Konica Minolta bizhub 750 User Manual
User’s Guide [Security Operations]
2006.12
Ver. 1.02
Contents
Contents
1 Security
1.1 Introduction ....................................................................................... 1-2
Compliance with the ISO15408 Standard ..................................... 1-2
Operating Precautions ................................................................... 1-2
INSTALLATION CHECKLIST .......................................................... 1-3
1.2 Security Functions ............................................................................ 1-5
1.2.1 Check Count Clear Conditions ...................................................... 1-6
1.3 Data to be Protected ........................................................................ 1-7
1.4 Precautions for Operation Control .................................................. 1-8
Roles and Requirements of the Administrator ............................... 1-8
Password Usage Requirements ..................................................... 1-8
Network Connection Requirements for the Machine ..................... 1-9
User information control server control requirements ................... 1-9
Security function operation setting operating requirements .......... 1-9
Operation and control of the machine ......................................... 1-10
Machine Maintenance Control ..................................................... 1-10
1.5 Miscellaneous ................................................................................. 1-11
Password Rules ........................................................................... 1-11
Precautions for Use of Various Types of Applications ................. 1-11
Types of Data Cleared by Overwrite All Data Function ................ 1-12
Recovery from malicious tampering of software ......................... 1-12
2 Administrator Operations
2.1 Accessing the Administrator Setting Mode ................................... 2-2
2.1.1 Accessing the Administrator Setting mode ................................... 2-2
<From the Control Panel> .............................................................. 2-4
<From PageScope Web Connection> ........................................... 2-6
2.2 Enhancing the Security Function .................................................... 2-9
2.2.1 Items cleared by HDD Format ..................................................... 2-11
2.2.2 Setting the Enhanced Security mode .......................................... 2-11
<Setting can be made only from the control panel> ................... 2-12
2.3 Preventing Unauthorized Access .................................................. 2-15
2.3.1 Setting Prohibit Function When Auth. Error ................................. 2-15
<Setting can be made only from the control panel> ................... 2-15
2.4 Canceling the Operation Prohibited State ................................... 2-17
750/600 x-1
Contents
2.4.1 Performing Release Setting ..........................................................2-17
<Setting can be made only from the control panel> ....................2-17
2.5 Setting the Authentication Method ................................................2-19
2.5.1 Setting the Authentication Method ...............................................2-19
<Setting can be made only from the control panel> ....................2-19
2.6 System Auto Reset Function ..........................................................2-22
2.6.1 Setting the System Auto Reset function .......................................2-22
<Setting can be made only from the control panel> ....................2-22
2.7 User Setting Function .....................................................................2-25
2.7.1 Making user setting ......................................................................2-26
<From the Control Panel> ............................................................2-26
<From PageScope Web Connection> ..........................................2-30
2.8 User Box Function ...........................................................................2-32
2.8.1 Setting the User Box .....................................................................2-32
<From the Control Panel> ............................................................2-32
<From PageScope Web Connection> ..........................................2-37
2.8.2 Changing the user attributes ........................................................2-39
<From the Control Panel> ............................................................2-39
<From PageScope Web Connection> ..........................................2-43
2.9 Changing the Administrator Password .........................................2-47
2.9.1 Changing the Administrator Password .........................................2-47
<Setting can be made only from the control panel> ....................2-47
2.10 Protecting Saved Data ....................................................................2-51
2.10.1 Setting the HDD Lock Password ..................................................2-52
<Setting can be made only from the control panel> ....................2-53
2.10.2 Changing the HDD Lock Password ..............................................2-56
<Setting can be made only from the control panel> ....................2-56
2.10.3 Setting the Image Data Encryption Key ........................................2-59
<Setting can be made only from the control panel> ....................2-59
2.10.4 Setting the Management Data Encryption Key .............................2-64
<Setting can be made only from the control panel> ....................2-64
2.10.5 Changing the Image Data Encryption Key ....................................2-67
<Setting can be made only from the control panel> ....................2-67
2.10.6 Changing the Management Data Encryption Key ........................2-73
<Setting can be made only from the control panel> ....................2-73
2.11 Overwrite All Data Function ............................................................2-76
2.11.1 Setting the Overwrite All Data function .........................................2-77
x-2 750/600
Contents
<Setting can be made only from the control panel> ................... 2-77
2.12 SNMP Setting Function .................................................................. 2-80
2.12.1 Changing the auth-password and priv-password ....................... 2-80
<From the Control Panel> ............................................................ 2-80
<From PageScope Web Connection> ......................................... 2-85
2.12.2 SNMP access authentication function ......................................... 2-87
2.12.3 SNMP v3 setting function ............................................................ 2-87
2.12.4 SNMP network setting function ................................................... 2-88
2.13 TCP/IP Setting Function ................................................................. 2-89
2.13.1 Setting the IP Address ................................................................. 2-89
<From the Control Panel> ............................................................ 2-89
