2.7IC card information Setting Function.......................................................................................... 2-18
2.8Changing the Administrator Password....................................................................................... 2-20
2.9Erasing data when the machine is to be discarded or use of a leased machine is
2.9.1Setting the Overwrite All Data.......................................................................................................... 2-22
2.9.2Setting the SSD Low-level Format................................................................................................... 2-25
2.9.3Setting the Restore All ..................................................................................................................... 2-26
2.10SSL Setting Function .................................................................................................................... 2-27
2.13.1Setting the IP Address ..................................................................................................................... 2-35
2.13.2Registering the DNS Server ............................................................................................................. 2-35
2.14NetWare Setting Function ............................................................................................................ 2-36
Accessing from the TWAIN driver.................................................................................................... 4-12
bizhub 42/36Contents-2
1
Security
1.1Introduction
1Security
1.1Introduction
Thank you for purchasing our product.
This User's Guide contains the operating procedures and precautions to be used when using the security
functions offered by the bizhub 42/36 machine. To ensure the best possible performance and effective use
of the machine, read this manual thoroughly before using the security functions. The Administrator of the machine should keep this manual for ready reference. The manual should be of great help in finding solutions to
operating problems and questions.
This User's Guide (Ver. 1.03) describes bizhub 42/ bizhub 36/ineo 42/ineo 36 Multi Function Peripheral Control Software (Controller Firmware: A3EW30G0224, Boot Control Section: A3EW99G0010000).
Compliance with the ISO15408 Standard
When the Enhanced Security Mode on this machine is set to [ON], more enhanced security functions are
available.
The security functions offered by the bizhub 42/36 machine comply with ISO/IEC15408 (level: EAL3).
1
Operating Precautions
The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a
wrong entry is made during operation of the machine. (No "peep" alarm sound is issued if a specific sound
setting in Sound Setting of Accessibility Setting is set to [No].) If the alarm message or alarm sound is given,
perform the correct operation or make the correct entry according to the instructions given by the message
or other means.
The Administrator of the machine should not leave the machine with the setting screen left displayed after
the access to that mode is completed or in the middle of the mode. If it is absolutely necessary to leave the
machine, the Administrator of the machine should log off from the mode.
The Administrator of the machine should make sure that each individual general user logs off from the current
mode whenever the access to that mode is completed or if the user leaves the machine in the middle of the
mode with the mode screen left displayed.
To prevent settings of the machine from being duplicated, the Administrator of the machine should not attempt to change the settings in a condition of having logged onto a mode simultaneously from the control
panel and the client PC.
bizhub 42/361-2
1.1Introduction
INSTALLATION CHECKLIST
This Installation Checklist contains items that are to be check by the Service Engineer installing this machine.
The Service Engineer should check the following items, then explain each checked item to the Administrator
of the machine.
To Service Engineer
Make sure that each of these items is properly carried out by checking the box on the right of each item.
1.Perform the following steps before installing this machine.Completed
Check with the Administrator to determine if the security functions of this machine
should be enhanced. If the functions should be enhanced, check the following.
If the security functions are not to be enhanced, quit the operation without checking
the following.
I swear that I would never disclose information as it relates to the settings of this machine to anybody, or perform malicious or intentional act during setup and service
procedures for the machine.
When giving the User’s Guide Security Operations to the Administrator of the machine, check that the User’s Guide is the security-compatible version and explain to
the Administrator that it is security-compatible.
2.After this machine is installed, refer to the Service Manual and perform the following
steps.
Set the CE Password.
Check that the Firmware version and revision of "Controller" and "Boot" checked
with the Service Manual match the values shown in the Firmware Version screen.
If there is a mismatch in the Firmware version and revision, explain to the Administrator of the machine that upgrading of the Firmware is necessary and perform upgrading of the Firmware.
3.After this machine is installed, refer to this User’s Guide and perform the following
steps.
Check that the Administrator Password has been set by the Administrator of the machine.
Check that User Authentication has been set to [Device] or [External Server] (Active
Directory only) by the Administrator of the machine.
Check that the self-signed certificate for SSL communications has been registered
by the Administrator of the machine.
Check that Password Rules has been set to [ON] by the Administrator of the machine.
Let the Administrator of the machine set Enhanced Security Mode to [ON].
The languages, in which the contents of the User’s Guide Security Operations have
been evaluated, are Japanese and English.
