Ricoh AFICIO 3035, AFICIO 3045 User Manual

Getting Started
1
Operating Instructions
Security Reference
Preventing Information Leaks
2
Preventing Unauthorized Use of Functions and Settings
3
Enhanced Network Security
4
5
Specifying the Administrator/Security Functions
6
Troubleshooting
7
Appendix
8
Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the
Safety Information in the "General Settings Guide" before using the machine.
Introduction
This manual contains detailed instructions and notes on the operation and use of this machine. For your safety and benefit, read this manual carefully before using the machine. Keep this manual in a handy place for quick reference.
Do not copy or print any item for which reproduction is prohibited by law.
Copying or printing the following items is generally prohibited by local law:
bank notes, revenue stamps, bonds, stock certificates, bank drafts, checks, passports, driver's licens­es.
The preceding list is meant as a guide only and is not inclusive. We assume no responsibility for its completeness or accuracy. If you have any questions concerning the legality of copying or printing cer­tain items, consult with your legal advisor.
Important
Contents of this manual are subject to change without prior notice. In no event will the company be li­able for direct, indirect, special, incidental, or consequential damages as a result of handling or oper­ating the machine.
Trademarks
Microsoft
®
, Windows® and Windows NT® are registered trademarks of Microsoft Corporation in the
United States and/or other countries.
AppleTalk, EtherTalk, are registered trademarks of Apple Computer, Inc.
Rendezvous is a trademark of Apple Computer Inc.
®
PostScript
and Acrobat® are registered trademarks of Adobe Systems, Incorporated.
PCL is a registered trademark of Hewlett-Packard Company.
NetWare is a registered trademarks of Novell, Inc.
Bluetooth is a Trademark of the Bluetooth SIG, Inc. (Special Interest Group) and licensed to Ricoh Company Limited.
Other product names used herein are for identification purposes only and might be trademarks of their respective companies. We disclaim any and all rights to those marks.
The proper names of the Windows operating systems are as follows:
®
The product name of Windows
The product name of Windows
The product name of Windows
The product names of Windows Microsoft Microsoft Microsoft
®
Windows® 2000 Advanced Server
®
Windows® 2000 Server
®
Windows® 2000 Professional
The product names of Windows Microsoft Microsoft
®
Windows® XP Professional
®
Windows® XP Home Edition
95 is Microsoft® Windows 95.
®
98 is Microsoft® Windows 98.
®
Me is Microsoft® Windows Millennium Edition (Windows Me).
®
2000 are as follows:
®
XP are as follows:
The product names of Windows Server™ 2003 are as follows:
®
Microsoft Microsoft Microsoft
The product names of Windows NT Microsoft Microsoft
Windows ServerTM 2003 Standard Edition
®
Windows ServerTM 2003 Enterprise Edition
®
Windows ServerTM 2003 Web Edition
®
®
Windows NT® Server 4.0
®
Windows NT® Workstation 4.0
4.0 are as follows:
Notes
Some illustrations in this manual might be slightly different from the machine.
Certain options might not be available in some countries. For details, please contact your local dealer.
Manuals for This Machine
The following manuals describe the operational procedures of this machine. For particular functions, see the relevant parts of the manual.
Note
Manuals provided are specific to machine type.
Adobe Acrobat Reader / Adobe Reader is necessary to view the manuals as
a PDF file.
Two CD-ROMs are provided:
• CD-ROM 1 “Operating Instructions”
• CD-ROM 2 “Scanner Driver and Document Management Utility”
General Settings Guide
Provides an overview of the machine and describes System Settings (such as Tray Paper Settings), Document Server functions, and troubleshooting. Refer to this manual for Address Book procedures such as registering fax numbers, e-mail addresses, and user codes.
Security Reference (this manual)
This manual is for administrators of this machine. It describes security func­tions that the administrators can use to protect data from being tampered, or prevent the machine from unauthorized use. Also refer to this manual for the procedures for registering administrators, as well as setting user and admin­istrator authentication.
Network Guide (PDF file - CD-ROM1)
Provides information about configuring and operating the printer in a net­work environment or using software. This manual covers all models, and therefore contains functions and settings that may not be available for your model. Images, illustrations, functions, and supported operating systems may differ from those of your model.
Copy Reference
Describes operations, functions, and troubleshooting for the machine's copier function.
Facsimile Reference <Basic Features>
Describes operations, functions, and troubleshooting for the machine's fac­simile function.
Facsimile Reference <Advanced Features>
Describes advanced facsimile functions such as line settings and procedures for registering IDs.
Printer Reference
Describes system settings, operations, functions, and troubleshooting for the machine's printer function.
i
Scanner Reference (PDF file - CD-ROM1)
Describes operations, functions, and troubleshooting for the machine's scan­ner function.
Manuals for DeskTopBinder Lite
DeskTopBinder Lite is a utility included on the CD-ROM labeled “Scanner Driver and Document Management Utility”.
• DeskTopBinder Lite Setup Guide (PDF file - CD-ROM2)
Describes installation of, and the operating environment for DeskTop­Binder Lite in detail. This guide can be displayed from the [Setup] display when DeskTopBinder Lite is installed.
• DeskTopBinder Lite Introduction Guide (PDF file - CD-ROM2)
Describes operations of DeskTopBinder Lite and provides an overview of its functions. This guide is added to the [Start] menu when DeskTopBinder Lite is installed.
• Auto Document Link Guide (PDF file - CD-ROM2)
Describes operations and functions of Auto Document Link installed with DeskTopBinder Lite. This guide is added to the [Start] menu when Desk- TopBinder Lite is installed.
Other manuals
• PostScript3 Supplement (PDF file-CD-ROM1)
• UNIX Supplement (available from an authorized dealer, or as a PDF file on
our Web site)
ii
TABLE OF CONTENTS
Manuals for This Machine ......................................................................................i
How to Read This Manual ..................................................................................... 1
1. Getting Started
Enhanced Security................................................................................................. 3
Glossary .....................................................................................................................4
Setting Up the Machine.............................................................................................. 5
Security Measures Provided by this Machine..................................................... 6
Preventing Information Leaks ....................................................................................6
Preventing Unauthorized Operation........................................................................... 7
Enhanced Network Security.......................................................................................8
2. Preventing Information Leaks
Guarding Against Unauthorized Copying ...........................................................9
Unauthorized Copy Prevention ................................................................................10
Data Security for Copying ........................................................................................ 11
Printing Limitations................................................................................................... 12
Notice .......................................................................................................................13
Printing with Unauthorized Copy Prevention and Data Security for Copying...........13
Printing a Confidential Document ...................................................................... 16
Choosing a Locked Print file .................................................................................... 16
Printing a Locked Print File ...................................................................................... 17
Deleting Locked Print Files ......................................................................................18
Deleting Passwords of Locked Print Files................................................................18
Unlocking Locked Print Files.................................................................................... 19
Specifying Access Permission for Stored Files ...............................................20
Assigning Users and Access Permission for Stored Files ....................................... 21
Assigning the User and the Access Permission for the User’s Stored Files............22
Specifying Passwords for the Stored Files............................................................... 25
Unlocking Files .........................................................................................................26
Preventing Data Leaks Due to Unauthorized Transmission............................27
Restrictions on Destinations.....................................................................................27
Protecting the Address Book ............................................................................. 29
Address Book Access Permission ...........................................................................29
Encrypting the Data in the Address Book ................................................................ 31
Log Information and Deleting Data on the Hard Disk....................................... 33
Specifying Delete All Logs .......................................................................................34
Transfer Log Setting.................................................................................................34
Overwriting the Data on the Hard Disk.....................................................................35
“Auto Erase Memory Setting”...................................................................................36
“Erase All Memory” .................................................................................................. 39
3. Preventing Unauthorized Use of Functions and Settings
Preventing Modification of Machine Settings ................................................... 41
Limiting Available Functions .............................................................................. 42
Specifying Which Functions are Available ...............................................................42
iii
4. Enhanced Network Security
Preventing Unauthorized Access.......................................................................45
Enabling/Disabling Protocols ................................................................................... 45
Access Control ......................................................................................................... 46
Specifying Network Security Level...........................................................................47
Encrypting Transmitted Passwords................................................................... 50
Driver Encryption Key ..............................................................................................50
Group Password for PDF files..................................................................................52
IPP Authentication Password...................................................................................53
Protection Using Encryption .............................................................................. 54
SSL (Secure Sockets Layer) Encryption.................................................................. 55
User Settings for SSL (Secure Sockets Layer) ........................................................ 58
Setting the SSL / TLS Encryption Mode...................................................................59
SNMPv3 Encryption ................................................................................................. 61
5. Management Based on Authentication and Access Control
The Management Function ................................................................................. 63
About User Authentication .......................................................................................64
About Administrator Authentication .......................................................................... 65
Administrators and Users ................................................................................... 66
Administrator ............................................................................................................66
User..........................................................................................................................67
Enabling Authentication...................................................................................... 68
Administrator Authentication ....................................................................................68
User Authentication.................................................................................................. 69