<From PageScope Web Connection> ......................................... 2-90
2.13.2 Registering the DNS Server ......................................................... 2-91
<From the Control Panel> ............................................................ 2-91
<From PageScope Web Connection> ......................................... 2-92
2.14 NetWare Setting Function .............................................................. 2-93
2.14.1 Making the NetWare Setting ........................................................ 2-93
<From the Control Panel> ............................................................ 2-93
<From PageScope Web Connection> ......................................... 2-94
2.15 SMB Setting Function .................................................................... 2-95
2.15.1 Setting the NetBIOS Name .......................................................... 2-95
<From the Control Panel> ............................................................ 2-95
<From PageScope Web Connection> ......................................... 2-96
2.16 AppleTalk Setting Function ........................................................... 2-97
2.16.1 Making the AppleTalk Setting ...................................................... 2-97
<From the Control Panel> ............................................................ 2-97
<From PageScope Web Connection> ......................................... 2-98
2.17 E-Mail Setting Function .................................................................. 2-99
2.17.1 Setting the SMTP Server (E-Mail Server) ..................................... 2-99
<From the Control Panel> ............................................................ 2-99
<From PageScope Web Connection> ....................................... 2-100
3 User Operations
3.1 User Authentication Function .......................................................... 3-2
3.1.1 Performing user authentication ...................................................... 3-2
<From the Control Panel> .............................................................. 3-3
<From PageScope Web Connection> ........................................... 3-6
3.2 Change Password Function ............................................................ 3-8
750/600 x-3
3.2.1 Performing Change Password ........................................................3-8
<From the Control Panel> ..............................................................3-8
<From PageScope Web Connection> ..........................................3-12
3.3 Secure Print Function .....................................................................3-14
3.3.1 Accessing the Secure Print ...........................................................3-15
<Setting can be made only from the control panel> ....................3-15
3.4 User Box Function ...........................................................................3-19
3.4.1 Setting the User Box .....................................................................3-19
<From the Control Panel> ............................................................3-19
<From PageScope Web Connection> ..........................................3-25
3.4.2 Changing the User Box Password and user attributes ................3-28
<From the Control Panel> ............................................................3-28
<From PageScope Web Connection> ..........................................3-33
3.4.3 Accessing the User Box and User Box file ...................................3-38
<From the Control Panel> ............................................................3-39
<From PageScope Web Connection> ..........................................3-41
4 Application Software
4.1 PageScope Data Administrator ........................................................4-2
4.1.1 Gaining access from PageScope Data Administrator ....................4-3
< From the PC> ..............................................................................4-3
4.1.2 Setting the user authentication method ..........................................4-6
< From the PC> ..............................................................................4-6
4.1.3 Making the user settings .................................................................4-8
< From the PC> ..............................................................................4-8
4.2 PageScope Box Operator ...............................................................4-10
4.2.1 Accessing User Box ......................................................................4-10
< From the PC> ............................................................................4-10
4.2.2 Creating a User Box ......................................................................4-14
< From the PC> ............................................................................4-14
4.2.3 Changing User Box properties (user attributes) ...........................4-16
< From the PC> ............................................................................4-16
4.2.4 Accessing the User Box file ..........................................................4-20
< From the PC> ............................................................................4-20
4.3 PageScope Job Spooler .................................................................4-21
4.3.1 Accessing the User Box ...............................................................4-22
< From the PC> ............................................................................4-22
Contents
x-4 750/600
Contents
4.4 HDD TWAIN driver .......................................................................... 4-28
4.4.1 Accessing from the HDD TWAIN driver ....................................... 4-28
< From the PC> ............................................................................ 4-28
4.5 PageScope Direct Print .................................................................. 4-31
4.5.1 Printing through PageScope Direct Print ..................................... 4-31
< From the PC> ............................................................................ 4-31
4.6 HDD Backup Utility ......................................................................... 4-33
4.6.1 Backup ......................................................................................... 4-33
< From the PC> ............................................................................ 4-33
4.6.2 Restore ......................................................................................... 4-36
< From the PC> ............................................................................ 4-36
750/600 x-5
Contents
x-6 750/600
Security Chapter 1
1
Security
1
1 Security
1.1 Introduction
Thank you for purchasing our product.
Security Chapter 1
This User’s Guide contains the operating procedures and precautions to be
used when using the security functions offered by the bizhub 750/600 machine. To ensure the best possible performance and effective use of the machine, read this manual thoroughly before using the security functions. The
Administrator of the machine should keep this manual for ready reference.
The manual should be of great help in finding solutions to operating problems and questions.
