Page 186: Facsimile Features
Machine Administrator Settings Facsimile Features The following settings can be specified. ❖ Gen. Settings All the settings can be specified ❖ Scan Settings All the settings can be specified ❖ Send Settings The following settings can be specified • Program / Change / Delete Standard Message •...
Page 187: Printer Features
Appendix Printer Features The following settings can be specified. ❖ List / Test Print All the settings can be specified. ❖ Maintenance • Menu Protect • List / Test Print Lock • 4Color Graphic Mode ❖ System • Print Error Report •...
Page 188: Scanner Features
Machine Administrator Settings ❖ PS Menu All the settings can be specified. ❖ PDF Menu All the settings can be specified. The PostScript 3 unit option must be installed. Scanner Features The following settings can be specified. ❖ General Settings All the settings can be specified.
Page 189: Settings Via Web Image Monitor
Appendix Settings via Web Image Monitor The following settings can be specified. ❖ Top Page • Reset Printer Job • Reset Device ❖ Device Settings • System Spool Printing Protect Printer Operation Panel Output Tray Paper Tray Priority Cover Sheet Tray Slip Sheet Tray •...
Page 190 Machine Administrator Settings ❖ Printer • System All the settings can be specified. • Host Interface All the settings can be specified. • PCL Settings All the settings can be specified. • PS Settings All the settings can be specified. •...
Page 191: Settings Via Smartdevicemonitor For Admin
Appendix Settings via SmartDeviceMonitor for Admin The following settings can be specified. ❖ Device Information • Reset Device • Reset Current Job • Reset All Jobs ❖ User Management Tool The following settings can be specified. • User Page Count •...
Page 192: Network Administrator Settings
Network Administrator Settings Network Administrator Settings The network administrator settings that can be specified are as follows: System Settings The following settings can be specified. ❖ Interface Settings • Network All the settings can be specified. • IEEE 1394 All the settings can be specified. •...
Page 193: Facsimile Features
Appendix Facsimile Features The following settings can be specified. ❖ Send Settings • Max. E-mail Size ❖ Initial Settings • Enable H.323 • Enable SIP • H.323 Settings • SIP Settings • Program/Change/Delete Gateway Scanner Features The following settings can be specified. ❖...
Page 194 Network Administrator Settings • Administrator Authentication Management Network Administrator Authentication Available Settings for Network Administrator ❖ Fax • Send/Reception Settings Maximum E-mail Size • IP-Fax Settings All the settings can be specified. • IP-Fax Gateway Settings All the settings can be specified. ❖...
Page 195: Settings Via Smartdevicemonitor For Admin
Appendix • SNMPv3 All the settings can be specified. • SSDP All the settings can be specified. • Bonjour All the settings can be specified. ❖ Webpage All the settings can be specified. ❖ Security • Network Security All the settings can be specified. •...
Page 196: File Administrator Settings
File Administrator Settings File Administrator Settings The file administrator settings that can be specified are as follows: System Settings The following settings can be specified. ❖ Administrator Tools • Administrator Authentication Management File Management • Program / Change Administrator File Administrator •...
Page 197: Settings Via Web Image Monitor
Appendix Settings via Web Image Monitor The following settings can be specified. ❖ Top Page Reset Printer Job ❖ Document Server All the settings can be specified. ❖ Job • Printer Print Jobs The file administrator can select [Delete], [Delete Password], and [Unlock Job]. The file administrator cannot print files.
Page 198: User Administrator Settings
User Administrator Settings User Administrator Settings The user administrator settings that can be specified are as follows: System Settings The following settings can be specified. ❖ Administrator Tools • Administrator Authentication Management User Management • Program / Change Administrator User Administrator •...
Page 199: Settings Via Web Image Monitor
Appendix Settings via Web Image Monitor The following settings can be specified. ❖ Address Book All the settings can be specified. ❖ Device Settings • Auto E-mail Notification All the settings can be specified. • Administrator Authentication Management File Administrator Authentication Available Settings for File Administrator •...
Page 200: Document Server File Permissions
Document Server File Permissions Document Server File Permissions The authorities for using the files stored in Document Server are as follows: The authority designations in the list indicate users with the following authori- ties. • Read-only This is a user assigned "Read-only" authority. •...
Page 201: The Privilege For User Account Settings In The Address Book
Appendix The Privilege for User Account Settings in the Address Book The authorities for using the address book are as follows: The authority designations in the list indicate users with the following authori- ties. • Read-only This is a user assigned "Read-only" authority. •...
Page 202 The Privilege for User Account Settings in the Address Book ❍ =You can view and change the setting. U =You can view the setting. - =You cannot view or specify the setting. Settings User User Ad- Registered Full Con- ministra- User trol Read-only Edit...
Page 203 Appendix Settings User User Ad- Registered Full Con- ministra- User trol Read-only Edit Edit / De- lete FaxDest. Transmis- ❍ ❍ ❍ ❍ sion For- Facsimile ❍ ❍ ❍ ❍ ❍ Number Interna- ❍ ❍ ❍ ❍ ❍ tional TX Mode ❍...
Page 204: User Settings
User Settings User Settings If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. ❍ =You can view and change the setting. U =You can view the setting.
Page 205 Appendix Tab Names Settings Menu Protect Level 1 Level 2 ❍ ❍ Reproduction Shortcut R/E Ratio ❍ ❍ R/E Ratio ❍ ❍ R/E Ratio Priority ❍ ❍ Ratio for Create Margin ❍ ❍ Edit Front Margin: Left/Right ❍ ❍ Back Margin: Left/Right ❍...
Page 206 User Settings Tab Names Settings Menu Protect Level 1 Level 2 ❍ ❍ Stamp Back- Size ground Density Num- ❍ ❍ bering ❍ ❍ Preset Stamp Position: COPY Stamp ❍ ❍ Stamp Position: URGENT ❍ ❍ Stamp Position: PRIORITY ❍ ❍...