Authentication Information Stored in the Address Book.................................88
Specifying Login User Name and Login Password ..................................................88
Specifying Authentication Information to Log on......................................................89
If User Authentication Has Been Specified ....................................................... 91
User Code Authentication (Using the Control Panel)...............................................91
User Code Authentication (Using a Printer Driver) ..................................................91
Login (Using the Control Panel)...............................................................................92
Log Off (Using the Control Panel)............................................................................92
Login (Using a Printer Driver)...................................................................................93
Login (Using Web Image Monitor) ...........................................................................93
Log Off (Using Web Image Monitor) ........................................................................93
Auto Logout..............................................................................................................93
Menu Protect ........................................................................................................95
Menu Protect............................................................................................................95
iv
6. Specifying the Administrator/Security Functions
The Roles of Administrators............................................................................... 99
Administrator Authentication ........................................................................... 101
Administrator Authentication ..................................................................................102
Registering the Administrator.................................................................................104
Logging on Using Administrator Authentication .....................................................106
Logging off Using Administrator Authentication .....................................................107
Changing the Administrator....................................................................................107
Specifying the Extended Security Functions.................................................. 109
Changing the Extended Security Functions...........................................................109
Settings ..................................................................................................................110
Other Security Functions ..................................................................................114
Fax Function .......................................................................................................... 114
Limiting Machine Operation to Customers Only ............................................ 115
Settings ..................................................................................................................115
7. Troubleshooting
Authentication Does Not Work Properly ......................................................... 117
A Message Appears...............................................................................................117
Machine Cannot Be Operated................................................................................119
8. Appendix
Operations by the Supervisor........................................................................... 121
Logging on as the Supervisor ................................................................................122
Logging off as the Supervisor ................................................................................122
Changing the Supervisor........................................................................................123
Resetting an Administrator’s Password ................................................................. 124
Machine Administrator Settings ....................................................................... 125
System Settings ..................................................................................................... 125
Copier / Document Server Features ...................................................................... 127
Facsimile Features................................................................................................. 127
Printer Features .....................................................................................................128
Scanner Features...................................................................................................129
Settings via Web Image Monitor ............................................................................ 130
Settings via SmartDeviceMonitor for Admin...........................................................132
Network Administrator Settings ....................................................................... 133
System Settings ..................................................................................................... 133
Facsimile Features................................................................................................. 134
Scanner Features...................................................................................................134
Settings via Web Image Monitor ............................................................................ 134
Settings via SmartDeviceMonitor for Admin...........................................................136
File Administrator Settings ............................................................................... 137
System Settings ..................................................................................................... 137
Facsimile Features................................................................................................. 137
Settings via Web Image Monitor ............................................................................ 137
User Administrator Settings ............................................................................. 139
System Settings ..................................................................................................... 139
Settings via Web Image Monitor ............................................................................ 140
Settings via SmartDeviceMonitor for Admin...........................................................140
v
Document Server File Permissions..................................................................141
The Privilege for User Account Settings in the Address Book .....................142
User Settings......................................................................................................145
Copier / Document Server Features ...................................................................... 145
Printer Functions ....................................................................................................148
Scanner Features...................................................................................................150
Facsimile Features................................................................................................. 151
System Settings ..................................................................................................... 153
Web Image Monitor Setting.................................................................................... 159
Functions That Require Options ......................................................................173
INDEX....................................................................................................... 174
vi
How to Read This Manual
R
R
Symbols
The following set of symbols is used in this manual.
WARNING:
This symbol indicates a potentially hazardous situation that might result in death or serious injury when you misuse the machine without following the in­structions under this symbol. Be sure to read the instructions, all of which are de­scribed in the Safety Information section.
CAUTION:
This symbol indicates a potentially hazardous situation that might result in mi­nor or moderate injury or property damage that does not involve personal injury when you misuse the machine without following the instructions under this symbol. Be sure to read the instructions, all of which are described in the Safety Information section.
* The statements above are notes for your safety.
Important
If this instruction is not followed, paper might be misfed, originals might be damaged, or data might be lost. Be sure to read this.
Preparation
This symbol indicates information or preparations required prior to operating.
Note
This symbol indicates precautions for operation, or actions to take after abnor­mal operation.
Limitation
This symbol indicates numerical limits, functions that cannot be used together, or conditions in which a particular function cannot be used.
Reference
This symbol indicates a reference.
[]
Keys that appear on the machine's display panel.
[]
Keys and buttons that appear on the computer's display.
{}
Keys built into the machine's control panel.
{}
Keys on the computer's keyboard.
1
2
1. Getting Started
Enhanced Security
This machine's security function can be enhanced through the management of the machine and its users using the improved authentication functions.
By specifying access limits on the machine’s functions and the documents and data stored in the machine, you can prevent information leaks and unauthorized access.
Data encryption can prevent unauthorized data access and tampering via the network.
Authentication and Access Limits
Using authentication, administrators manage the machine and its users. To enable authentication, information about both administrators and users must be registered in order to authenticate users via their login user names and passwords. Four types of administrator manage specific areas of machine usage, such as settings and user registration. Access limits for each user are specified by the administrator responsible for user access to machine functions and documents and data stored in the ma­chine.
Reference
For details, see p.99 “The Roles of Administrators”.
Encryption Technology
This machine can establish secure communication paths by encrypting trans­mitted data and passwords.
3
1
Getting Started
Glossary
Administrator
Administrators manage a specific area of machine usage, such as settings or user registration. There are four types of administrator: user administrator, network adminis­trator, machine administrator, and file administrator. One person can act as more than one type of administrator. Basically, administrators make machine settings and manage the machine; they cannot perform normal operations, such as copying and printing.
User
A user performs normal operations on the machine, such as copying and printing.
File Creator (Owner)
This is a user who can store files in the machine and authorize other users to view, edit, or delete those files.
Registered User
This is a user whose personal information is registered in the address book. The registered user is the user who knows the login user name and password.
Administrator Authentication
Administrators are authenticated by means of the login user name and login password supplied by the administrator when specifying the machine’s set­tings or accessing the machine over the network.
User Authentication
Users are authenticated by means of the login user name and login password supplied by the user when specifying the machine’s settings or accessing the machine over the network.
Login
This action is required for administrator authentication and user authentica­tion. Enter your login user name and login password on the machine’s control panel. A login user name and login password may also be supplied when accessing the machine over the network or using such utilities as Web Image Monitor and SmartDeviceMonitor for Admin.
Logout
This action is required with administrator and user authentication. This ac­tion is required when you have finished using the machine or changing the settings.
4
Enhanced Security
Setting Up the Machine
If you want higher security, make the following setting before using the ma­chine:
A Turn the machine on. B Press the {User Tools/Counter} key. C Press {System Settings}. D Press {Interface Settings}. E Specify IP Address. F Connect the machine to the network. G Start the Web Image Monitor, and then log on to the machine as the admin-
istrator.
1
H Install the server certificate. I Enable secure sockets layer (SSL). J Enter the administrator’s user name and password. K During steps
password: blank) in unencrypted form will be vulnerable to network inter­ception, and this account may be used for breaking into the machine over the network.
If you consider this risky, we recommend that you specify a temporary ad­ministrator password between steps
to I, the administrator’s default account (user name: admin,
F
and F.
A
5
1
Getting Started
Security Measures Provided by this Machine
Preventing Information Leaks
Printing confidential files
Using the printer’s Locked Print, you can store files in the machine as confi­dential files and then print them. You can print a file using the machine’s con­trol panel and collect it on the spot to prevent others from seeing it.