Explain the way how to get the manual in the language, in which it is evaluated.
Explain to the administrator that the settings for the security functions for this machine have been specified.
1
When the above steps have been properly carried out, the Service Engineer should make a copy of this page
and give the original of this page to the Administrator of the machine. The copy should be kept at the corresponding Service Representative for filing.
Product NameCompany NameUser Division NamePerson in charge
Customer (Administrator of Machine)
Service Representative-
bizhub 42/361-3
1.2Security Functions
1.2Security Functions
Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of
the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see
page 2-5.
Setting the Enhanced Security Mode to [ON] will enhance the authentication function. Access control is then
provided through password authentication for any access to the Admin Settings, User Authentication mode,
and Secured Job file. Access is thereby granted only to the authenticated user.
A password that can be set must meet the requirements of the Password Rules. The machine does not accept setting of an easily decipherable password. For details of the Password Rules, see page 1-9.
If a wrong password has been entered three cumulative times during password authentication, the machine
determines that it is unauthorized access through Prohibited Functions When Authentication Error, prohibiting any further entry of the password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data, thereby ensuring secured used of the machine. This function is not,
however, governed by authentication by the ISO15408.
When the machine is to be discarded, or use of a leased machine is terminated at the end of the leasing contract, the data erase function overwrites and erases all data stored in all spaces of the HDD and SSD. The
function also resets all passwords saved in the NVRAM to factory settings, preventing leak of data. For details
of items to be cleared by data erase function, see page 1-11.
Check Count Clear Conditions
The following are the conditions for clearing or resetting the check count of the number of wrong entries at
the time of authentication.
NOTICE
The check count is cleared or reset by restarting the machine. If there is any user who frequently turns ON
and OFF the machine, warn him or her of the fact or take necessary steps.
<Admin Settings>
-Authentication of Admin Settings is successful.
-The machine is restarted
<User Authentication Mode>
-User Authentication mode is successful.
-The machine is restarted
<Secured Job>
-Authentication of Secured Job is successful.
-The machine is restarted
<SNMP Password (auth-password, priv-password)>
-Authentication of SNMP is successful.
-The machine is restarted
1
bizhub 42/361-4
1.3Data to be Protected
1.3Data to be Protected
The underlying concept of this machine toward security is "to protect data that can be disclosed against the
intention of users."
The following types of image files that have been stored in the machine and made available for use by its
users are protected while the machine is being used.
-Image files stored in the HDD by Secured Job
-Image files stored as "Personal" in the HDD by Scan to HDD
-Image files stored in the HDD by ID & Print
The following data are also counted among the assets to be protected:
-Password
–User passwords and Secured Job passwords stored in the HDD and Administrator passwords and
SNMP passwords stored in the NVRAM
-User identification information
–User identification information stored in the HDD
-IC card information
–User IC card information stored in the HDD
-Trusted channel setting data
–Trusted channel setting data stored in the NVRAM
-External server identification setting data
–External server identification setting data stored in the HDD
The following types of data stored in the HDD, SSD, and NVRAM are protected when use of a leased machine
is terminated at the end of the leasing contract, the machine is to be discarded, or when the HDD is stolen.
-Image files stored in the HDD by Secured Job
-Image files stored as "Personal" in the HDD by Scan to HDD
-Image files stored in the HDD by ID & Print
-Image files of a job in the queue
-Any image files stored in the HDD data space and SSD data space other than the Secured Job files,
files stored as "Personal" by Scan to HDD, and ID & Print files.
-Data files left in the HDD data space and SSD data space, used as image files and not deleted through
the general deletion operation
-Temporary data files generated during print image file processing
-Destination recipient data (e-mail address, telephone number)
-Administrator passwords, SNMP passwords, trusted channel setting data, and machine setting data
stored in the NVRAM
-User identification information, user IC card information, User passwords, Secured Job passwords, and
external server identification setting data stored in the HDD
This machine offers the SSL function as a data protection method to ensure confidentiality of images (Scan
to HDD files) transmitted and received over the network.
When transmitting and receiving highly confidential image data (Secured Job files, Scan to HDD files, ID &
Print files) among different pieces of IT equipment within an office LAN, the machine carries out communications with the correct destination via reliable paths or through anti-sniffing measures, assuming an office environment that responds to most stringent security requirements.
NOTICE
Secured Job files and ID & Print files transmitted from the client PC to the machine are not encrypted. To
protect the Secured Job files and ID & Print files, take necessary anti-sniffing measures, including installation
of cryptographic communications equipment or a sniffing detector.