Page 207 Appendix Tab Names Settings Menu Protect Level 1 Level 2 ❍ ❍ Date Font Stamp Stamp ❍ ❍ Size ❍ ❍ Superimpose ❍ ❍ Stamp Color ❍ ❍ Stamp Setting ❍ ❍ Stamp Page Stamp Format Num- ❍ ❍ Font bering ❍...
Page 208: Printer Functions
User Settings Printer Functions The default for [Menu Protect] is [Level 2]. ❖ Normal Printer Screen Functions Menu Protect Level 1 Level 2 ❍ ❍ ❍ Print Jobs ❖ Printer Features Tab Names Settings Menu Protect Level 1 Level 2 ❍...
Page 209 Appendix Tab Names Settings Menu Protect Level 1 Level 2 ❍ Host Interface I/O Buffer ❍ I/O Timeout ❍ PCL Menu Orientation ❍ Form Lines ❍ Font Source ❍ Font Number ❍ Point Size ❍ Font Pitch ❍ Symbol Set ❍...
Page 210: Scanner Features
User Settings Scanner Features The default for [Menu Protect] is [Level 2]. Tab Names Settings Menu Protect Level 1 Level 2 ❍ ❍ Destination List Destination List Priority 1 Settings ❍ ❍ Destination List Priority 2 ❍ ❍ Select Title ❍...
Page 211: Facsimile Features
Appendix Facsimile Features The default for [Menu Protect] is [Off]. Names Settings Menu Protect Level 1 Level 2 ❍ ❍ Environment Quick Operator Key 1-3 Settings ❍ ❍ Switch Title of Quick Dial Table ❍ ❍ Search Destination ❍ ❍ Adjust Sound Volume ❍...
Page 212 User Settings Names Settings Menu Protect Level 1 Level 2 ❍ Initial Settings Parameter Setting ❍ ❍ Parameter Setting:Print List ❍ Program Closed Network Code ❍ Program Memory Lock ID ❍ Internet Fax Settings ❍ Program Fax Information ❍ Enable H.323 ❍...
Page 213: System Settings
Appendix System Settings The settings available to the user depend on whether or not administrator au- thentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. Tab Names Settings Admin-...
Page 214 User Settings Tab Names Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ Tray Paper Settings Paper Tray Priority: Copier ❍...
Page 215 Appendix Tab Names Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ Inter- Network Machine IPv4 Address face Set- ❍...
Page 216 User Settings Tab Names Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ Inter- IEEE IP Address face Set- 1394...
Page 217 Appendix Tab Names Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ File Transfer Delivery Option ❍...
Page 218 User Settings Tab Names Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. Administrator Address Book Management Tools Address Book: Program / Change / Delete Group Address Book: Program / Change / Delete...
Page 219: Web Image Monitor Setting
Appendix You can only specify the password. The IEEE1394 interface board option must be installed. The IEEE802.11b interface unit option must be installed. File Format Converter option must be installed. The IEEE 1284 interface board option must be installed. The data overwrite security unit option must be installed. Web Image Monitor Setting ❖...
Page 220 User Settings Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ Paper Paper Size ❍...
Page 221 Appendix Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ E-mail Administrator E-mail Address ❍...
Page 222 User Settings Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ E-mail E-mail Notification E-mail Address ❍...
Page 223 Appendix Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ On-demand E- Notification Subject mail Notifica- ❍...
Page 224 User Settings Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ User Authenti- User Authentication Management cation Manage- User Code Authentication - Printer Job Au- ❍...
Page 225 Appendix ❖ Printer The default for [Menu Protect] is [Level 2]. Category Settings Menu Protect Level 1 Level 2 ❍ System Print Error Report ❍ Auto Continue ❍ Memory Overflow ❍ Memory Usage ❍ Duplex ❍ Copies ❍ Blank Page Print ❍...
Page 226 User Settings Category Settings Menu Protect Level 1 Level 2 ❍ Duplex PS Settings ❍ Blank Page Print ❍ Data Format ❍ Resolution ❍ Resolution PDF Settings ❍ PDF Temporary Password ❍ PDF Fixed Password ❍ PDF Group Password The PostScript 3 unit option must be installed. ❖...
Page 227 Appendix Category Settings Menu Protect Level 1 Level 2 ❍ ❍ IP-Fax Settings Enable H.323 ❍ ❍ Enable IP-Fax Gatekeeper ❍ ❍ Gatekeeper Address(Main) ❍ ❍ Gatekeeper Address(Sub) ❍ ❍ Own Fax No. ❍ ❍ Enable SIP ❍ ❍ Enable SIP Server ❍...
Page 228 User Settings ❖ Interface The settings available to the user depend on whether or not administrator au- thentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. Category Settings Admin-...
Page 229 Appendix ❖ Network The settings available to the user depend on whether or not administrator au- thentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. Category Settings Admin-...
Page 230 User Settings Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ IPv4 Host Name ❍...
Page 231 Appendix Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ IPv6 IPv6 Address ❍ ❍...
Page 232 User Settings Category Settings Admin- Administrator au- istrator thentication has authen- been specified. tication "Availa- "Availa- has not ble Set- ble Set- been tings" tings" speci- has not fied. been been speci- speci- fied. fied. ❍ ❍ AppleTalk AppleTalk ❍ ❍...
Page 233: Functions That Require Options
Appendix Functions That Require Options The following functions require certain options and additional functions. • Hard Disk overwrite erases function DataOverwriteSecurity unit • Data security for copying function Copy Data Security Unit • PDF Direct Print function PostScript unit...
Page 234: Index
INDEX Access Control , 130 Fax , 181 , 185 , 217 Access Permission , 87 File Administrator , 12 , 119 , 191 Address Book , 190 File Creator (Owner) , 4 Address Management Tool , 190 File Transfer , 174 , 183 Adjust Color Image , 176 Full Control , 191 , 192 Administrator , 4...
Page 235 Operational Requirements Scan Settings , 177 , 179 for Windows Authentication , 42 Security , 186 Owner , 191 Send/Reception Settings , 181 Send Settings , 177 , 179 , 184 Service Mode Lock , 160 Settings by SNMP v1 and v2 , 155 Parallel Interface , 174 SIP Settings , 184 Parameter Settings , 181...
Page 236 Type for C2525/DSc525/LD425c/Aficio MP C2500 Type for C3030/DSc530/LD430c/Aficio MP C3000 Type for C2525g/DSc525g/Aficio MP C2500G Type for C3030g/DSc530g/Aficio MP C3000G Printed in China !%'%) EN USA B230-7907A...