Reference
For details, see p.16 “Printing a Confidential Document”.
Protecting Stored Files from Unauthorized Access
You can specify who is allowed to use and access scanned files and the files in Document Server. You can prevent activities such as the printing of stored files by unauthorized users.
Reference
For details, see p.20 “Specifying Access Permission for Stored Files”.
Protecting Stored Files from Theft
You can specify who is allowed to use and access scanned files and the files in Document Server. You can prevent such activities as the sending and downloading of stored files by unauthorized users.
Reference
For details, see p.20 “Specifying Access Permission for Stored Files”.
Preventing Data Leaks Due to Unauthorized Transmission
You can specify in the address book which users are allowed to send files us­ing the scanner or fax function. You can also limit the direct entry of destinations to prevent files from being sent to destinations not registered in the address book.
Reference
For details, see p.27 “Preventing Data Leaks Due to Unauthorized Trans­mission”.
Protecting Registered Information in the Address Book
You can specify who is allowed to access the data in the address book. You can prevent the data in the address book being used by unregistered users. To protect the data from unauthorized reading, you can also encrypt the data in the address book.
Reference
For details, see p.29 “Protecting the Address Book”.
6
Security Measures Provided by this Machine
Managing Log Files
You can improve data security by deleting log files stored in the machine. By transferring the log files, you can check the history data and identify unau­thorized access.
Reference
For details, see p.33 “Log Information and Deleting Data on the Hard Disk”.
Overwriting the Data on the Hard Disk
Before disposing of the machine, make sure all data on the hard disk is delet­ed. Prevent data leakage by automatically deleting transmitted printer jobs from memory.
Reference
For details, see p.35 “Overwriting the Data on the Hard Disk”.
Preventing Unauthorized Operation
Preventing Modification or Deletion of Stored Data
You can specify who is allowed to access stored scan files and files stored in Document Server. You can permit selected users who are allowed to access stored files to modify or delete the files.
1
Reference
For details, see p.20 “Specifying Access Permission for Stored Files”.
Preventing Modification of Machine Settings
The machine settings that can be modified depend on the type of administra­tor account. Register the administrators so that users cannot change the administrator set­tings.
Reference
For details, see p.41 “Preventing Modification of Machine Settings”.
Limiting Available Functions
To prevent unauthorized operation, you can specify who is allowed to access each of the machine’s functions.
Reference
For details, see p.42 “Limiting Available Functions”.
7
1
Getting Started
Enhanced Network Security
Preventing Unauthorized Access
You can limit IP addresses or disable ports to prevent unauthorized access over the network and protect the address book, stored files, and default set­tings.
Reference
For details, see p.45 “Preventing Unauthorized Access”.
Encrypting Transmitted Passwords
Prevent login passwords, group passwords for PDF files, and IPP authentica­tion passwords being revealed by encrypting them for transmission. Also, encrypt the login password for administrator authentication and user authentication.
Reference
For details, see p.50 “Encrypting Transmitted Passwords”.
Safer Communication Using SSL
When you access the machine using a Web Image Monitor or IPP, you can es­tablish encrypted communication using SSL. When you access the machine using an application such as SmartDeviceMonitor for Admin, you can estab­lish encrypted communication using SNMPv3 or SSL. To protect data from interception, analysis, and tampering, you can install a server certificate in the machine, negotiate a secure connection, and encrypt transmitted data.
Reference
For details, see p.54 “Protection Using Encryption”.
8
2. Preventing Information Leaks
Guarding Against Unauthorized Copying
Using the printer driver, you can embed a pattern in the printed copy to discour­age or prevent unauthorized copying.
If you enable data security for copying on the machine, printed copies of a doc­ument with data security for copying are grayed out to prevent unauthorized copying.
Make the setting as follows:
Unauthorized Copy Prevention
A Using the printer driver, specify the printer settings for unauthorized copy
prevention. See p.13 “Specifying Printer Settings for Unauthorized Copy Prevention (Printer Driver Setting)”.
Data Security for Copying
A Using the printer driver, specify the printer settings for data security for
copying. See p.14 “Specifying Printer Settings for Data security for copying (Printer Driver Setting)”.
B Specifying data security for copying on the machine. Printed copies of a
document with data security for copying are grayed out. See p.15 “Specifying Data Security for Copying (Machine Setting)”.
9
2
Preventing Information Leaks
Unauthorized Copy Prevention
Using the printer driver, you can embed mask and pattern (for instance, a warn­ing such as "No Copying") in the printed document.
If the document is copied, scanned, or stored in a Document Server by a copier or multifunction printer, the embedded pattern appears clearly on the copy, dis­couraging unauthorized copying.
AKB001S
1. Printed Documents
Using the printer driver, you can embed background images and pattern in a printed document for Unauthorized Copy Prevention.
Important
Unauthorized copy prevention discourages unauthorized copying, and will
not necessarily stop information leaks.
The embedded pattern is not assured to be copied, scanned, or stored prop-
erly in the Document Server.
Limitation
Depending on the machine and scanner settings, the embedded pattern may
not be copied ,scanned, or stored in the Document Server.
Note
To make the embedded pattern clear, set the character size to at least 50 pt
(preferably 70 to 80 pt) and character angle to between 30 and 40 degrees.
2. The document is copied, scanned,
or stored in the Document Server.
3. Printed Copies
Embedded pattern (for instance, a warn­ing such as “No Copying”) in a printed document appears conspicuously in printed copies.
10
Reference
To use the printer function under the User Authentication, you must enter the login user name and password for the printer driver.
For details see the printer driver Help.
Guarding Against Unauthorized Copying
Data Security for Copying
Using the printer driver to enable data security for the copying function, you can print a document with an embedded pattern of hidden text. Such a document is called a data security for copying document.
If a data security for copying document is copied or stored in the Document Server using a copier or multi-function printer with the Copy Data Security Unit, protect­ed pages are grayed out in the copy, preventing confidential information being copied. Also if a document with embedded pattern is detected, the machine beeps.
2
AKB002S
1. Documents with data security for
copying
2. The document is copied or stored
in the Document Server.
Limitation
To gray out copies of data security for copying documents when they are cop-
ied or stored in the Document Server, the optional Copy Data Security Unit must be installed in the machine.
If the Copy Data Security Unit is installed in the machine, you cannot use the
scanner and fax functions.
If the Copy Data Security Unit is installed, you cannot specify a scaling factor
less than 50% using the Control Panel under the Copier and Document Server functions.
If a document with embedded pattern for data security for copying is copied, or stored in the Document Server by a copier or multi-function printer without Copy Data Security Unit, the embedded pattern appears conspicuously in the copy. However, how conspicuously the text appears depends on the model of the copier or multi-function printer being used and its scanning setting.
3. Printed Copies
Text and images in the document are grayed out in printed copies.
11
2
Preventing Information Leaks
Note
You can also embed pattern in a document protected by data security for cop-
ying. However, if such a document is copied or stored in the Document Serv­er using a copier or multi-function printer with the Copy Data Security Unit, the copy is grayed out, so the embedded pattern does not appear on the copy.
If misdetection occurs, contact your service representative.
If a document with embedded pattern for data security for copying is copied,
scanned, or stored in the Document Server using a copier or multi-function printer without the Copy Data Security Unit, the embedded pattern appears clearly on the copy.
If a data security for copying document is detected, the machine beeps.
If the scanned data security for copying document is registered as a user
stamp, the machine does not beep, the file registered as a user stamp is grayed out, and no entry is added to the unauthorized copying log.
Printing Limitations
The following is a list of limitations on printing with unauthorized copy preven­tion and data security for copying.
Unauthorized copy prevention / Data security for copying
Limitation
You can print using the only RPCS printer driver.
You cannot print at 200 dpi resolution.
You cannot partially embed pattern in the printed document.
You can only embed pattern that is entered in the [Text] box of the printer
driver.
Printing with embedding takes longer than normal printing.
Data security for copying Only
Limitation
Select 182 u 257 mm / 7.2 u 10.1 inches or larger as the paper size.
Select Plain or Recycled with a brightness of 70% or more as the paper type.
12
If you select Duplex, the data security for copying function may not work
properly due to printing on the back of sheets.