This User’s Guide (Ver. 1.02) describes bizhub 750/bizhub 600/ineo 750/ineo
600 Multi Function Peripheral Control Software (MFP Controller: 57AA-0100G00-21-000) and Image Control Software (Image Controller: 57AA-1000G00-21-000).
Compliance with the ISO15408 Standard
When the Enhanced security mode on this machine is set to [ON], more enhanced security functions are available.
The security functions offered by the bizhub 750/600 machine comply with
ISO/IEC15408 (level: EAL3).
Security
Operating Precautions
The machine gives an alarm message or an alarm sound (peep) when a
wrong operation is performed or a wrong entry is made during operation of
the machine. (No “peep” alarm sound is issued if Key Accept Sound/Key
Refuse Sound in Sound Setting of Accessibility Setting is set to [OFF].) If the
alarm message or alarm sound is given, perform the correct operation or
make the correct entry according to the instructions given by the message
or other means.
The Administrator of the machine should make sure that each individual general user exits from the current mode to return to the basic screen whenever
the access to that mode is completed or if the user leaves the machine with
the mode screen left displayed.
The Administrator of the machine should exit from the current mode to return
to the basic screen whenever the access to that mode is completed or if he
or she leaves the machine with the mode screen left displayed.
The PageScope Web Connection functions can be used only if the setting is
made to accept “Cookie.”
1-2 750/600
Security
1
INSTALLATION CHECKLIST
This Installation Checklist contains items that are to be check by the Service
Engineer installing this machine.
The Service Engineer should check the following items, then explain each
checked item to the Administrator of the machine.
To Service Engineer
Make sure that each of these items is properly carried out by checking the
box on the right of each item.
1. Perform the following steps before installing this machine. Completed
Check with the Administrator to determine if the security functions of this machine should be enhanced. If the functions should be enhanced, check the
following.
If the security functions are not to be enhanced, quit the operation without
checking the following.
I swear that I would never disclose information as it relates to the settings of
this machine to anybody, or perform malicious or intentional act during setup
and service procedures for the machine.
When giving the User’s Guide Security Operations to the Administrator of the
machine, check that the User’s Guide is the security-compatible version and
explain to the Administrator that it is security-compatible.
2. After this machine is installed, refer to the Service Manual and perform the following steps.
Check that the version and checksum of the firmware (MFP Controller and Image Controller) indicated in the Service Manual match the values shown in the
Firmware version display screen of the Service mode.
If there is a mismatch in the Firmware version number, explain to the Administrator of the machine that upgrading of the Firmware is necessary and perform upgrading of the Firmware.
Set CE Authentication to [ON] and set the CE Password.
Check that CS Remote Care is set to RAM Clear Set.
Set Management Function Choice to Unset and HDD to Installed.
3. After this machine is installed, refer to this User’s Guide and perform the following steps.
Check that the Administrator Password has been set by the Administrator of
the machine.
Check that the HDD Lock Password has been set by the Administrator of the
machine.
Check that the Encryption Key has been set by the Administrator of the machine.
Check that User Authentication has been set to [ON (MFP)] or [ON (External
Server)] (Active Directory only) by the Administrator of the machine.
Check that the self-signed certificate for SSL communications has been registered by the Administrator of the machine.
Let the Administrator of the machine set Enhanced Security Mode to [ON].
The languages, in which the contents of the User’s Guide Security Operations
have been evaluated, are Japanese and English.
Explain the way how to get the manual in the language, in which it is evaluated.
Security Chapter 1
750/600 1-3
1
Security
Explain to the administrator that the settings for the security functions for this
machine have been specified.
When the above steps have been properly carried out, the Service Engineer
should make a copy of this page and give the original of this page to the Administrator of the machine. The copy should be kept at the corresponding
Service Representative for filing.
Security Chapter 1
Product Name Company Name User Division Name Person in charge
Customer
Service Representative -
1-4 750/600
Security
1.2 Security Functions
Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of the settings of different security functions
to be changed by turning [ON] the Enhanced Security Mode, see “Enhancing
the Security Function” on page 2-9.
Setting the Enhanced Security Mode to [ON] will enhance the authentication
function. Access control is then provided through password authentication
for any access to the Administrator Setting mode, User Authentication mode,
User Box, a User Box data file, and a Secure Print file. Access is thereby
granted only to the authenticated user.
A password that can be set must meet the requirements of the Password
Rules. The machine does not accept setting of an easily decipherable password. For details of the Password Rules, see “Password Rules” on
page 1-11.
If a wrong password is entered, during password authentication, a predetermined number of times (once to three times) set by the Administrator of the
machine or more, the machine determines that it is unauthorized access
through Prohibit Function When Auth. Error, prohibiting any further entry of
the password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data, thereby ensuring secured used
of the machine.