This manual is also suitable for:

Dsc530 Dsc525g Dsc530g C2525 C3030 C2525g ... Show all

Gestetner DSc525 Security Manual

Manuals for this Machine

How to Read this Manual

1 Getting Started

Enhanced Security

Security Measures Provided by this Machine

2 Authentication and Its Application

Administrators and Users

The Management Function

Enabling Authentication

Administrator Authentication

User Authentication

If User Authentication Is Specified

3 Preventing Information Leaks

Guarding against Unauthorized Copying

Printing a Confidential Document

Specifying Access Permission for Stored Files

Preventing Data Leaks Due to Unauthorized Transmission

Protecting the Address Book

Deleting Data on the Hard Disk

4 Managing Access to the Machine

Preventing Modification of Machine Settings

Menu Protect

Limiting Available Functions

Managing Log Files

5 Enhanced Network Security

Preventing Unauthorized Access

Encrypting Transmitted Passwords

Protection Using Encryption

6 Specifying the Extended Security Functions

Changing the Extended Security Functions

Other Security Functions

Limiting Machine Operation to Customers Only

7 Troubleshooting

Authentication Does Not Work Properly

8 Appendix

Operations by the Supervisor

Machine Administrator Settings

Network Administrator Settings

File Administrator Settings

User Administrator Settings

Document Server File Permissions

The Privilege for User Account Settings in the Address Book

User Settings

Functions that Require Options

Index

Quick Links

Operating Instructions

Related Manuals for Gestetner DSc525

Summary of Contents for Gestetner DSc525