If the HDD is stolen, data is protected by the HDD encryption function, however, the HDD encryption function
is not governed by authentication by the ISO15408.
1
bizhub 42/361-5
1.4Precautions for Operation Control
1.4Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the
following conditions.
Roles and Requirements of the Administrator
The Administrator should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed.
<To Achieve Effective Security>
-A single individual person who is capable of taking full responsibility for controlling the machine should
be appointed as the Administrator to make sure that no improper operations are performed.
-When using an SMTP server (mail server) or an DNS server, each server should be appropriately managed by the Administrator and should be periodically checked to confirm that settings have not been
changed without permission.
Password Usage Requirements
The Administrator must control the Administrator Password, auth-password, and priv-password appropriately so that they may not be leaked. These passwords should not be ones that can be easily guessed. The user,
on the other hand, should control the Secured Job Password and User Password appropriately so that they
may not be leaked. Again, these passwords should not be ones that can be easily guessed.
<To Achieve Effective Security>
-Make absolutely sure that only the Administrator knows the Administrator Password, auth-password,
and priv-password.
-The Administrator must change the Administrator Password, auth-password, and priv-password at
regular intervals.
-The Administrator should make sure that any number that can easily be guessed from birthdays, employee identification numbers, and the like is not set for the Administrator Password, auth-password,
and priv-password.
-If a User Password has been changed, the Administrator should have the corresponding user change
the password as soon as possible.
-If the Administrator Password has been changed by the Service Engineer, the Administrator should
change the Administrator Password as soon as possible.
-The Administrator should have users ensure that the passwords set for the User Authentication and Secured Job are known only by the user concerned.
-The Administrator should have users change the passwords set for the User Authentication at regular
intervals.
-The Administrator should make sure that any user does not set any number that can easily be guessed
from birthdays, employee identification numbers, and the like for the passwords set for the User Authentication and Secured Job.
-Upon change of the Administrators, the old Administrator of the machine should promptly have the new
one change the Administrator password.
1
Network Connection Requirements for the Machine
If the LAN is to be connected to an outside network, no unauthorized attempt to establish connection from
the external network should be permitted.
<To Achieve Effective Security>
-If the LAN, in which the machine is installed, is connected to an outside network, install a firewall or
similar network device to block any access to the machine from the outside network and make the necessary settings.
-Provide an appropriate network control at all times to make sure that no other copying machine is connected without prior notice to the office LAN to which this machine is connected.
User information control system control requirements
The administrator of the machine and the server administrator are required to apply patches to, or perform
account control for, this machine and the user information control system connected to the office LAN in
which the machine is installed to ensure operation control that achieves appropriate access control.
bizhub 42/361-6
1.4Precautions for Operation Control
<To Achieve Effective Security>
-Apply patches so that the user information management system is always up-to-date.
-Change the corresponding account information promptly as soon as user authorities are changed.
-Delete the corresponding account information promptly as soon as the specific user is transferred.
Security function operation setting operating requirements
The Administrator should make sure of correct operation control so that the machine is used with the Enhanced Security Mode set to [ON].
Operation and control of the machine
The Administrator of the machine should perform the following operation control.
-The Administrator of the machine should log off from the Admin Settings whenever the operation in the
Admin Settings is completed. The Administrator of the machine should also make sure that each individual user logs off from the User Authentication mode after the operation in the User Authentication
mode is completed, including operation of the Secured Job file.
-The Administrator of the machine should appropriately control the device certificate (SSL certificate)
registered in the machine.
Machine Maintenance Control
The Administrator of the machine should perform the following maintenance control activities.
-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform
physical service operations on the machine.
-Provide adequate control over the machine to ensure that any physical service operations performed
on the machine by the Service Engineer are overseen by the Administrator of the machine.
-Some options require that Enhanced Security Mode be turned [OFF] before they can be used on the
machine. If you are not sure whether a particular option to be additionally purchased is fully operational
with the Enhanced Security Mode turned [ON], contact your Service Representative.
1
Operating conditions for the IC card and IC card reader
The machine supports the following types of IC card and IC card reader.
IC card typeIC card reader
Type AAU-201, SCL-010
Felica IDmAU-201, SCL-010
HID ProxAU-201H (North America only)
Operate the IC card reader under the following conditions.