Guarding Against Unauthorized Copying
Notice
1.The supplier does not guarantee that unauthorized copy prevention and data security for copying will always work. Depending on the paper, the model of copier or multi-function printer, and the copier or printer settings, unauthorized copy prevention and data security for copying may not work properly.
2.The supplier is not liable for any damage caused by using or not being able to use unauthorized copy prevention and data security for copying.
Printing with Unauthorized Copy Prevention and Data Security for Copying
Specifying Printer Settings for Unauthorized Copy Prevention (Printer Driver Setting)
Using the printer driver, specify the printer settings for unauthorized copy pre­vention.
2
Reference
To use the printer function under the User Authentication, you must enter the login user name and password for the printer driver.
For details see the printer driver Help.
For details about specifying data security for copying using the printer driver, see the printer driver Help.
A Open the printer driver dialog box. B On the [Edit] tab, select the [Unauthorized copy...] check box. C Click [Control Settings...]. D In the [Text] box in the [Unauthorized copy prevention: Pattern] group, enter the
text to be embedded in the printed document.
Also, specify [Font], [Font style:], and [Size].
E Click [OK].
Reference
For details, see the printer driver Help.
13
2
Preventing Information Leaks
Specifying Printer Settings for Data security for copying (Printer Driver Setting)
If a document printed using this function is copied or stored in the Document Server by a copier or multi-function printer, the copy is grayed out.
Using the printer driver, specify the printer settings for data security for copy­ing.
For details about data security for copying, see p.11 “Data Security for Copy­ing”.
Reference
To use the printer function under the User Authentication, you must enter the login user name and password for the printer driver.
For details see the printer driver Help.
For details about specifying data security for copying using the printer driver, see the printer driver Help.
A Open the printer driver dialog box. B On the [Edit] tab, select the [Unauthorized copy...] check box. C Click [Control Settings...]. D In the [Unauthorized copy prevention: Pattern] group, check the [Data security for
copying].
E Click [OK].
Reference
For details, see the printer driver Help.
14
Guarding Against Unauthorized Copying
Specifying Data Security for Copying (Machine Setting)
This can be specified by the machine administrator.
To use this function, the Copy Data Security Unit must be installed.
If a document printed is copied or stored in the Document Server, the copy is grayed out.
For details about data security for copying, see p.11 “Data Security for Copy­ing”.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter}key. B Press [System Settings].
C Press [Administrator Tools].
2
D Press [Data security for copying].
If the setting you want to specify does not appear, press [TNext] to scroll
down to other settings.
E Press[On].
If you do not want to specify [Data security for copying], select [Off].
F Press[OK]. G Press [Exit]. H Press the {User Tools/Counter} key.
15
2
Preventing Information Leaks
Printing a Confidential Document
Depending on the location of the machine, it is difficult to prevent unauthorized persons from viewing prints lying in the machine’s output trays. When printing confidential documents, use the Locked Print function.
Locked Print
Using the printer’s Locked Print function, store files in the machine as Locked Print files and then print them from the control panel and retrieve them im­mediately, preventing others from viewing them.
Note
To store files temporarily, select [Stored Print] under the printer function. If
you select [Share stored print files], also, you can share these files.
Choosing a Locked Print file
Using the printer driver, specify a Locked Print file.
Reference
If user authentication has been enabled, you must enter the login user name and login password using the printer driver. For details see the printer driver Help.
You can perform Locked Print even if user authentication is not enabled. For details see Printer Reference.
A Open the printer driver dialog box. B Set [Job type:] to [Locked Print]. C Click [Details...]. D Enter the user ID and password.
Note
The password entered here let you use the Locked Print function.
To print a Locked Print file, enter the same password on the control panel.
Limitation
Enter the user ID using up to 8 alphanumeric characters.
16
Enter the password using 4 to 8 numbers.
E Click [OK].
A confirmation message appears.
F Confirm the password by re-entering it. G Click [OK].
H Perform Locked Print.
Reference
For details, see the printer driver Help.
Printing a Locked Print File
Printing a Confidential Document
To print a Locked Print file, face the machine and print the file using the control panel.
To print Locked Print files, the password is required. If you do not enter the cor­rect password, you cannot print the files.
This can also be specified via Web Image Monitor.
For details see the Web Image Monitor Help.
Preparation
For details about logging on and logging off with user authentication, see p.92 “Login (Using the Control Panel)”, p.92 “Log Off (Using the Control Panel)”.
A Press the {Printer} key. B Press [Print Jobs].
2
C Press [Locked Print Job List].
Only Locked Print files belonging to the user who has logged on appear.
D Select the Locked Print file to print. E Press [Print]. F Enter the password for the stored file, and then press [OK].
Note
Enter the password specified in step D on p.16 “Choosing a Locked Print
file”.
G Press [Yes].
17
Preventing Information Leaks
Deleting Locked Print Files
This can be specified by the file creator (owner).
To delete Locked Print files, you must enter the password for the files. If the password has been forgotten, ask the file administrator to delete the password.
This can also be specified via Web Image Monitor.
2
For details see the Web Image Monitor Help.
Note
Locked Print files can also be deleted by the file administrator.
A Press the {Printer} key. B Press [Print Jobs]. C Press [Locked Print Job List]. D Select the file. E Press [Delete].
F Enter the password of the Locked Print file, and then press [OK].
18
G Press [Yes].
Deleting Passwords of Locked Print Files
If the file creator (owner) forgets the password for deleting Locked Print files, the file administrator must delete the password.
If the password is deleted, the files can be deleted but not printed.
This can also be specified via Web Image Monitor.
For details see the Web Image Monitor Help.
Note
If you delete a password, and then turn the machine off and then back on, the
deleted password is restored.
A Press the {Printer}key. B Press [Print Jobs]. C Press [Locked Print Job List].
Printing a Confidential Document
D Select the file. E Press [Delete Password].
F Press [Yes].
Unlocking Locked Print Files
If you specify “Enhance File Protection”, the file will be locked and become in­accessible if an invalid password is entered ten times. This section explains how to unlock files.
Only the file administrator can unlock files.
2
For details about “Enhance File Protection”, see p.109 “Specifying the Extended Security Functions”.
A Press the {Printer} key. B Press [Print Jobs]. C Press [Locked Print Job List]. D Select the file. E Press [Unlock File].
F Press [Yes].
19
2
Preventing Information Leaks
Specifying Access Permission for Stored Files
You can specify who is allowed to access stored scan files and files stored in the Document Server.
You can prevent activities such as the printing or sending of stored files by un­authorized users.
Access Permission
To limit the use of stored files, you can specify four types of access permis­sion.
Read-only In addition to checking the content of and in-
formation about stored files, you can also print and send the files.
Edit You can change the print settings for stored
files. This includes permission to view files.
Edit / Delete You can delete stored files.
This includes permission to view and edit files.
Full Control You can specify the user and access permis-
sion.This includes permission to view, edit, and edit / delete files.
Note
Files can be stored by any user who is allowed to use the Document Server,
scanner function, or fax function.
Using Web Image Monitor, you can check the content of stored files. For
details, see the Web Image Monitor Help.
The default access permission for the file creator (owner) is “Read-on-
ly”.You can also specify the access permission.
Password for Stored Files
Passwords for stored files can be specified by the file creator (owner) or file administrator. You can obtain greater protection against the unauthorized use of files.
20
Specifying Access Permission for Stored Files
Assigning Users and Access Permission for Stored Files
This can be specified by the file creator (owner) or file administrator.
Specify the users and their access permissions for each stored file.
By making this setting, only users granted access permission can access stored files.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
Important
If files become inaccessible, reset their access permission as the file creator
(owner). This can also be done by the file administrator. If you want to access a file but do not have access permission, ask the file creator (owner).
A Press the {Document Server} key. B Select the file.
C Press [File Management].
2
D Press [Change Acs. Priv.]. E Press [Program/Change/Delete]. F Press [New Program].
21
2
Preventing Information Leaks
G Select the users or groups you want to assign permission to.
You can select more than one users.
By pressing [All Users], you can select all the users.
H Press [Exit]. I Select the user who you want to assign an access permission to, and then
select the permission.
Select the access permission from [Read-only], [Edit], [Edit / Delete], or [Full Con- trol].
