HP Printing Security Best Practices User Manual

Technical white paper
HP Printing Security Best Practices for HP FutureSmart Products
Configuring a Printer Securely in HP Web Jetadmin 10.4
Version 2.5
Table of Contents
Introduction 2
Threat Model 5
Advanced Security for Multiple HP Devices 41
Settings List 50
Default Settings 52
Physical Security 61
Appendix 1: Glossary of Terms and Acronyms 62
Appendix 2: Products supported by this checklist 64
Introduction
This document is a security checklist for the HP FutureSmart products (see Appendix 2 for full list of products).
This checklist is written for acceptance by the National Institute of Standards and Technology (NIST).
This checklist is meant for trained network administrators who use HP Web Jetadmin version 10.4 or above in enterprise networks. It includes step-by-step instructions to configure one or more printing products on a network.
This checklist assumes that network administrators are familiar with HP Web Jetadmin and management of HP MFPs and printers. Network administrators should be familiar with the Embedded Web Server (EWS), HP Jetdirect, and firmware upgrades for Jetdirect and printing products. Refer to the User Guides and the HP Jetdirect Administrator Guide for more information. You can find these documents and more information by searching at hp.com.
HP Web Jetadmin is the recommended management tool for all HP network printing and digital sending products. It handles all settings recommended for best security in this document and much more. It is available free for download and installation at the following location:
http://www.hp.com/go/webjetadmin
You can also find HP Web Jetadmin by searching for it at hp.com.
This checklist applies to most types of networks; however, it is developed and tested in the following environment:
An ordinary TCP/IP network
HP Web Jetadmin Version 10.4 installed on one of the follow OS:
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows 7 SP1 (64-bit edition only)
Client management PC using one of the following OS with Microsoft Internet Explorer 8, 9, 10, or 11:
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows 8.1
Microsoft Windows 8
Microsoft Windows 7 SP1
One of each supported HP Enterprise product with the latest updated firmware found at hp.com
2
We developed the process for configuring this checklist using HP Web Jetadmin to manage all the printing products at the same time.
This checklist covers only those parts of HP Web Jetadmin that pertain to appropriate security settings. See the user guides, admin guides, and help files for information on other configurations.
Cautions
HP is dedicated to providing the best and latest security information available for MFPs. This checklist is meant to help you to improve printing security in your workplace. HP has tested this checklist to ensure that printers continue to provide the best possible performance while averting possible security threats; however, some of these settings can cause unexpected problems in your environment especially if you are using custom print solutions. Please be aware of the following cautions before you begin:
Follow the Checklist in Order
The settings in this checklist are presented in a specific order to ensure success. Many of these security settings can be configured successfully only in the correct order. You should follow the instructions in this checklist exactly and avoid making additional configurations during this process. Other settings can disrupt the order and cause unexpected results.
Understand the Ramifications
HP Web Jetadmin and Enterprise printers include a wide variety of useful settings designed to make work easier and more productive. However, raising the level of security may require sacrifices in these areas. Be aware that applying this checklist will limit or even eliminate some of these features. See the Ramifications chapter for more information.
HP provides this checklist as a guide to best-practice security configurations that allow for reasonable convenience and usability. Some of the recommended settings create extra steps when accessing and managing HP Enterprise Printers. For instance, once you disable EWS configuration, you cannot access it again until you re-enable EWS configuration from HP Web Jetadmin.
These settings are tested in a variety of conditions and using various combinations of simulated customer environments. Testing includes configuring all of the Enterprise products at the same time and verifying that the affected features continue to function. However, it is impossible to test these configurations in all possible network environments. You should test these settings in your environment to ensure that you understand their effects. You may find that some of the settings cause undesirable limitations. See the Ramifications section for further information and cautions.
Continue to be Vigilant
This checklist is provided only as a complementary guide to known best practices for increasing Enterprise product security. HP does not claim or warrant that these configurations prevent misuse of Enterprise products or networks or that they prevent malicious attacks on Enterprise products or networks. Use this document at your own risk.