To cancel the password entry operation prohibited condition, the Administrator must perform the Release Setting. When the Administrator performs
the Release Setting for the operation prohibited condition, a sound operation
control in utmost security is achieved under the control of the Administrator.
Setting the HDD Lock Password provides the following security function.
That is, even if the HDD is illegally replaced with another, the HDD authentication function prohibits access to the HDD, when the HDD Lock Password
is yet to be set or there is a mismatch in the passwords. In addition, should
the HDD be removed unawares, the HDD Lock Password locks the HDD protecting data contained in the HDD. In addition, setting the Management Data
Encryption Key encrypts the Administrator Password, Password Rules setting, SNMP Password, and others stored in the CF, thus protecting these
types of data. Furthermore, by mounting the optional Security Kit SC-501
and setting the Image Data Encryption Key, the image data stored in the HDD
is encrypted, thereby protecting the data in the HDD even more reliably.
Note, however, that the HDD Lock Password and Image Data Encryption Key
do not prevent the HDD from being physically removed. Make sure of a good
operation control.
The machine has a function that detects tampering of the multi function peripheral control software. If tampering is detected, the machine displays a
service call “C-D501” on its control panel. In this case, network connection
is generally disabled; however, the connection remains enabled depending
1
Security Chapter 1
750/600 1-5
1
on the specific details of the tampering. In such cases, the service call is also
displayed on PageScope Web Connection. If the service call appears, contact the Service Engineer. For more details, consult the Service Representative.
When the machine is to be discarded, or use of a leased machine is terminated at the end of the leasing contract, the Overwrite All Data function overwrites and erases all data stored in all spaces of the HDD. The function also
Security Chapter 1
1.2.1 Check Count Clear Conditions
resets all passwords saved in the NVRAM to factory settings, preventing leak
of data. For details of items to be cleared by Overwrite All Data function, see
“Overwrite All Data Function” on page 2-76.
The following are the conditions for clearing or resetting the check count of
the number of wrong entries at the time of authentication by the Enhanced
Security mode.
<Administrator Setting Mode>
- Authentication of Administrator Setting mode is successful.
- The machine is restarted.
<User Authentication Mode>
- User Authentication mode is successful.
- Release of Prohibit Functions When Auth. Error is executed.
- The machine is restarted.
<Secure Print>
- Authentication of Secure Print is successful.
- Release of Prohibit Functions When Auth. Error is executed.
- The machine is restarted.
<Box>
- Authentication of User Box is successful.
- Authentication for execution of change of User Box Name and User Box
Password is successful.
- Release of Prohibit Functions When Auth. Error is executed.
- The machine is restarted.
<SNMP Password (auth-Password, priv-Password)>
- Authentication of SNMP is successful.
- Release of Prohibit Functions When Auth. Error is executed.
- The machine is restarted.
Security
1-6 750/600
Security
1.3 Data to be Protected
The underlying concept of this machine toward security is “to protect data
that can be disclosed against the intention of users.”
The following types of image files that have been stored in the machine and
made available for use by its users are protected while the machine is being
used.
- Image files stored by Secure Print
- Image files stored in Personal User Box and Public User Box
The following types of data stored in the HDD are protected when use of a
leased machine is terminated at the end of the leasing contract, the machine
is to be discarded, or when the HDD is stolen.
- Image files stored by Secure Print
- Image files stored in Personal User Box and Public User Box
- Image files of a job in the queue
- Image files other than Secure Print file and User Box file
- Data files left in the data space used as image files
- Temporary data files generated during print image file processing
- Destination recipient data (e-mail address, telephone number)
1
Security Chapter 1
750/600 1-7
1
1.4 Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the following conditions.
Roles and Requirements of the Administrator
The Administrator should take full responsibility for controlling the machine,
Security Chapter 1
thereby ensuring that no improper operations are performed.
<To Achieve Effective Security>
- A person who is capable of taking full responsibility for controlling the
machine should be appointed as the Administrator to make sure that no
improper operations are performed.
- When using an SMTP server (mail server) or an DNS server, each server
should be appropriately managed by the Administrator and should be periodically checked to confirm that settings have not been changed without permission.
Password Usage Requirements
The Administrator must control the Administrator Password, HDD Lock
Password, Management Data Encryption Key, Image Data Encryption Key,
auth-Password, and priv-Password appropriately so that they may not be
leaked. These passwords should not be ones that can be easily guessed.
The user, on the other hand, should control the User Box Password, Secure
Print Password, and Administrator Password appropriately so that they may
not be leaked. Again, these passwords should not be ones that can be easily
guessed. For the Public User Box shared among a number of users, the User
Box Password should be appropriately controlled so that it may not be
leaked to anyone who is not the user of the Public User Box.