J Press [Exit]. K Press [OK]. L Press [OK].
Assigning the User and the Access Permission for the User’s Stored Files
This can be specified by the file creator (owner) or user administrator.
Specify the users and their access permission to files stored by a particular user.
Only those users granted access permission can access stored files.
This makes the management of access permission easier than it is when permis­sion is specified for each stored file.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
22
Important
If files become inaccessible, be sure to enable the user administrator, and then
reset the access permission for the files in question.
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools].
D Press [Address Book Management].
Specifying Access Permission for Stored Files
2
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Select the user or group.
F Press [Protection].
G Under "Protect File(s)", press [Program/Change/Delete] for "Permissions for
Users/Groups".
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
H Press [New Program].
23
2
Preventing Information Leaks
I Select the users or groups to register.
You can select more than one users.
By pressing [All Users], you can select all the users.
J Press [Exit]. K Select the user who you want to assign an access permission to, and then
select the permission.
Select the access permission from [Read-only], [Edit], [Edit / Delete], or [Full Con- trol].
L Press [Exit]. M Press [OK]. N Press [Exit]. O Press the {User Tools/Counter} key.
24
Specifying Access Permission for Stored Files
Specifying Passwords for the Stored Files
This can be specified by the file creator (owner) or file administrator.
Specify passwords for the stored files.
Provides increased protection against unauthorized use of files.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {Document Server} key. B Select the file.
2
C Press [File Management]. D Press [Change Password]. E Enter the password using the number keys.
You can use 4 to 8 numbers as the password for the stored file.
F Press [Change] at the bottom of the screen. G Confirm the password by re-entering it using the number keys. H Press [#]. I Press [OK]. J Press [OK].
25
Preventing Information Leaks
Unlocking Files
If you specify “Enhance File Protection”, the file will be locked and become in­accessible if an invalid password is entered ten times. This section explains how to unlock files.
Only the file administrator can unlock files.
2
For details about “Enhance File Protection”, see p.109 “Specifying the Extended Security Functions”.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {Document Server} key. B Select the file.
C Press [File Management]. D Press [Unlock Files].
26
E Press [Yes]. F Press [OK].
Preventing Data Leaks Due to Unauthorized Transmission
Preventing Data Leaks Due to Unauthorized Transmission
If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person mas­querading as the user.
You can also limit the direct entry of destinations to prevent files from being sent to destinations not registered in the address book.
Restrictions on Destinations
This can be specified by the user administrator.
Make the setting to disable the direct entry of e-mail addresses and phone num­bers under the scanner and fax functions.
By making this setting, the destinations can be restricted to addresses registered in the address book.
2
If you set [Restrict Use of Destinations] to [On], you can prohibit users from directly entering telephone numbers, e-mail addresses, or Folder Path in order to send files. If you set [Restrict Use of Destinations] to [Off], [Restrict Adding of User Destina- tions] appears. In [Restrict Adding of User Destinations], you can restrict users from registering data in the address book.
If you set [Restrict Adding of User Destinations] to [On], users can directly enter des­tination telephone numbers, e-mail addresses, and Folder Path in [ProgDest] on the fax and scanner screens. If you set [Restrict Adding of User Destinations] to [Off], users can specify destinations directly, but cannot use [ProgDest] to register data in the address book. When this setting is made, only the user administrator can change the address book.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
27
Preventing Information Leaks
C Press [Administrator Tools].
2
D Press [Extended Security]. E Press [On] for “Restrict Use of Destinations”.
F Press [OK]. G Press the {User Tools/Counter} key.
Reference
This can also be specified using Web Image Monitor or SmartDeviceMon­itor for Admin. For details, see the Help for each application.
28
Protecting the Address Book
Protecting the Address Book
If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person mas­querading as the user.
To protect the data from unauthorized reading, you can also encrypt the data in the address book.
Address Book Access Permission
This can be specified by the registered user. The access permission can also be specified by a user granted full control or the user administrator.
You can specify who is allowed to access the data in the address book.
By making this setting, you can prevent the data in the address book being used by unregistered users.
2
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools].
D Press [Address Book Management].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
29
Preventing Information Leaks
E Select the user or group.
2
F Press [Protection].
G Under "Protect Destination", press [Program/Change/Delete] for "Permissions
for Users/Groups".
H Press [New Program].
I Select the users or groups to register.
30
You can select more than one users.
By pressing [All Users], you can select all the users.
J Press [Exit]. K Select the user who you want to assign an access permission to, and then
select the permission.
Select the permission, from [Read-only], [Edit], [Edit / Delete], or [Full Control].
L Press [Exit].
Protecting the Address Book
M Press [OK]. N Press [Exit]. O Press the {User Tools/Counter} key.
Encrypting the Data in the Address Book
This can be specified by the user administrator.
Encrypt the data in the address book.
Reference
See p.109 “Changing the Extended Security Functions”.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
2
Note
Encrypting the data in the address book may take a long time. (Up to three
minutes)
The time it takes to encrypt the data in the address book depends on the
number of registered users.
The machine cannot be used during encryption.
If you press [Stop] during encryption, the data is not encrypted.
Normally, once encryption is complete, [Exit] appears. If three minutes have
passed and [Exit] has still not appeared, contact your service representative.
If you press [Stop] during decryption, the data stays encrypted.
Do not switch the main power off during encryption, as doing so may corrupt
the data.
If you register additional users after encrypting the data in the address book,
those users are also encrypted.
A Press the {User Tools/Counter} key. B Press [System Settings].
31
Preventing Information Leaks
C Press [Administrator Tools].
2
D Press [Extended Security]. E Press [On] for “Encrypt Address Book”.
F Press [Change] for [Encryption Key]. G Enter the encryption key, and then press [OK].
Enter the encryption key using up to 32 alphanumeric characters.
H Press [Encrypt / Decrypt]. I Press [Yes]. J Press [Exit]. K Press [OK].
32
L Press the {User Tools/Counter} key.
Log Information and Deleting Data on the Hard Disk
Log Information and Deleting Data on the Hard Disk
A Hard Disk
The machine’s optional hard disk lets you store data under the copy, printer, fax, scanner, and document server functions, as well as the address book and counters stored under each user code. For details about deleting data on the hard disk, see p.35 “Overwriting the Data on the Hard Disk”.
B Data Not Overwritten in the Hard Disk
The machine’s memory lets you store fax numbers and data transmitted us­ing the fax function, and network TWAIN scanner. Even if you delete the data on the hard disk, this data remains intact.
C Log information
The following log information is stored in the machine’s memory and on its hard disk:
2
•Job log Stores information about workflow related to user files, such as copying, printing, and scan file delivery
•Access log Stores information about access, such as logging on and off, creating and deleting files, scanning invalid images, administrator procedures customer engineer procedures.
*1
Deleting all log information
*2
Formatting the hard disk and specifying whether or not to store job logs and access logs
Limitation
*2
Fax job logs are not stored.
D Deleting log information
By deleting the log files stored in the machine, you can prevent information leaks.
E Transferring log information
You can transfer the log information, which indicates who tried to gain access and at what time. By transferring the log files, you can check the history data and identify un­authorized access.
*1
, and
33
Preventing Information Leaks
Specifying Delete All Logs
This can be specified by the machine administrator.
By deleting log files stored in the machine, you can prevent information leakage.
A Press the {User Tools/Counter} key.
2
B Press [System Settings].
C Press [Administrator Tools].
D Press [Delete All Logs].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
A confirmation message appears.
E Press [Yes]. F Press [Exit]. G Press the {User Tools/Counter}key.
Transfer Log Setting
The machine administrator can select [On] from the log server only.
When using the machine’s control panel, you can change the setting to [Off] only if it is set to [On].
You can check and change the transfer log setting. This setting lets you transfer log files to the log server to check the history data and identify unauthorized ac­cess.
For details about log collection server, contact your local dealer.
For details about the transfer log setting, see log collection server help.
A Press the {User Tools/Counter}key.
34
B Press [System Settings].
Log Information and Deleting Data on the Hard Disk
C Press [Administrator Tools].
D Press [Transfer Log Setting].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Press [OK]. F Press the {User Tools/Counter}key.
Overwriting the Data on the Hard Disk
To use this function, the optional DataOverwriteSecurity unit must be installed.