-Be sure to use the IC card reader provided by the Service Representative. For details, contact your Service Representative.
-To use the IC card reader, it is necessary to install the loadable driver in the machine. For details, contact your Service Representative.
-Only one IC card reader can be connected to the machine.
-No guarantee is given for correct operation, if the IC card reader is not connected to the machine when
the machine is turned ON or if it is removed and reinserted with the machine turned ON.
-Even if the IC card reader supports two or more types of IC cards, only one type of IC card can be used
for authentication. No guarantee is given for correct operation, if authentication is performed by using
two or more types of IC cards.
-No guarantee is given for correct operation in authentication with two or more types of IC cards simultaneously read by the IC card reader.
IC card owner requirements
The Administrator of the machine should make sure that operating rules that specify the following operations
exist within the organization and that the operations are implemented according to the rules.
-The person responsible within the organization that uses the machine should distribute the IC card issued for use by the organization to a specific person who is authorized to own the IC card.
bizhub 42/361-7
1.4Precautions for Operation Control
-The person responsible within the organization that uses the machine should prohibit the user from
transferring or lending the IC card to any third person and make sure that the user reports any lost IC
card.
1
bizhub 42/361-8
1.5Miscellaneous
1.5Miscellaneous
Password Rules
According to certain Password Rules, registration of a password consisting of a string of a single character
or change of a password to one consisting of a string of a single character is rejected for the Administrator
Password, User Password, Secured Job Password, and SNMP Password. For the Administrator Password,
User Password, and SNMP Password, the same password as that currently set is not accepted.
Study the following table for more details of the number of digits and characters that can be used for each
password.
NOTICE
Before setting the Enhanced Security Mode, be sure to enable the Password Rules. The Password Rules can
be turned on by selecting [ON] for [Password Rules] that can be accessed from the control panel as follows:
[Utility/Counter] ö [Admin Settings] ö [↓] ö [Security Settings] ö [Security Details].
Types of passwordsNo. of digitsCharacters
User Password8 digits or more• Numeric characters: 0 to 9
Administrator Password8 digits• Numeric characters: 0 to 9
Secured Job Password8 digits• Numeric characters: 0 to 9
Precautions for Use of Various Types of Applications
Comply with the following requirements when using various types of applications.
-When PageScope Web Connection or an application of various other types is used, the password control function of the application stores the password that has been entered in your PC. If you want the
password not stored, disable the password control function of the application.
When using the PageScope Web Connection or an application of various other types, use one that
shows "*" or "●" for the password entered. Do not use a function, if any, that directly shows on the
screen the password entered.
-When using the PageScope Web Connection or an application of various other types, make settings so
that cache files are not saved on the web browser.
-Internet Explorer or other type of web browser, "SSL v3" or "TLS v1" should be used, not "SSL v2," for
the SSL setting.
-PageScope Direct Print cannot be used if the Enhanced Security Mode is set to [ON].
-Optional applications not described in this User’s Guide are not covered by certification of ISO15408.
bizhub 42/361-9
1.5Miscellaneous
Encrypting communications
The following are the cryptographic algorithms of key exchange and communications encryption systems
supported in generation of encryption keys.
-TLS_RSA_WITH_RC4_128_MD5
-TLS_RSA_WITH_3DES_EDE_CBC_SHA
-TLS_RSA_WITH_AES_128_CBC_SHA
-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-TLS_DHE_RSA_WITH_AES_256_CBC_SHA
NOTICE
No algorithms can be selected during generation of encryption keys. SSL v3 is automatically selected for the
SSL setting according to the application and browser. Do not therefore change the setting manually to SSL
v2. An increased risk results of data to be protected being tampered with or leaked.
The Administrator of the machine should make sure that SSL encryption communication is not performed
with the SSL set in SSL v2.
Do not use an SSL certificate that is electronically signed by MD5, as an increased risk results of data to be
protected being tampered with or leaked.
Use the following browsers to ensure SSL encryption communication with appropriate strength. Use of any
of the following browsers achieves SSL encryption communication that ensures confidentiality of the image
data transmitted and received.
Windows XP, Server 2003, Vista, 7, Server 2008, Server 2008 R2
-Recommended is Microsoft "Internet Explorer 6" or later.
-Recommended is Mozilla Firefox 3.6 or later.
Macintosh MacOS X
-Recommended is Mozilla Firefox 3.6 or later.