MFP Environment
NIST defines several types of user environments, many of which are compatible with HP LaserJet and Color LaserJet Enterprise products. However, this checklist applies for HP devices in an enterprise environment or a small to medium business environment. These environments use most of the network features available with HP products. Configuration of the NIST checklist in this document primarily uses HP Web Jetadmin unless a security feature can only be configured using the EWS. You should configure as much of this checklist as possible while adapting the settings to your specific situation.
Assumptions
This checklist makes some assumptions about network administrators and about enterprise environments:
Network administrators: This checklist assumes that readers are trained network administrators who are familiar with
common networking practices such as configuring HP Jetdirect connections and using HP Web Jetadmin. Administrators should have read the HP product User Guide, the Administrator guide, the Jetdirect administrator guide; Web Jetadmin user guides, and help files. This checklist relies on these materials for necessary information. All of these guides are available by searching for them at hp.com.
Enterprise products: This checklist covers security settings for specific HP devices outlined at the beginning of this
document. It is meant to enable you to configure multiple devices simultaneously. It assumes that the devices are turned on, connected to the network, and in the factory default state.
Most of the settings recommended in this checklist apply to other HP printers and devices; however, this checklist is tested and known to be successful only with the specified device models.
Updated firmware: This checklist assumes that each device has updated system firmware and Jetdirect firmware (if a
Jetdirect product is in use). You should use the latest firmware available, but realize that updated firmware may have new features not covered in this checklist. Updated firmware is available for download and installation at hp.com.
Web Jetadmin Version 10.4: This checklist is written for use with HP Web Jetadmin Version 10.4 and above.
Enterprise environment: This checklist is created and tested in a TCP/IP enterprise environment. However, most of the
settings are applicable to any network.
Network connection: This checklist assumes that each device is connected directly to a local area network via Jetdirect or
Jetdirect inside (JDI) internal network port. Other connections, such as direct-connect via USB are not covered in this checklist (this checklist recommends disabling direct-connect ports).
Settings are only suggested: All settings in this checklist are meant only as suggestions for best-practice security in
common enterprise environments. Use it as a reference, and make judgments about each recommended setting before configuring your Enterprise products.
Internet and intranet security: This checklist assumes that your network includes basic security configurations and
components. All MFPs should be installed behind network firewalls and other standard tools such as updated virus protection applications.
Solutions covered
This checklist covers MFP security settings found in HP Web Jetadmin. This checklist covers no other solutions or applications.
Organization
This checklist includes the following chapters:
Threat Model: The Threat Model chapter explains the security circumstances relating to MFPs. It follows the Microsoft®
STRIDE model.
Basic Network Security for Multiple HP Devices: The Network Security for Multiple MFPs chapter provides step-by-step
instructions for configuring MFP security settings.
Advanced Security for Multiple HP Devices: The Advanced Security for Multiple HP Devices provides some limited
information on where to find configuration settings in WJA for advanced network configurations.
Settings List: The Settings List chapter provides a bulleted list of the recommended settings with checkboxes. It does not
include instructions or explanations.
Default Settings: The Default Settings chapter lists each recommended setting with its corresponding default setting.
Ramifications: The Ramifications chapter explains the possible limitations implied with each recommended setting.
Physical Security: The Physical Security chapter explains security concerns in workplaces where MFPs are installed. It
covers security for picking up print jobs, copying, and scanning. This section includes suggestions for securing the locations where MFPs are installed and for securing MFP internal hardware.
Appendix 1: Glossary and Acronyms
Appendix 2: HP FutureSmart products
4
Threat Model
This section explains the types of security risks involved with operating MFPs in enterprise environments.
As technology improves, malicious people (hackers) continue to find new ways to exploit networks. They are beginning to target MFPs and other network peripherals to misuse resources or to gain access to networks or the internet. Predicting the actions of a hacker is difficult, but HP is dedicated to research in this area. This checklist represents some of HP's efforts to ensure that you can use HP MFPs with confidence; however, you should continue to be ware and always remain vigilant. Use other techniques with this checklist to help ensure that your network is resistant to compromise.