You can overwrite data on the hard disk.
2
Note
Depending on the hard disk capacity and the method of erasing the data, this
action may take a few hours. The machine cannot be used during this time.
Auto Erase Memory Setting
To erase selected data on the hard disk, specify [Auto Erase Memory Setting].
Erase All Memory
To erase all the data on the hard disk, using [Erase All Memory].
35
Preventing Information Leaks
Methods of Erasing the Data
You can select the method of erasing the data from the following: The default is “NSA”.
2
*1
NSA
*2
DoD
Random Numbers Overwrites the data with random numbers
*1
National Security Agency
*2
Department of Defense
Reference
Overwrites the data on the hard disk twice with random numbers and once with zeros.
Overwrites the data with a number, its com­plement, and random numbers, and then checks the result.
the specified number of times.
You can specify between 1 and 9 as the number of times the data is overwritten with random numbers. The default is 3 times.
For details, see the manual supplied with the DataOverwriteSecurity unit.
“Auto Erase Memory Setting”
This can be specified by the machine administrator.
A document scanned in Copier, Fax, or Scanner mode, or print data sent from a printer driver is temporarily stored on the machine's hard disk.
Even after the job is completed, it remains in the hard disk as temporary data. Auto Erase Memory erases the temporary data on the hard disk by writing over it.
Overwriting starts automatically once the job is completed.
The Copier, Fax, and Printer functions take priority over the Auto Erase Memory function. If a copy, fax or print job is in progress, overwriting will only be done after the job is completed.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
36
C Press [Administrator Tools].
Log Information and Deleting Data on the Hard Disk
D Press [Auto Erase Memory Setting].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Press [On], and then select the method of erasing the data.
Select the method of erasing the data from [NSA], [DoD], or [Random Numbers].
When you select “Random Numbers”
A Press [Change]. B Enter the number of times that you want to overwrite using the number
keys, and then press [#].
F Press [OK].
Auto Erase Memory is set.
Important
When Auto Erase Memory is set to "On", temporary data that remained on the hard disk when Auto Erase Memory was "Off" might not be overwritten.
2
Note
Should the main power switch of the machine be turned off before over-
writing is completed, the temporary data will remain on the hard disk un­til the main power switch is next turned on and overwriting is resumed.
If the overwriting method is changed while overwriting is in progress, the
remainder of the temporary data will be overwritten using the method set originally.
Canceling Auto Erase Memory
A Follow steps
to D in “Auto Erase Memory Setting”.
A
B Press [Off]. C Press [OK].
Auto Erase Memory is disabled.
Note
To set Auto Erase Memory to "On" again, repeat the procedure in “Auto Erase
Memory Setting”.
37
Preventing Information Leaks
Types of Data that Can or Cannot Be Overwritten
The following table shows the types of data that can or cannot be overwritten by Auto Erase Memory.
2
Data overwritten by Auto Erase Memory
Data not overwritten by Auto Erase Memory
Copier • Copy jobs
Printer • Print Jobs
• Sample Print/Locked Print/Stored Print Jobs
• Spool Printing jobs
•PDF Direct Print data
*2
Fax
Scanner
Documents stored by the user in the Document Server using the Copier, Printer or Scanner functions
Information registered in the Address Book
*3
•PC fax print jobs
• Internet fax transmitted data
Scanned files sent by e-mail
• Files sent by Scan to Folder
• Documents sent using DeskTopBinder, the Scan­Router delivery software or a Web Image Monitor
*4
*5
*1
Counters stored under each user code
Image overlay data
*1
A Sample Print, Locked Print, or Stored Print job can only be overwritten after it has
*6
been executed.Stored print jobs can be overwritten by Auto Erase Memory only if they have been deleted in advance.
*2
The data for fax transmission and the registered fax numbers are stored in the mem­ory. This data is not stored on the hard disk, so it will not be overwritten by Auto Erase Memory.
*3
Data scanned with network TWAIN scanner will not be overwritten by Auto Erase Memory.
*4
A stored document can only be overwritten after it has been printed or deleted from the Document Server.
*5
Data stored in the Address Book can be encrypted for security. For details, see p.31 “Encrypting the Data in the Address Book”.
*6
Image overlay data can be overwritten by Auto Erase Memory only if it is deleted in advance.
38
Log Information and Deleting Data on the Hard Disk
“Erase All Memory”
This can be specified by the machine administrator.
You can erase all the data on the hard disk by writing over it. This is useful if you relocate or dispose of your machine.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
Important
If you select Erase All Memory, the following are also deleted: user codes,
counters under each user code, user stamps, data stored in the Address Book, printer fonts downloaded by users, applications using Embedded Software Architecture, SSL server certificates, and the machine’s network settings.
Note
Before erasing the hard disk, you can back up user codes, counters for each
user code, and Address Book data using SmartDeviceMonitor for Admin. For details, see SmartDeviceMonitor for Admin Help.
2
A Disconnect communication cables connected to the machine. B Press the {User Tools/Counter} key. C Press [System Settings].
D Press [Administrator Tools].
E Press [Erase All Memory].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
39
Preventing Information Leaks
F Select the method of erasing the data.
Select the method of erasing the data from [NSA], [DoD], or [Random Numbers].
When you select “Random Numbers”
A Press [Change].
2
B Enter the number of times that you want to overwrite using the number
keys, and then press [#].
G Press [OK]. H Press [Yes]. I When overwriting is completed, press [Exit], and then turn off the power.
Reference
Before turning the power off, see "Turning On the Power", General Settings Guide.
Important
Should the main power switch of the machine be turned off before Erase
All Memory is completed, overwriting is canceled.
Make sure the main power switch is not turned off during overwriting.
Note
If the main power is turned off when Erase All Memory is in progress,
overwriting will start again when you next turn on the main power.
If an error occurs before overwriting is completed, turn off the main pow-
er. Turn it on again, and then repeat from step
Canceling Erase All Memory
B
.
A Press [Cancel] while Erase All Memory is in progress. B Press [Yes].
Erase All Memory is canceled.
Note
If you stop this before completion, the data is not fully erased. Execute
[Erase All Memory] again to erase the data.
C Turn off the main power.
Note
To resume overwriting after power off, turn on the main power of the ma-
chine, and then repeat the procedure in “Erase All Memory”.
40
3. Preventing Unauthorized
Use of Functions and Settings
Preventing Modification of Machine Settings
The machine settings that can be modified depend on the type of administrator. Users cannot change the administrator settings.
Register the administrators before using the machine.
Type of Administrator
Register the administrator on the machine, and then authenticate the admin­istrator using the administrator’s login user name and login password. The machine settings that can be modified depend on the type of administrator. To manage the machine, the following types of administrator can be designat­ed:
• User Administrator
• File Administrator
•Network Administrator
• Machine Administrator
Reference
For details, see p.99 “The Roles of Administrators”.
For details, see p.101 “Administrator Authentication”.
For details, see p.125 “Machine Administrator Settings”.
For details, see p.133 “Network Administrator Settings”.
For details, see p.137 “File Administrator Settings”.
For details, see p.139 “User Administrator Settings”.
Menu Protect
Use this function to specify the permission level for users to change those set­tings accessible by non-administrators. You can specify Menu Protect for the following settings:
• Copy / Document Server Features
• Facsimile Features
• Printer Features
• Scanner Features
Reference
For details, see p.139 “User Administrator Settings”.
41
Preventing Unauthorized Use of Functions and Settings
Limiting Available Functions
To prevent unauthorized operation, you can specify who is allowed to access each of the machine’s functions.
Available Functions
Specify the available functions from the copier, Document Server, fax, scan­ner, and printer functions.
3
Specifying Which Functions are Available
This can be specified by the user administrator. Specify the functions available to registered users. By making this setting, you can limit the functions available to users.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools].
42
D Press [Address Book Management].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Select the user.
Limiting Available Functions
F Press [Auth. Info]. G In [Available Functions], select the functions you want to specify.
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
H Press [OK]. I Press [Exit]. J Press the {User Tools/Counter} key.
3
43
3
Preventing Unauthorized Use of Functions and Settings
44
4. Enhanced Network Security
Preventing Unauthorized Access
You can limit IP addresses, disable ports and protocols, or use Web Image Mon­itor to specify the network security level to prevent unauthorized access over the network and protect the address book, stored files, and default settings.