Linux
-Recommended is Mozilla Firefox 3.6 or later.
1
IPP printing
IPP (Internet Printing Protocol) is a function that allows Secured Job and image data stored in HDD to be
printed via the Internet by using the HTTP (HyperText Transfer Protocol) of the TCP/IP Protocol. IPPS (IPP
over SSL/TLS) is the type of IPP that performs the SSL encryption communication.
<Installing printer driver>
To perform IPP printing, the printer driver must be installed. From "Add Printer Wizard," select "Connect to
a printer on the Internet or on a home or office network" and type the URL of this machine in the following
format in the "URL" field. The printer, for which the settings have been made, can be used in the same manner
as the ordinary local printer.
http:// <IP address of this machine> /ipp
E.g.: If the machine IP address is 192.168.1.20
Type http://192.168.1.20/ipp
To set IPPS printing:
Type https:// <IP address of the machine> /ipp.
<Registering the certificate in Windows Vista/7/Server 2008/Server 2008 R2>
Windows Vista/7/Server 2008/Server 2008 R2, which offers enhanced security functions, gives a certificate
error message if the SSL certificate is one that is not issued by a certification body. In such cases, it becomes
necessary to register with Windows Vista/7/Server 2008/Server 2008 R2 the certificate of this machine as that
issued by a reliable party for the computer account.
First, register Host Name and IP address of this machine in the DNS server in advance. Then, in [TCP/IP Settings] of PageScope Web Connection, set the DNS Host Name and DNS Default Domain Name registered
with the DNS server.
It should also be noted that, for the certificate to be imported, a certificate for SSL encryption communication
should be registered in PageScope Web Connection and exported in advance as the certificate including the
public key.
bizhub 42/361-10
1.5Miscellaneous
1From "Continue to this website" call the PageScope Web Connection window to the screen.
2Click "Certificate Error" to display the certificate. Then, click "Install Certificate" to install the certificate.
3Display the physical stores. Then, deploy the certificate, which has earlier been exported, in "Local
Computer" of "Trusted Root Certification Authorities" to thereby import the certificate.
<IPPS printing settings in Windows Vista/7/Server 2008/Server 2008 R2>
Through additional printer setting, type "https://Host Name.Domain Name/ipp."
For [Host Name] and [Domain Name], specify the names set with the DNS server.
Items of Data Cleared by Data Erase Function
The data erase function clears the following items of data.
Items of Data ClearedDescriptionMethod
Enhanced Security ModeSet to [OFF]Overwrite All Data
User registration dataDeletes all user-related data that has been
Secured Job Password/fileDeletes all Secured Job-related informa-
Scan to HDD fileDeletes all files stored as "Personal" by
ID & Print fileDeletes all ID & Print filesOverwrite All Data
Image files• Image files saved other than the Se-
Destination recipient data
files
Administrator PasswordClears the currently set password, reset-
SNMP PasswordClears the currently set password, reset-
SSL certificateDeletes the currently set SSL certificateOverwrite All Data
Network SettingClears the currently set network settings
Machine setting dataDeletes the machine setting dataRestore All
Trusted channel setting dataDeletes the trusted channel setting dataRestore All
External server identification
setting data
registered
tion and files saved
Scan to HDD
cured Job files, files stored as "Personal" by Scan to HDD, and ID & Print files
• Image files of jobs in job queue state
• Remainder data files, used as image
files and not deleted through only the
general deletion operation
• Temporary data files generated during
print image file processing
Deletes all destination recipient data including e-mail addresses and telephone
numbers
ting it to the factory setting
ting it to the factory setting (MAC address)
(DNS Server setting, IP Address setting,
SMTP Server setting, NetWare Setting,
NetBIOS setting and AppleTalk Printer
Name setting), resetting it to the factory
setting
Deletes the external server identification
setting data
1
SSD Low-level Format
Restore All
Overwrite All Data
Overwrite All Data
Overwrite All Data
Overwrite All Data
SSD Low-level Format
SSD Low-level Format
Restore All
Restore All
SSD Low-level Format
Restore All
Restore All
Overwrite All Data
bizhub 42/361-11
1.5Miscellaneous
HDD Format
Execute HDD format when, for example, to initialize the HDD (to be reset to the default state) or when the
HDD is replaced with a referent one. Executing HDD format deletes data saved in the machine’s HDD. Different types of data are deleted depending on the type of Format.