NOTE:
This is not a comprehensive treatment of these issues. This chapter is only an introduction to the types of threats known to affect network MFPs.
The Microsoft STRIDE model provides a valuable outline to categorize these known types of threats:
Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
The following sections explain how each type of threat relates to MFPs:
Spoofing Identity
Spoofing identity is masquerading as someone else to fool others or to get unauthorized access. Here are some ways spoofing identity can relate to MFPs:
Placing another person's email address in the ‘From:’ address field of an email message. Example: Someone could place
the address of a co-worker in the ‘From:’ address field and send embarrassing or malicious messages to others as though the co-worker wrote them.
Using another person's email credentials to log in to the email server to gain access to address books Using another person's email credentials to have free use of an email service Using another person's email credentials to view that person’s email messages Using another person's log on credentials for access to use MFPs or networks Using another person's log on credentials for administrative access to MFPs
You can minimize the risks from identity spoofing in the following ways:
Protect the ‘From:’ address field in the MFP Digital Sending and Fax configurations. Protect MFP disk access. Configure authentication. Configure the administrator password. Configure SNMPv3.
Tampering with Data
Tampering with data can include any method of changing, destroying, or adding to information that is flowing to or from a device or stored on it. Here are some ways tampering with data can relate to MFPs:
Canceling another person's job. Someone could use a remote access tool to cancel pending jobs. The person who sent a
cancelled job gets no warning; only part or none of the job is printed.
Intercepting a print job before it reaches the device, altering it, and sending it on to the device. Intercepting remote configuration data, such as communications between Web Jetadmin and the device, to get passwords
and other information
You can minimize the risks from data tampering in the following ways:
Disable Cancel Job button. Disable Go (Pause) button. Configure SNMPv3. Prevent unnecessary remote access: close down all unused ports and protocols. Set the PJL and File System password. Configure HTTPS for EWS access.
Repudiation
Repudiation is using an MFP without leaving usage information. This includes preventing the MFP from logging data or bypassing security checks such as user authentication. This also includes finding ways to use an MFP without paying by bypassing job accounting software. Here are some ways repudiation can relate to MFPs:
Accessing usage logs to delete entries Removing origination information from file metadata Bypassing user authentication Using remote management software to access the MFP
You can minimize the risks of repudiation in the following ways:
Enable embedded IPsec to encrypt the data stream to include log data and file metadata Close unused ports and protocols. Save copies of log data at a separate location Add security solutions such as smartcard, swipe-card and thumbprint readers
Information Disclosure
Information disclosure is gathering information from an MFP and providing it to unauthorized users. This can include authentication information, usage log information, or information from the contents of a job. Such data stored on your hard drive is considered ‘at rest’ while data being transmitted by your MFP device is considered ‘in transit’. Here are some ways information disclosure can relate to an MFP:
Reading stored print jobs on the MFP hard drive. Downloading log information Downloading address books
6
Intercepting print jobs, copy jobs, fax jobs, or digital send jobs (such as email).
You can minimize the risks of information disclosure in the following ways:
Enable IPsec to protect data in transit. Use hardware encryption to protect data at rest. Some devices may include an encrypted disk. If not, you can add an HP
Secure Hard Disk accessory to protect data stored on your MFP. (Look for this product at hp.com or contact your HP product supplier).
Close unused ports and protocols. Configure all possible password settings. Configure authentication. Configure SNMPv3 for Web Jetadmin. Disable viewing of job information on the EWS information tab
Denial of Service
Denial of service is any type of interference with normal use of an MFP. This can include any of the following:
Canceling or pausing the print jobs of others Turning off the MFP remotely Disconnecting power to the MFP Removing the MFP formatter board Disconnecting the MFP from the network Causing interference with network communication to the MFP Changing the network location of the MFP Causing an error state that interrupts service Changing access configurations
Here are some methods of minimizing opportunities for denial of service on an MFP:
Lock the control panel by configuring Access Controls. Lock EWS configuration settings. Close unused ports and protocols. Disable controls such as the Job Cancel button and the Go button. Enable the resume feature to allow the MFP to resume operations after an error state. Configure Job Timeout. Control physical access to the MFP. Lock physical access to removable hardware.