<To Achieve Effective Security>
- Make absolutely sure that only the Administrator knows the Administrator
Password, HDD Lock Password, Management Data Encryption Key, Image Data Encryption Key, auth-Password, and priv-Password.
- The Administrator must change the Administrator Password, HDD Lock
Password, Management Data Encryption Key, Image Data Encryption
Key, auth-Password, and priv-Password at regular intervals.
- The Administrator should make sure that any number that can easily be
guessed from birthdays, employee identification numbers, and the like is
not set for the Administrator Password, HDD Lock Password, Management Data Encryption Key, Image Data Encryption Key, auth-Password,
and priv-Password.
- If a User Password or User Box Password has been changed, the Admin-
istrator should have the corresponding user change the password as
soon as possible.
Security
1-8 750/600
Security
1
- If the Administrator Password has been changed by the Service Engi-
neer, the Administrator should change the Administrator Password as
soon as possible.
- The Administrator should have users ensure that the User Authentication,
Secure Print, and User Box are known only by the user concerned.
- The Administrator should make sure that only the users who share a Pub-
lic User Box know the password set for it.
- The Administrator should have users change the passwords set for the
User Authentication and User Box at regular intervals.
- The Administrator should make sure that any user does not set any num-
ber that can easily be guessed from birthdays, employee identification
numbers, and the like for the passwords set for the User Authentication,
Secure Print, and User Box.
Network Connection Requirements for the Machine
Packets being transmitted over the LAN installed in the office, in which the
machine is installed, should be protected from unauthorized manipulation. If
the LAN is to be connected to an outside network, no unauthorized attempt
to establish connection from the external network should be permitted.
<To Achieve Effective Security>
- If the LAN, in which the machine is installed, is connected to an outside
network, install a firewall or similar network device to block any access to
the machine from the outside network and make the necessary settings.
- Configure the LAN installed in the office, in which the machine is installed,
by using a switching hub and other devices to ensure that the packets are
protected from unauthorized manipulation.
- Provide an appropriate network control at all times to make sure that no
other copying machine is connected without prior notice to the office
LAN to which this machine is connected.
Security Chapter 1
User information control server control requirements
The server administrator is required to apply patches and control accounts
for the user information control server connected to the LAN within the office,
in which this machine is installed, to ensure operation control that achieves
appropriate access control.
Security function operation setting operating requirements
The Administrator should make sure of correct operation control so that the
machine is used with the Enhanced Security mode set to [ON].
750/600 1-9
1
Security Chapter 1
Security
Operation and control of the machine
The Administrator of the machine should perform the following operation
control.
- The Administrator of the machine should log off from the Administrator
Setting mode whenever the operation in the Administrator Setting mode
is completed. The Administrator of the machine should also make sure
that each individual user logs off from the User Authentication mode after
the operation in the User Authentication mode is completed, including
operation of the Secure Document file, User Box, and User Box file.
Machine Maintenance Control
The Administrator of the machine should perform the following maintenance
control activities.
- Provide adequate control over the machine to ensure that only the Ser-
vice Engineer is able to perform physical service operations on the machine.
- Provide adequate control over the machine to ensure that any physical
service operations performed on the machine by the Service Engineer are
overseen by the Administrator of the machine.
1-10 750/600
Security
1.5 Miscellaneous
Password Rules
According to certain Password Rules, registration of a password consisting
of a string of a single character or change of a password to one consisting of
a string of a single character is rejected for the User Password, Administrator
Password, User Box Password, Secure Print Password, HDD Lock Password, Image Data Encryption Key, and Management Data Encryption Key.
For the Administrator Password, HDD Lock Password, Image Data Encryption Key, and Management Data Encryption Key, the same password as that
currently set is not accepted.
Study the following table for more details of the number of digits and characters that can be used for each password.
Types of passwords No. of digits Characters
User Password 8 digits or more • Numeric characters: 0 to 9
Administrator Password 8 digits
User Box Password • Numeric characters: 0 to 9
Secure Print Password
HDD Lock Password 20 digits • Numeric characters: 0 to 9
Image Data Encryption
Key
Management Data Encryption Key
auth-Password 8 digits or more • Numeric characters: 0 to 9
priv-Password
• Alpha characters: upper and lower case letters
• Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <,
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~
Selectable from among a total of 92 characters
• Alpha characters: upper and lower case letters
• Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <,
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, SPACE
Selectable from among a total of 93 characters
• Alpha characters: upper and lower case letters
• Symbols: !, #, $, % , &, ', *, +, -, ., /, =, ?, @, ^,
_, `, {, |, }, ~
Selectable from among a total of 83 characters
• Alpha characters: upper and lower case letters
• Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <,
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, ", +, SPACE
Selectable from among a total of 95 characters
1
Security Chapter 1
Precautions for Use of Various Types of Applications
When PageScope Web Connection or an application of various other types
is used, the password control function of the application stores the password
that has been entered in your PC. If you want the password not stored, disable the password control function of the application.