-Executing [User Area Only] deletes the Secured Job file and ID & Print file.
-Executing [User Area (Scan)] deletes the registered user information and Scan to HDD files.
-Executing [All] formats all areas in the HDD, deleting all data saved. In addition, the formatting turns
[OFF] the Enhanced Security Mode. So, it must be turned [ON] again. For details of settings, see
page 2-5.
Upgrading of the firmware
If upgrading of the firmware has been performed by the service engineer, the Administrator of the machine
must execute [Restore All]. Execute [Restore All] after the firmware has been upgraded. For details of the execution of [Restore All], see page 2-26.
-For details of items of data to be cleared by [Restore All], see page 1-11.
-The execution of [Restore All] will turn [OFF] the Enhanced Security Mode. So, it must be turned [ON]
again. For details of settings, see page 2-5.
1
bizhub 42/361-12
2
Administrator Operations
2.1Accessing the Admin Settings
2Administrator Operations
2.1Accessing the Admin Settings
This machine implements authentication of the user of the Admin Settings function through the 8-digit Administrator Password that verifies the identity as the Administrator of the person who accesses the function.
During the authentication procedure, the Administrator Password entered for the authentication purpose appears as "*" or "●" on the display. A failure in authentication as a result of the entry of a wrong password is
counted as unauthorized access.
NOTICE
Make sure that none of the general users of the machine will know the Administrator Password.
If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your Service
Representative.
Accessing the Admin Settings
The machine does not accept access to the Admin Settings under any of the following conditions. Wait for
some while before attempting to gain access to the Admin Settings again.
-There is a job being executed by the machine.
-There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.
-Immediately after the power switch has been turned ON.
-A malfunction code is displayed on the machine.
<From the Control Panel>
0Do not leave the machine with the setting screen of Admin Settings left shown on the display. If it is
absolutely necessary to leave the machine, be sure first to log off from the Admin Settings.
2
1Press the [Utility/Counter] key.
2Touch [↓].
3Touch [Admin Settings].
bizhub 42/362-2
2.1Accessing the Admin Settings
4Enter the 8-digit Administrator Password from the keyboard or keypad.
% Press the [C] key to clear all characters.
% Touch [Delete] to delete the last character entered.
% Touch [↑] to show the upper case screen.
% Touch [!#?/] to show the symbol screen.
5Touch [OK].
% If a wrong Administrator Password is entered, a message that tells that the authentication has failed
appears. Enter the correct Administrator Password.
% A failure in authentication as a result of the entry of a wrong password is counted as unauthorized
access. If the cumulative number of unauthorized accesses reaches three during operation of the
machine, the machine is set into an access lock state and prohibits any subsequent password entry
operations. To cancel the access lock state, turn off, then on, the power switch of the machine.
When the power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. This interval is necessary to ensure that the machine functions properly.
2
6Press the [Reset] key to log off from the Admin Settings.
bizhub 42/362-3
2.1Accessing the Admin Settings
<From PageScope Web Connection>
0If an attempt is made to log on to the Admin Mode while a job is being executed, the machine gives a
message that tells that it is now impossible to log on to the Admin Mode. Click [OK] and try logging on
to the Admin Mode after the execution of the job is completed.
0Do not leave the machine with the Admin Mode setting screen left shown on the display. If it is abso-
lutely necessary to leave the machine, be sure first to log off from the Admin Mode.
1Start the Web browser.
2Enter the IP address of the machine in the address bar.
3Press the [Enter] key to start PageScope Web Connection.
4Click the Administrator radio button and [Log in].
2
5Enter the 8-digit Administrator Password in the password box.
% When accessing the Admin Mode using the PageScope Web Connection, enter the same Adminis-
trator Password as that for the machine.
6Click [OK].
% If a wrong Administrator Password is entered, a message that tells that the authentication has failed
appears. Enter the correct Administrator Password.
% A failure in authentication as a result of the entry of a wrong password is counted as unauthorized
access. If the cumulative number of unauthorized accesses reaches three during operation of the
machine, the machine is set into an access lock state and prohibits any subsequent password entry
operations. To cancel the access lock state, turn off, then on, the power switch of the machine.
When the power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. This interval is necessary to ensure that the machine functions properly.
7Click [Log out]. This allows you to log off from the Admin Mode.
bizhub 42/362-4
2.2Enhancing the Security Function
2.2Enhancing the Security Function
When access to the machine by the Administrator of the machine through the Admin Settings from the control
panel is authenticated, the machine enables setting of the Enhanced Security Mode that allows settings for
enhancing each of different security functions to be converted all at once.