Elevation of Privilege
Elevation of privilege is any method of upgrading authorized access to include unauthorized access. This can be any of the following:
Non-administrators changing settings to get administrator privileges Unauthorized use of management software to provide access for other unauthorized users Using management software to bypass job accounting functions
Here are some methods of minimizing opportunities for elevation of privilege:
Configure the administrator (device) password. Configure the PJL password. Configure SNMPv3 and HTTPS. Lock available control panel menus by configuring user access
8
Basic Network Security for Multiple HP Devices
This chapter explains how to configure security settings for one or more printers using HP Web Jetadmin. It assumes that you have taken or plan to take reasonable steps to secure the network environment in which your MFPs are operating. This includes configuring network firewalls and providing up-to-date virus controls. If you need help doing this or are looking for information on ACL, Kerberos, PIN authentication, LDAP, or Solutions please refer to the chapter on Advanced Security before continuing.
Notes on the Process of Configuration
This checklist covers all relevant security settings available for both printers and MFPs. Testing shows that this combination of settings is successful in the most common network environments as long as the settings are executed in the correct order.
After each setting in the checklist is applied, it is important that you verify configuration to ensure this order is maintained. If a setting was not applied, attempt to set that setting again. If you have further issues with a particular configuration item, you can try using the individual configuration pages, or setting that item through the EWS if available.
Keep in mind that every network is different. Configuring an MFP for your network may require adjustments to this configuration. Be aware of your network environment and consider the right configurations for your situation.
Also, keep in mind that each model of MFP may have unique sets of available settings. For instance, LaserJet (black and white only) MFPs do not provide settings to restrict color printing. However, Web Jetadmin lists the aggregate of all possible settings for all MFPs you are managing. You can select settings for all MFPs, and each individual MFP will accept configurations according to its capabilities and ignore settings that do not apply.
All of the settings in this chapter are found in HP Web Jetadmin, and you should use Web Jetadmin to complete them. If possible, try to complete all of the steps in the correct order.
Tip:
Use a printout of the Settings List chapter to check off each item as you go along.
Using Web Jetadmin and Printer Passwords
Web Jetadmin is a powerful tool that allows you to manage any number of MFPs and printers. It provides the ability to configure a wide variety of features and services on the network. Without proper security, Web Jetadmin allows malicious users the same conveniences for attacking your network. Thus, configuring security features and passwords and updating them regularly for Web Jetadmin and MFPs is important to network security.
This involves several passwords that limit access to important areas of the printer or MFP. When you attempt to make changes to configurations, the printers and MFPs will require all applicable passwords. Web Jetadmin keeps an encrypted cache of all of these passwords for each MFP whenever they are configured or used. However, sometimes the cache can lose track of some credentials. Thus, you should keep a log of the passwords in a safe place. Web Jetadmin will prompt for passwords during the configuration process if they are missing from the cache.
CAUTION:
Losing passwords can block access to an MFP. Be careful to record them in a safe place.
Here is a list of the passwords you should configure:
Web Jetadmin password (required during installation of Web Jetadmin) SNMPv3 credentials EWS Password (applies to the EWS, JetDirect networking, and FTP) PJL password
Use good practices for setting and updating passwords (some of the password settings have limitations on what and how many characters may be used):
Use alpha, numeric and special characters whenever possible. For numeric only passwords use passwords with at least nine digits. Use a different password for each password setting. Many of the latest password cracking tools can follow patterns to make
guessing easier.
Avoid using a pattern for passwords. Change the passwords often with the exception of your HP Secure Hard Disk password. Changing your HP Secure Hard Disk
password (Drive Lock Key) causes a loss of all data on your disk and system security settings
Use the maximum number of possible characters. Many of the password settings will accept as few as one character, but one
character is easy to guess. Current data shows that nine characters or more are extremely difficult or almost impossible to guess using the latest password cracking tools.