When using the PageScope Web Connection or an application of various
other types, use one that shows “*” or “●” for the password entered.
750/600 1-11
1
Security Chapter 1
Security
Types of Data Cleared by Overwrite All Data Function
The Overwrite All Data function clears the following types of data.
Types of Data Cleared Description
User registration data Deletes all user-related data that has been registered
Box registration data/file Deletes all User Box-related information and files saved
Secure Print Document ID/Password/
file
Image files • Image files saved other than Secure Print files and
Destination recipient data files Deletes all destination recipient data including e-mail
HDD Lock Password Clears the HDD Lock Password stored in the machine
Image Data Encryption Key Clears the currently set Image Data Encryption Key.
Management Data Encryption Key Clears the currently set Management Data Encryption
Administrator Password Clears the currently set password, resetting it to the
SNMP Password
in User Box
Deletes all Secure Document-related information and
files saved
User Box files
• Image files of jobs in job queue state
addresses and telephone numbers
and HDD.
Key.
factory setting
Executing the Overwrite All Data Function initializes the following user setting
data, in addition to the above security-related settings. Always make sure of
this fact whenever executing Overwrite All Data.
- Administrator Setting: “System Setting,” “Administrator / Machine Set-
ting,” “One-Touch Registration,” “User Authentication / Account Track,”
“Network Setting,” “Copy Setting,” “Printer Setting,” and “Fax Setting”
- User Setting: “Address Book,” “User Setting,” “Copy mode,” “Scan
mode,” “Fax mode,” and “Box mode”
- “JOB History”
Recovery from malicious tampering of software
If the software is tampered with, the machine detects illegal software and
shuts down operation. In such cases, it displays the service call “C-D501” on
its control panel. Operation is typically shut down with network connection
disabled; however, depending on the specific details of the tampering, the
operation is shut down with the connection with PageScope Web Connection being enabled. In such cases, the service call is displayed on PageScope Web Connection. If the service call appears, contact the Service
Engineer. For more details, consult the Service Representative.
1-12 750/600
2
Administrator Operations
Administrator Operations Chapter 2
2
2 Administrator Operations
2.1 Accessing the Administrator Setting Mode
This machine implements authentication of the user of the Administrator Setting mode function through the 8-digit Administrator Password that verifies
the identity as the Administrator of the person who accesses the function.
During the authentication procedure, the Administrator Password entered for
the authentication purpose appears as “*” or “●” on the display.
When the Enhanced Security mode is set to [ON], the number of times in
which authentication fails is counted.
2.1.1 Accessing the Administrator Setting mode
The machine does not accept access to the Administrator Setting mode under any of the following conditions. Wait for some while before attempting to
gain access to the Administrator Setting mode again.
Administrator Operations Chapter 2
- The Administrator Setting mode has been logged on to through access
made from the PC.
- A remote operation is being performed from an application on the PC.
- There is a job being executed by the machine.
- There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.
- Immediately after the main power switch has been turned ON.
- A malfunction code is displayed on the machine.
“One-Touch Registration” is not available on the screen under any of the following conditions:
- User authentication is not performed when User Authentication is turned
ON.
- There is a job being executed by the machine.
- In off-hook condition.
- A program job is being set.
- A warning message or malfunction code is being displayed on the ma-
chine.
- Address Book, Group, or Program is used for the job being set up.
Administrator Operations
2-2 750/600
Administrator Operations
2
Note
Make sure that none of the general users of the machine will know the
Administrator Password.
If the Administrator Password is forgotten, it must be set again by the
Service Engineer. Contact your Service Representative.
Do not leave the machine with the Administrator Setting mode setting
screen left shown on the display. If it is absolutely necessary to leave the
machine, be sure first to log off from the Administrator Setting mode.
While you are logging onto the Administrator Setting mode using PageScope Web Connection, any operations from the machine’s control panel are disabled.
When accessing the Administrator Setting mode from the control panel,
if you have already logged on to the Administrator Setting mode using
PageScope Web Connection, the machine displays a message that tells
not to turn off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Setting
mode once again.
2
Administrator Operations Chapter 2
When accessing the Administrator Setting mode from the control panel,
if [Export to the device] operation is being executed using the PageScope
Data Administrator, the machine displays a message that tells not to turn
off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Setting mode once
again.
750/600 2-3
2
Administrator Operations Chapter 2
Administrator Operations
<From the Control Panel>
1 Press the [Utility/Counter] key.
2 Touch [Administrator Setting].
Is it possible to gain access to the Administrator Setting mode while
?
a job is being executed?