In the Enhanced Security Mode, the machine allows selection of whether to use the Enhanced Security Mode
or not. When the Enhanced Security Mode is set to [ON], the security function is enhanced by automatically
setting such functions as that which determines whether each password meets predetermined requirements.
The following settings must first be made before the Enhanced Security Mode is set to [ON].
Settings to be Made in AdvanceDescription
Administrator PasswordAn 8-digit password that meets the Password Rules.
The factory setting is "12345678."
User AuthenticationSet to either [Device] or [External Server] (Active Directory).
Certificate for SSLRegister the self-signed certificate for SSL communications.
Password RulesSet to [ON].
Setting the Enhanced Security Mode to [ON] changes the setting values of the following functions.
Function NameFactory SettingWhen Enhanced Security Mode is set to [ON]
Public AccessRestrictRestrict (not to be changed)
Print without Authentication
User List Display SettingOFFOFF (not to be changed)
SSLOFFON (not to be changed)
SSL Encryption StrengthAES-256, 3DES,
FTP ServerEnableSelection can be made between [Enable] and [Disable]
SNMPv1/v2cRead/Write en-
SNMP v3 Security Level
and auth-password/privpassword
(SNMP v3 Write User)
Administrator Password
Change Via Network
(Pagescope Web Connection)
AES-256, 3DES (not to be changed to one containing
strength lower than AES/3DES)
Only Read is enabled (not to be changed)
The security level can be selected from among [authpassword] or [auth-password/priv-password].
An 8-digit-or-more auth-password or priv-password
can both be set.
2
NOTICE
When Password Rules is set to [ON] the characters and the number of digits used for each password are
restricted. For details of the Password Rules, see page 1-9.
Turning ON the Enhanced Security Mode does not enable the ID & Print function. Enable the function manually to protect image files. For details of the ID & Print function, see page 2-12.
bizhub 42/362-5
2.2Enhancing the Security Function
The Enhanced Security Mode is set to [OFF], if the Administrator of the machine executes any of the following
functions. Set the Enhanced Security Mode to [ON] again.
-[All] is executed of [HDD Format].
-[Overwrite All Data] is executed.
-[SSD Low-level Format] is executed.
-[Restore All] is executed.
-[Restore Network] is executed.
-[Restore System] is executed.
2
bizhub 42/362-6
2.2Enhancing the Security Function
Setting the Enhanced Security Mode
0For the procedure to call the Admin Settings on the display, see page 2-2.
0Do not leave the machine with the setting screen of Admin Settings left shown on the display. If it is
absolutely necessary to leave the machine, be sure first to log off from the Admin Settings.
0The Enhanced Security Mode is factory-set to [OFF]. Be sure to turn [ON] the Enhanced Security Mode
so as to enable the security function of the machine.
1Call the Admin Settings on the display from the control panel.
2Touch [↓].
3Touch [Security Settings].
2
4Touch [Enhanced Security Mode].
5Select [ON] to enable the Enhanced Security Mode and touch [OK].
Touch [OK], then the machine restarts automatically.
bizhub 42/362-7
2.2Enhancing the Security Function
% [ON] can be selected only if the Administrator of the machine has made the necessary settings be-
forehand. For details of the necessary settings, see page 2-5.
% If the Enhanced Security Mode is properly set to [ON], a key icon appears at the portion enclosed
by a red frame of the screen, indicating that the machine is in the Enhanced Security Mode.
2
bizhub 42/362-8
2.3Setting the Authentication Method
2.3Setting the Authentication Method
When access to the machine by the Administrator of the machine through the Admin Settings is authenticated, the machine enables setting of the authentication method for User Authentication.
The User Authentication method may be [Device] that uses the authentication system the machine has, [External Server] that uses a user information control system of the external server, or [Off]. If the Enhanced Security Mode is set to [ON], the authentication method should be operated by either [Device] or [External
Server] (Active Directory).
If [Device] is selected, the IC card function can be set. The IC card function uses an IC card reader connected
to the machine and reads the IC card with the IC card reader to perform user authentication.
NOTICE
If [External Server] is selected for the authentication method, be sure to select [Active Directory] in the External Server Settings.
Setting the Authentication Method
0For the procedure to access the Admin Mode, see page 2-2.