Enabling/Disabling Protocols
This can be specified by the network administrator.
Specify whether to enable or disable the function for each protocol.
By making this setting, you can specify which protocols are available and so pre­vent unauthorized access over the network.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Interface Settings].
D Press [Effective Protocol].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
45
4
Enhanced Network Security
E Press [Invalid] for the protocol you want to disable.
F Press [OK]. G Press the {User Tools/Counter} key.
Reference
Advanced network settings can be specified using Web Image Monitor. For details, see the Web Image Monitor Help.
Access Control
This can be specified by the network administrator.
The machine can control TCP/IP access.
Limit the IP addresses from which access is possible by specifying the access control range.
For example, if you specify the access control range as [192.168.15.16]- [192.168.15.20], the client PC addresses from which access is possible will be from
192.168.15.16 to 192.168.15.20.
Limitation
Using access control, you can limit access involving LPD, RCP/RSH, FTP,
IPP, DIPRINT, Web Image Monitor, SmartDeviceMonitor for Client or Desk­TopBinder. You cannot limit the Monitoring of SmartDeviceMonitor for Cli­ent.
You cannot limit access involving telnet, or SmartDeviceMonitor for Admin.
A Open a Web Image Monitor. B Enter “http://(machine's-address)/” in the address bar to access the ma-
chine.
C Log onto the machine.
46
The network administrator can log on using the appropriate login user name and login password.
D Click [Configuration], click [Security], and then click [Access Control].
The [Access Control] page appears.
E In [Access Control Range], enter the IP addresses from which access to the ma-
chine is permitted.
Preventing Unauthorized Access
F Click [Apply].
Access control is set.
G Log off from the machine.
Reference
For details, see the Web Image Monitor Help.
Specifying Network Security Level
This can be specified by the network administrator.
This setting lets you change the security level to limit unauthorized access.
Set the security level to [Level 0], [Level 1], or [Level 2].
Select [Level 2] for maximum security to protect confidential information.
Select [Level 1] for moderate security. Use this setting if the machine is connected to the office local area network (LAN).
4
Select [Level 0] to use this setting if no information needs to be protected.
You can specify the entire network security level setting the machine’s control panel.
If you change this setting using Web Image Monitor, the network security level settings other than the specified one will be reset to the default.
Reference
For details about logging on and logging off with user authentication, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
Note
If you change this setting using Web Image Monitor, the network security lev-
el settings other than the specified one will be reset to the default.
A Press the {User Tools/Counter}key. B Press [System Settings].
47
4
Enhanced Network Security
C Press [Administrator Tools].
D Press [Network Security Level].
If the setting you want to specify does not appear, press [TNext] to scroll
down to other settings.
E Select the network security level.
Select [Level 0], [Level 1], or [Level 2].
F Press [OK]. G Press the {User Tools/Counter}key.
-Status of Functions under each Network Security Level
= Available
— = Unavailable
U = Port is open.
| = Port is closed.
48
= Automatic
= Ciphertext Only
u = Ciphertext Priority
Preventing Unauthorized Access
Function Network Security Level
Level 0 Level 1 Level 2
Interface IEEE1394 SBP-2 ❍❍—
Bluetooth ❍❍—
IP over 1394 ❍❍❍
TCP/IP TCP/IP ❍❍❍
HTTP Port 80 UUU
Port 443 UUU Port 631 UU|
Port 7443/7444
IPP Port 80 UUU
Port 631 UU| Port 443 UUU
DIPRINT ❍❍—
LPR ❍❍— FTP Port 21 UUU RFU Port 10021 UUU
RSH/RCP ❍❍—
SNMP ❍❍❍
SNMP v1v2 Setting ——
Browse ❍❍—
SNMP v3 ❍❍❍
SNMP Encryption
TELNET ——
UUU
✩✩★
4
SSDP Port 1900 UU| NBT Port 137/138 UU|
SSL ❍❍❍
SSL / TLS Encryption Mode
mDNS ❍❍—
SMB ❍❍—
NetWare NetWare ❍❍—
AppleTalk AppleTalk ❍❍—
uu
49
Enhanced Network Security
Encrypting Transmitted Passwords
Prevent login passwords, group passwords for PDF files, and IPP authentication passwords being revealed by encrypting them for transmission.
Also, encrypt the login password for administrator authentication and user au­thentication.
Driver Encryption Key
To encrypt the login password, specify the driver encryption key for the driv­er used for the machine and the user’s computer.
Reference
See p.109 “Changing the Extended Security Functions”.
4
Group Passwords for PDF Files
DeskTopBinder Lite’s PDF Direct Print function allows a PDF group pass­word to be specified to enhance security.
Note
To use PDF direct print, the optional PostScript3 unit must be installed.
Password for IPP Authentication
Using Web Image Monitor, you can encrypt the password for IPP authentica­tion.
Note
You can use Telnet or FTP to manage passwords for IPP authentication, al-
though it is not recommended.
Driver Encryption Key
This can be specified by the network administrator.
Specify the driver encryption key on the machine.
By making this setting, you can encrypt login passwords for transmission to pre­vent them from being analyzed.
50
Reference
See p.109 “Changing the Extended Security Functions”.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key.
B Press [System Settings].
C Press [Administrator Tools].
D Press [Extended Security]. E For [Driver Encryption Key], press [Change].
Encrypting Transmitted Passwords
4
F Enter the driver encryption key, and then press [OK].
Enter the driver encryption key using up to 32 alphanumeric characters.
Note
The network administrator must give users the driver encryption key
specified on the machine so they can register it on their computers. Make sure to enter the same driver encryption key as that specified on the ma­chine.
G Press [OK]. H Press the {User Tools/Counter} key.
Reference
See the printer driver Help.
See the TWAIN driver Help.
51
Enhanced Network Security
Group Password for PDF files
This can be specified by the network administrator.
On the machine, specify the group password for PDF files.
By using a PDF group password, you can enhance security and so protect pass­words from being analyzed.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key.
4
B Press [Printer Features].
C Press [PDF Menu], and then press [PDF Group Password].
If the setting to be specified does not appear, press [TNext].
D For [Current Password], press [Change]. E Enter the password, and then press [OK].
Enter the group password for PDF files using up to 32 alphanumeric charac­ters.
F Press [OK]. G For [New Password], press [Change].
52
H Enter the password, and then press [OK]. I For [Confirm New Password], press [Change]. J Enter the password and press [OK]. K Press [OK]. L Press the {User Tools/Counter} key.
Encrypting Transmitted Passwords
Note
The network administrator must give users the group password for PDF
files that is already registered on the machine. The users can then register it in DeskTopBinder on their computers.For details, see the DeskTopBind­er Help
Make sure to enter the same character string as that specified on the ma-
chine for the group password for PDF files.
The group password for PDF files can also be specified using Web Image
Monitor. For details, see the Web Image Monitor Help.
IPP Authentication Password
This can be specified by the network administrator.
Specify the IPP authentication passwords for the machine using Web Image Monitor.
By making this setting, you can encrypt IPP authentication passwords for trans­mission to prevent them from being analyzed.
A Open a Web Image Monitor. B Enter “http://(machine's-address)/” in the address bar to access the ma-
chine.
C Log onto the machine.
The network administrator can log on. Enter the login user name and login password.
D Click [Configuration], click [Security], and then click [IPP Authentication].
The [IPP Authentication] page appears.
E Select [DIGEST] from the [Authentication] list.
Note
When using the IPP port under Windows XP or Windows Server 2003, you
can use the operating system’s standard IPP port.
4
F Enter the user name in the [User Name] box. G Enter the password in the [Password] box. H Click [Apply].
IPP authentication is specified.
I Log off from the machine.
53
4
Enhanced Network Security
Protection Using Encryption
When you access the machine using a Web Image Monitor or IPP, you can estab­lish encrypted communication using SSL. When you access the machine using an application such as SmartDeviceMonitor for Admin, you can establish en­crypted communication using SNMPv3 or SSL.
To protect data from interception, analysis, and tampering, you can install a server certificate in the machine, negotiate a secure connection, and encrypt transmitted data.
SSL (Secure Sockets Layer)
54
AFN001S
A To access the machine from a user’s computer, request for the SSL server
certificate and public key.