% The machine does not accept access to the Administrator Setting
mode while a job is being executed. Wait until the execution of the
job is completed before attempting to access the Administrator
Setting mode again.
3 Enter the 8-digit Administrator Password from the keyboard and key-
pad.
– Press the [C] key to clear all characters.
– Touch [Delete] to delete the last character entered.
– Touch [Shift] to show the upper case/symbol screen.
– Touch [Cancel] to go back to the screen shown in step 2.
2-4 750/600
Administrator Operations
4 Touch [OK].
What happens if a wrong Administrator Password is entered?
?
% If a wrong Administrator Password is entered, a message appears
saying that there is a mismatch in the Administrator Passwords and
entry of the Administrator Password will be prohibited for five sec.
Wait for some while before entering the correct Administrator Password.
% If the Enhanced Security mode is set to [ON], entry of a wrong pass-
word is counted as unauthorized access. If a wrong Administrator
Password is entered a predetermined number of times (once to
three times) set by the Administrator of the machine or more, a
message appears saying that the machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set
into an access lock state. To cancel the access lock state, turn off,
and then turn on, the main power switch of the machine. When the
main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the
machine may not function properly.
Here is the sequence, through which the main power switch and
sub power switch are turned on and off:
Turn off the sub power switch → Turn off the main power switch →
Turn on the main power switch → Turn on the sub power switch
2
Administrator Operations Chapter 2
5 Press the [Utility/Counter] key to log off from the Administrator Setting
mode.
750/600 2-5
2
Administrator Operations Chapter 2
Administrator Operations
<From PageScope Web Connection>
1 Start the Web browser.
2 Enter the IP address of the machine in the address bar.
3 Press the [Enter] key to start PageScope Web Connection.
4 Click the Administrator radio button and [Login].
5 Enter the 8-digit Administrator Password in the “Administrator Pass-
word” box.
What is the Administrator Password used for accessing the Admin-
?
istrator Setting mode via the PageScope Web Connection?
% When accessing the Administrator Setting mode using the Page-
Scope Web Connection, enter the same Administrator Password as
that for the machine.
6 Click the [OK].
What happens if a wrong Administrator Password is entered?
?
% If a wrong Administrator Password has been entered, the machine
gives a message that tells that authentication has not been suc-
2-6 750/600
Administrator Operations
cessful. In this case, click [OK] and enter the correct Administrator
Password in the “Administrator Password” box.
% If the Enhanced Security mode is set to [ON], entry of a wrong pass-
word is counted as unauthorized access. If a wrong Administrator
Password is entered a predetermined number of times (once to
three times) set by the Administrator of the machine or more, a
message appears saying that the machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set
into an access lock state. To cancel the access lock state, turn off,
and then turn on, the main power switch of the machine. When the
main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the
machine may not function properly.
Here is the sequence, through which the main power switch and
sub power switch are turned on and off:
Turn off the sub power switch → Turn off the main power switch →
Turn on the main power switch → Turn on the sub power switch
What if you fail to log on to the Administrator Setting mode?
?
% If you have already logged on to the Administrator Setting mode
from the control panel or using PageScope Web Connection, the
machine displays a message that tells that another administrator
has previously logged on and rejects any attempt to log on to the
Administrator Setting mode using the PageScope Web Connection. Click [OK] and wait for some while before attempting to access
the Administrator Setting mode once again.
% If [Export to the device] operation is being executed using the Pag-
eScope Data Administrator, the machine displays a message that
tells you cannot log on to the mode because of the remote operation being performed and rejects any attempts to the Administrator
Setting mode via the PageScope Web Connection. Click [OK] and
wait for some while before attempting to access the Administrator
Setting mode once again.
Is it possible to gain access to the Administrator Setting mode while
?
a job is being executed?
% If an attempt is made to log on to the Administrator Setting mode
while a job is being executed, the machine gives a message that
tells that it is now impossible to log on to the Administrator Setting
mode. Click [OK] and try logging on to the Administrator Setting
mode after the execution of the job is completed.
2
Administrator Operations Chapter 2
7 Click the [Logout].
750/600 2-7
2
Administrator Operations Chapter 2
Administrator Operations
8 Click the [OK].
This allows you to log off from the Administrator Setting mode.
2
Note
If you have logged on to the Administrator Setting mode using the PageScope Web Connection and if you close the web browser without clicking [Logout], the touch panel of the machine remains locked for 70 sec.
2-8 750/600
Administrator Operations
2.2 Enhancing the Security Function
When access to the Administrator Setting mode by the Administrator of the
machine via the control panel is authenticated, the machine enables setting
of the Enhanced Security mode that allows settings for enhancing each of
different security functions to be converted all at once.