Use complicated passwords. Use a variety of character types. Some of the passwords allow only numeric digits, but others can
accept 96 or more different characters (upper case, lower case, numeric, special characters, and punctuation marks).
Use meaningless random passwords. Passwords that are real words or phrases are easier to guess. The latest password
cracking tools follow dictionaries to narrow down the possibilities.
Record the passwords in a safe but hidden place. The passwords are designed to restrict access to management options on the
MFPs. Losing a password can eliminate your access to settings. This is most important for the Bootloader Password. The Bootloader Password is a permanent setting that can never be changed or reset without the correct password.
Getting Started
This section provides instructions for configuring HP printers for best-practice security. All of these settings are presented for HP Web Jetadmin Version 10.4 or later.
Note:
If you are setting this checklist for a group of several printers at once, Web Jetadmin will display all supported settings for all the MFPs it is managing, even though some of the MFPs may not support all of these settings. Each MFP ignores settings that do not apply to it and continues without issues. For instance, color settings are ignored for a non-color MFP.
For the same reason, some of the settings may not appear in HP Web Jetadmin if none of your MFPs supports them. Web Jetadmin displays only the options that apply to the MFPs you are managing. For instance, color settings will not appear if none of your MFPs has color. Ignore recommendations in this checklist if they do not appear on your Web Jetadmin screen.
Before you begin, be sure to install HP Web Jetadmin Version 10.4 or later, and have it working in your network environment. You can find Web Jetadmin free for download and installation at the following location on hp.com:
http://www.hp.com/go/webjetadmin
Be sure to update Web Jetadmin Version 10.4 or later with the latest upgrades available from HP. See the HP Web Jetadmin Update page in the Product Update, Install menu.
Note:
This checklist was written using screenshots from Web Jetadmin 10.4
10
Setting up HP Web Jetadmin
Follow these instructions to prepare Web Jetadmin for configuring the MFPs:
Open Web Jetadmin to view the device list (
Figure 1) that appears by default.
Figure 1: Web Jetadmin showing the device list on the default view.
Check to see that the print devices you wish to configure appear in the Device Model List. If they are not in the list, use the Discovery options to find the print devices on your network.
Note:
This checklist does not include details on print device discovery. See Web Jetadmin user guidance for more information. In most cases, the devices will already appear in the default view of Web Jetadmin. It is possible for Web Jetadmin to lose contact temporarily with a device that is configured for DHCP. Use the Discovery options to restore contact or configure the devices with static IP addresses.
Hold down the CTRL key and click to select the printers or MFPs to configure in the Device List view (Figure 2).
Figure 2: The Device List showing multiple devices selected.
Note:
Remember that the steps in this checklist are for the specified HP LaserJet and Color LaserJet MFPs. Other devices may appear in the Device Model list, and it may be possible to configure them using this process, but the results may vary.
Click the Config tab in the lower half of the Device List view to show settings available for configuration (Figure 3).
Figure 3: The Config tab displays settings available for configuration.
Tip:
If you are having a problem configuring a setting, try configuring it using the individual device’s configuration page. You can also attempt to configure the setting using the EWS of the device.
Sometimes Web Jetadmin can lose track of device credentials. If this happens, some settings might fail. Clear the Web Jetadmin Device Cache (see Web Jetadmin Help) and re-enter the device credentials.
The next step is to ensure that any installed HP Secure Hard Disks are configured:
Configuring HP Secure Hard Disk
If you have an HP Secure Hard Disk installed, you need to verify data encryption is enabled. Encryption is enabled by default for products and hard drive accessories.
WARNING: If your HP Secure Hard Disk is not already configured to encrypt your data, consult your documentation to resolve this
issue. Failing to configure your HP Secure Hard Disk before starting this checklist will reset all security settings to factory defaults and require you to repeat this checklist again when you configure the drive.
Follow these steps to use Web Jetadmin to verify your HP Secure Hard Disk is installed and configured:
1. Select the device you want to verify has an encrypted disk and select the Storage tab. Select the device in the device list and mouse over the Storage Media Column.