0Do not leave the machine with the Admin Mode setting screen left shown on the display. If it is abso-
lutely necessary to leave the machine, be sure first to log off from the Admin Mode.
1Start PageScope Web Connection and access the Admin Mode.
2Click the [Security] tab.
2
bizhub 42/362-9
2.3Setting the Authentication Method
3Select [Device] or [External Server] from the User Authentication pull-down menu.
If [Device] is selected, perform steps 4 through 5.
If [External Server] is selected, perform steps 6 through 10.
2
4If [Device] is selected, click [General Settings] from the [Authentication Device Settings] menu and set
[Authentication Type] and [IC Card Type].
Authentication MethodDescription
NoneUses no IC card for user authentication; a user name and a user
password are to be entered for authentication.
Card AuthenticationUses an IC card for authentication, in addition to that based on entry
Card Authentication
+ Password
of a user name and a user password.
Uses an IC card placed on the IC card reader and entry of a user
password for authentication, in addition to that based on entry of a
user name and a user password.
% If the IC card function is to be used, it is necessary to register user IC card information in the ma-
chine. For details, see page 2-18.
5Click [Apply].
6If [External Server] is selected, click [External Server List] from [Authentication] menu.
bizhub 42/362-10
2.3Setting the Authentication Method
7Click [Edit].
8Select [Active Directory] and click [Next].
2
9Make the necessary settings.
10 Click [Apply].
bizhub 42/362-11
2.4ID & Print Setting Function
2.4ID & Print Setting Function
When access to the machine by the Administrator of the machine through the Admin Settings is authenticated, the machine enables setting of the operation of the ID & Print function.
The ID & Print function temporarily stores print data transmitted from the PC in the HDD of the machine and,
after user authentication is successful in this machine, automatically prints the print data of the user in question.
NOTICE
The Administrator must first make User Authentication settings before setting the ID & Print function. For details of the User Authentication, see page 2-9.
Setting the ID & Print
0For the procedure to access the Admin Mode, see page 2-2.
0Do not leave the machine with the Admin Mode setting screen left shown on the display. If it is abso-
lutely necessary to leave the machine, be sure first to log off from the Admin Mode.
1Start PageScope Web Connection and access the Admin Mode.
2Click the [Security] tab and [ID & Print Settings].
3Select [Enable] from the pull-down menu of [ID & Print].
2
% If [Enable] is set, the document is stored as ID & Print file even if [Print] is selected on the printer
driver side.
% Even if [Disable] is set, the document is stored as ID & Print file if [ID & Print] is selected on the printer
driver side.
4Click [Apply].
bizhub 42/362-12
2.5Auto Reset Function
2.5Auto Reset Function
When access to the machine by the Administrator of the machine through the Admin Settings from the control
panel is authenticated, the machine enables setting of the operation of the Auto Reset function.
If no operations are performed for a predetermined period of time during access to the Admin Settings or
user mode (during setting of User Authentication) from the control panel, the Auto Reset function automatically causes the user to log off from the mode.
The predetermined period of time, after which the Auto Reset function is activated, can be selected from
among nine values between 1 min. and 9 min. Auto Reset can also be set to [OFF]. If no operations are performed for 1 min. even with Auto Reset set to [OFF], the function causes the user to log off from the mode
automatically.
Reference
-Processing of a specific job, however, takes precedence over the Auto Reset function. That is, even if
a predetermined period of time elapses during which no operations are performed, once the processing
of the specific job has been started, the Auto Reset function does not cause the user to log off from the
mode. The user logs off from the mode after the lapse of a predetermined period of time after the processing of the specific job is completed.
Setting the Auto Reset function
0For the procedure to call the Admin Settings on the display, see page 2-2.
0Do not leave the machine with the setting screen of Admin Settings left shown on the display. If it is
absolutely necessary to leave the machine, be sure first to log off from the Admin Settings.
2
1Call the Admin Settings on the display from the control panel.
2Touch [Machine Settings].
3Touch [↓].
4Touch [Auto Reset Settings].
bizhub 42/362-13
2.5Auto Reset Function
5Touch [Enable].
6Select [ON] and touch [OK].
2
% If no operations are performed for 1 min. even with Auto Reset set to [OFF], the function is activated
to cause the user to log off from the mode automatically.
7Touch [Auto Reset].
bizhub 42/362-14
Loading...
+ 65 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.