In the Enhanced Security mode, the machine allows selection of whether to
use the Enhanced Security mode or not. If the Enhanced Security mode is
set to [ON], a count is taken of the number of unauthorized accesses to the
Administrator Setting mode, User Authentication, SNMP authentication, all
Secure Prints, and all User Boxes. A function is also set that determines
whether each password meets predetermined requirements. The security
function is thus enhanced in the Enhanced Security mode.
The following settings must first be made before the Enhanced Security
mode is set to [ON].
2
Note
First, set the Management Data Encryption Key.
If initialization is executed by the Service Engineer, set the Administrator
Password and turn [ON] the Administrator Setting mode again.
2
Administrator Operations Chapter 2
Settings to be Made in
Advance
Administrator Password An 8-digit password that meets the Password Rules.
User Authentication Set to either [ON (MFP)] or [ON (External Server)] (Active Directory).
HDD Lock Password Set the 20-digit HDD Lock Password.
Management Data Encryption Key
Certificate for SSL Register the self-signed certificate for SSL communications.
Management Function
Choice
CE Password
CE Authentication
CS Remote Care
HDD
Description
The factory setting is “12345678.”
Set the 20-digit Management Data Encryption Key.
Calls for setting made by the Service Engineer. For details, ask
your Service Representative.
750/600 2-9
2
Administrator Operations Chapter 2
Administrator Operations
Setting the Enhanced Security mode to [ON] changes the setting values of
the following functions.
Function Name Factory Setting When Enhanced Security mode is set to [ON]
Password Rules OFF ON (not to be changed)
Prohibit Function When
Auth. Error
Public User Access Allow Restrict (not to be changed)
User Name List ON OFF (not to be changed)
Registering and Changing Addresses
Print Without Authentication
User Box Admin. Setting Allow Restrict (not to be changed)
Temporary Data Overwrite Setting
SSL OFF ON (not to be changed)
FTP Server ON OFF (not to be changed)
SNMPv1/v2c Read/Write en-
SNMP v3 Security Level
and auth/priv-password
Print Data Capture Allow Restrict (not to be changed)
Network Setting Clear Enabled Restrict
Incorrect User Box No.
Entry
Mode 1 Mode 2 (not to be changed)
Allow Restrict (not to be changed)
Restrict Restrict (not to be changed)
OFF Mode 1 (Mode can be changed, but the function
abled
auth/priv-password
Print Show Error Message (Print can be changed, but
Three times is set.
* In association with Secure Document Access
Method, the method is changed from authentication using Secure Document ID and password (Mode 1) to that using the password with
the secure document first narrowed down by
Secure Document ID (Mode 2).
cannot be changed to OFF)
Only Read is enabled (not to be changed)
The security level can be selected from among
[auth-password] and [auth/priv-password].
An 8-digit-or-more auth-password and privpassword can both be set.
the function cannot be changed to Auto Create
User Box)
2
Reminder
When Password Rules is set to [ON], the characters and the number of
digits used for each password are restricted. For details of Password
Rules, see “Password Rules” on page 1-11.
2-10 750/600
Administrator Operations
2.2.1 Items cleared by HDD Format
Following are the items that are cleared by HDD Format.
Whenever HDD Format is executed, be sure to set the Enhanced Security
mode to [ON] again.
Type s o f D ata Cl ea red Description
Enhanced Security Mode Set to [OFF]
User Authentication Set to [OFF]
Public User Access Set to [Allow]
User Name List Set to [ON]
Print Without Authentication Set to [Allow]
User Box Admin. Setting Set to [Allow]
User registration data Deletes all user-related data that has been registered
Box registration data/file Deletes all User Box-related information and files saved in User
Secure Print Document ID/
Password/file
Image files • Image files saved other than Secure Print files and User Box
Destination recipient data
files
Box
Deletes all Secure Document-related information and files saved
files
• Image files of jobs in job queue state
Deletes all destination recipient data including e-mail addresses
and telephone numbers
2
Administrator Operations Chapter 2
2.2.2 Setting the Enhanced Security mode
2
Note
When the main power switch is turned off, then on again, wait at least 10
seconds to turn it on after turning it off. if there is no wait period between
turning the main power switch off, then on again, the machine may not
function properly.
Here is the sequence, through which the main power switch and sub
power switch are turned on and off:
→
Turn off the sub power switch
on the main power switch
Do not leave the machine with the Administrator Setting mode setting
screen left shown on the display. If it is absolutely necessary to leave the
machine, be sure first to log off from the Administrator Setting mode.
750/600 2-11
Turn off the main power switch → Turn
→
Turn on the sub power switch
Loading...