2. Examine the storage media data available in the pop-up it should show that the hard drive is enabled, and the encryption status should be “Encrypted.”
12
Figure 4: Shows the Storage Media pop-up details.
Figur
e 4 is an example of a disk that has not the Secure Hard Disk Accessory installed. The Highlighted line is the hard disk. The other listed disk is the original memory module which is no longer being used for customer data. As such it is listed as No Encrypted Disk. If the product does not have an accessory, the memory will show as shown in Figure 5.
Figure 5: Shows the memory of a printer without a hard drive showing status of Not Encryptable
F
ollow these steps to use the EWS to verify your HP Secure Hard Disk is installed and configured:
1. Go to the EWS for each print device and select the Security tab. (Figure 6).
Figure 6: Shows the content of the Security tab of your devices EWS.
2. Select Protect Stored Data from the left-hand menu list to view the Protect Stored Data Page (Figure 7).
Figure 7: Shows the Protect Stored Data settings page in the EWS.
3. In the Hard Disk Status section of the Protect Stored Data page, you can see the Encryption Status for that device. If you see a green checkmark, the device is encrypting your data properly (Figure 8).
Figure 8: Shows the Hard Disk Status a green check means an encrypted disk is Installed and Encrypted.
Note:
If your MFP is reporting an installed HP Secure Disk but its status is anything other than Encrypted it is recommended you resolve the issues with your HP Secure Disk before continuing this checklist. If you do not you may need to re-apply the entire checklist to the MFP.
The next step is to configure secure communications between HP Web Jetadmin and the MFPs:
Configuring SNMPv3
SNMPv3 provides encryption for communication between Web Jetadmin and MFPs. It helps to ensure that only authorized and authenticated administrators have access to the configuration settings of the MFPs. It also helps to ensure that no one can gather sensitive information, such as passwords, usernames, and other codes, over the network while you are configuring the MFPs.
Note:
It is best to configure SNMPv3 by itself to ensure that the settings save properly.
14
Follow these steps:
Click Security in the Configuration Categories menu (Figure 9) to view the options for configuration. From the Security Options select SNMP Version Access Control.
Figure 9: The Security category and SNMP Version Access Control settings.
On the SNMP Version Access Control menu and select the Enable SNMPv3 checkbox (Figure 10).
Figure 10: Shows Enable SNMPv3 selected.
Once Enable SNMPv3 has been selected, and fill in the New User, the New Authentication Passphrase, and the New Privacy Passphrase fields (Figure 11) in the New SNMPv3 Credential section. See below for details.
Figure 11: The Enable SNMPv3 option has been selected and the New SNMPv3 Credential section is complete.
The New User Name field can be any name you choose.
The New Authentication Passphrase field can be any word or phrase that is at least 9 alphanumeric characters.
The New Privacy Passphrase field can be any word or phrase that is at least 9 alphanumeric characters.
CAUTION:
These instructions are for the initial configuration of SNMPv3. Once you finish this configuration, your devices will require these credentials whenever anyone attempts to access settings over the network. Be sure to remember these credentials and provide them only to authorized users. If these credentials are forgotten, the only way to restore communication between HP Web Jetadmin and the print devices is to restore them to factory default settings.
Web Jetadmin retains the SNMPv3 credentials for each device, and it will not prompt for them as long as the settings remain the same. You can clear the Web Jetadmin Device Cache to cause Web Jetadmin to require the credentials again. Web Jetadmin stores the SNMPv3 credentials in an encrypted form.
Scroll down to the SNMPv1 Settings section, and select SNMPv1 disabled (Figure 12).
Figure 12: The SNMP Version 3 Only setting.
This setting limits all SNMP configuration communication to only SNMPv 3. Once applied your devices will not allow SNMPv1 SET and SNMPv2 GET.
Choose Apply at the bottom of the SNMP Version Access Control configuration to apply the settings to the selected devices. If
your configuration is not successful, you can click the Details button for more information on why the configuration failed.
16
Now, whenever you click Apply to configure settings, the MFP or other device will check for the SNMPv3 credentials.
Note:
For convenience, Web Jetadmin stores the credentials for each device in an encrypted format. However, Web Jetadmin may still prompt you for credentials on occasion so remember the passwords you set.
Click Done to exit the Configure Devices dialogue and continue with this checklist.
Configuring Device Settings
The Device category includes settings that affect some of the normal use of the print device. The following settings affect how jobs are stored, and how long your print device will wait before a job times out in a particular way.
Click the Device category on the Config tab, to view the following configuration options:
I/O Timeout to End Print Job
The I/O Timeout to End Print Job allows you to specify the amount of time a device should wait between packets before canceling a job. Setting this timeout will help prevent jobs formed or sent incorrectly from tying up a print resource. To set this timeout follow the instructions below.
From the Device category select the I/O Timeout to End Print Job menu (Figure 13). Click checkbox to enable the I/O Timeout to End Print Job setting and select a reasonable time the print device should wait between data packets.
Figure 13: The I/O Timeout to End Print Job options.
Input Auto Continue Timeout
The Input Auto Continue Timeout allows you to specify the amount of time a device should wait before performing the default action when the specified media size for a job is not available. Setting this timeout will help prevent jobs sent with improper paper or media selections from tying up a print resource. To set this timeout follow the instructions below.
From the Device category, select the Input Auto Continue Timeout menu.
Click checkbox to enable the Input Auto Continue Timeout setting and select a reasonable time the print device should wait between data packets.
Figure 14: The Input Auto Continue Timeout options.
Job Hold Timeout
From the Device category select the Job Hold Timeout menu (Figure 15). Click checkbox to enable the Job Hold Timeout (Figure 15) setting and select a reasonable time for printing. This ensures that stored copy and print jobs on the MFP are erased after a reasonable time.
Figure 15: The Job Hold Timeout options.
Job Retention
From the Device category select Job Retention (Figure 16). Click checkbox to select Job Retention and select Enabled.
Figure 16: The Job Retention options.
This allows users to store print jobs for printing at their discretion (when they can be present to control the printouts and keep them from view).
18
Job Storage Limit
The Job Storage Limit allows you to specify the maximum number of stored jobs allowed on the printer. You will want to choose a number of jobs that is appropriate for your print devices and print usage in your environment. This setting can protect your printer from accepting more print jobs than it can effectively store.
From the Device category select the Job Storage Limit menu (Figure 17). Click checkbox to enable the Job Storage Limit setting and select the number of allowable Stored Jobs.
Figure 17: The Job Storage Limit options.
Apply the Changes
Click the Apply button located in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 18).
Figure 18: The Configure Devices dialogue box.
Review your settings and then click the Configure Devices button to execute the configuration.
Configuring Network Settings
The Network category on the Device tab provides options that relate to Jetdirect Print Servers. The security features you will be configuring restrict what methods are available for communication with your MFP over the network. Follow the instructions below to view and configure these options.
Click the Network category on the Config tab to expand the configuration options (Figure 19).
Figure 19: The Network Category.
e- Print and HP Web Services Settings
This option enables, disables or configures the ePrint feature on a device. It also allows you to enable, disable or configure HP Web Services and applications on your device. You can allow ePrint via Email or Simple Internet Printing. Unless e-Print, HP Web Services, or other applications are a critical part of your print environment we recommend disabling these features. If you are using the e-print enterprise server and not the HP cloud for e-print, you should refer to your administrators guide for any special settings that may be required to secure your solution.
Click to select e-Print Settings (Figure 19), and clear the checkboxes to Disable.
Figure 20: Disable HP ePrint, HP Web Services, and Apps
Error Handling
The Error Handling option (Figure 21) specifies how the Jetdirect Print Server handles error conditions. The settings are:
Dump then Reboot does a memory dump them reboots. Reboot Without Dump reboots without dumping memory. Dump then Halt does a memory dump but does not do a reboot; operations are halted.
20
Loading...
+ 45 hidden pages