B The server certificate and public key are sent from the machine to the us-
er’s computer.
C Using the public key, encrypt the data for transmission.
D The encrypted data is sent to the machine.
E The encrypted data is decrypted using the private key.
Note
To establish encrypted communication using SSL, the machine must have
the printer and scanner functions.
Protection Using Encryption
SSL (Secure Sockets Layer) Encryption
This can be specified by the network administrator.
To protect the communication path and establish encrypted communication, create and install the server certificate.
There are two ways of installing a server certificate: create and install a self-cer­tificate using the machine, or request a certificate from a certificate authority and install it.
Configuration flow (self-signed certificate)
A Creating and installing the server certificate
Install the server certificate using Web Image Monitor.
B Enabling SSL
Enable the [SSL/TLS] setting using Web Image Monitor.
Configuration flow (certificate issued by a certificate authority)
A Creating the server certificate
Create the server certificate using Web Image Monitor. The application procedure after creating the certificate depends on the cer­tificate authority. Follow the procedure specified by the certificate author­ity.
B Installing the server certificate
Install the server certificate using Web Image Monitor.
C Enabling SSL
Enable the [SSL/TLS] setting using Web Image Monitor. Creating and Installing the Server Certificate (Self-Signed Certificate) Create and install the server certificate using Web Image Monitor.
Note
To confirm whether SSL configuration is enabled, enter https://(machine’s-
address) in your Web Image Monitor’s address bar to access this machine. If the “The page cannot be displayed” message appears, check the configura­tion as the SSL configuration is invalid.
4
Creating and Installing the Self-Signed Certificate
Create and install the server certificate using Web Image Monitor.
This section explains the use of a self-certificate as the server certificate.
A Open a Web Image Monitor. B Enter “http://(machine's-address)/” in the address bar to access the printer. C Log onto the machine.
The network administrator can log on.
Enter the login user name and login password.
55
Enhanced Network Security
D Click [Configuration], click [Security], and then click [Certificates]. E Click [Create]. F Make the necessary settings.
Reference
For details about the displayed items and selectable items, see Web Image Monitor Help.
G Click [OK].
The setting is changed.
H Click [OK].
4
A security warning dialog box appears.
I Check the details, and then click [OK].
[Installed] appears under [Certificate Status] to show that a server certificate for the printer has been installed.
J Log off from the machine.
Note
Click [Delete] to delete the server certificate from the machine.
Creating the Server Certificate (Certificate Issued by a Certificate Authority)
Create the server certificate using Web Image Monitor.
This section explains the use of a certificate issued by a certificate authority as the server certificate.
A Open a Web Image Monitor. B Enter “http://(machine's-address)/” in the address bar to access the printer.
56
C Log onto the machine.
The network administrator can log on.
Enter the login user name and login password.
D Click [Configuration], click [Security], and then click [Certificates].
The [Certificates] page appears.
E Click [Request]. F Make the necessary settings.
Reference
For details about the displayed items and selectable items, see Web Image Monitor Help.
Protection Using Encryption
G Click [OK].
[Requesting] appears for [Certificate Status] in the [Certificates] area.
Use the data in the [Certificate Request Contents:] dialog box to apply to the cer­tificate authority.
H Log off from the machine. I Apply to the certificate authority for the server certificate.
The application procedure depends on the certificate authority. For details, contact the certificate authority.
When applying, use the data created with Web Image Monitor.
Note
Using Web Image Monitor, you can create the contents of the server certif-
icate but you cannot send the application.
Click [Cancel Request] to cancel the request for the server certificate.
4
Installing the Server Certificate (Certificate Issued by a Certificate Authority)
Install the server certificate using Web Image Monitor.
This section explains the use of a certificate issued by a certificate authority as the server certificate.
Enter the server certificate contents issued by the certificate authority.
A Open a Web Image Monitor. B Enter “http://(machine's-address)/” in the address bar to access the printer. C Log onto the machine.
The network administrator can log on.
Enter the login user name and login password.
D Click [Configuration], click [Security], and then click [Certificates].
The [Certificates] page appears.
E Click [Install]. F Enter the contents of the server certificate.
In the [Certificate Request] box, enter the contents of the server certificate re­ceived from the certificate authority.
Reference
For details about the displayed items and selectable items, see Web Image Monitor Help.
57
Enhanced Network Security
G Click [OK].
[Installed] appears under [Certificate Status] to show that a server certificate for
the machine has been installed.
H Log off from the machine.
Enabling SSL
After installing the server certificate in the machine, enable the SSL setting.
This procedure is used for a self-signed certificate or a certificate issued by a cer­tificate authority.
A Open a Web Image Monitor.
4
B Enter “http://(machine's-address)/” in the address bar to access the printer. C Log onto the machine.
The network administrator can log on.
Enter the login user name and login password.
D Click [Configuration], click [Security], and then click [SSL/TLS].
The [SSL/TLS] page appears.
E Click [Enable] for [SSL/TLS]. F Click [Apply].
The SSL setting is enabled.
G Log off from the machine.
Note
If you set [Permit SSL / TLS Communication] to [Ciphertext Only], enter “ht-
tps://(machine's address)/” to access the machine.
58
User Settings for SSL (Secure Sockets Layer)
If you have installed a server certificate and enabled SSL (Secure Sockets Layer), you need to install the certificate on the user’s computer.
The network administrator must explain the procedure for installing the certifi­cate to users.
If a warning dialog box appears while accessing the machine using the Web Im­age Monitor or IPP, start the Certificate Import Wizard and install a certificate.
A When the [Security Alert] dialog box appears, click [View Certificate].
The [Certificate] dialog box appears.
To be able to respond to inquiries from users about such problems as expiry of the certificate, check the contents of the certificate.
Protection Using Encryption
B On the [General] tab, click [Install Certificate...].
Certificate Import Wizard starts.
C Install the certificate by following the Certificate Import Wizard instruc-
tions.
Note
For details about how to install the certificate, see the Web Image Monitor
Help.
If a certificate issued by a certificate authority is installed in the printer,
confirm the certificate store location with the certificate authority.
Reference
For details about where to store the certificate when accessing the machine using IPP, see the SmartDeviceMonitor for Client Help.
Setting the SSL / TLS Encryption Mode
4
By specifying the SSL/TLS encrypted communication mode, you can change the security level.
Encrypted Communication Mode
Using the encrypted communication mode, you can specify encrypted com­munication.
Ciphertext Only Allows encrypted communication only.
If encryption is not possible, the machine does not communicate.
Ciphertext Priority Performs encrypted communication if en-
cryption is possible.
If encryption is not possible, the machine communicates without it.
Ciphertext / Clear Text Communicates with or without encryption,
according to the setting.
Setting the SSL / TLS Encryption Mode
This can be specified by the network administrator.
After installing the server certificate, specify the SSL/TLS encrypted communi­cation mode. By making this setting, you can change the security level.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key.
59
4
Enhanced Network Security
B Press [System Settings].
C Press [Interface Settings].
D Press [Permit SSL / TLS Communication]
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Select the encrypted communication mode.
Select [Ciphertext Only], [Ciphertext Priority], or [Ciphertext / Clear Text] as the en­crypted communication mode.
F Press [OK]. G Press the {User Tools/Counter} key.
Note
The SSL/TLS encrypted communication mode can also be specified using
Web Image Monitor. For details, see the Web Image Monitor Help.
60
Protection Using Encryption
SNMPv3 Encryption
This can be specified by the network administrator.
When using SmartDeviceMonitor for Admin or another application to make various settings, you can encrypt the data transmitted.
By making this setting, you can protect data from being tampered with.
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Interface Settings].
D Press [Permit SNMP V3 Communication].
4
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Press [Encryption Only]. F Press [OK]. G Press the {User Tools/Counter} key.
61
4
Enhanced Network Security
Note
To use SmartDeviceMonitor for Admin for encrypting the data for speci-
fying settings, you need to specify the network administrator’s [Encryption Password] setting and [Encryption Key] in [SNMP Authentication Information] in SmartDeviceMonitor for Admin, in addition to specifying [Permit SNMP V3 Communication] on the machine.
If network administrator’s [Encryption Password] setting is not specified, the
data for transmission may not be encrypted or sent.
Reference
For details about specifying the network administrator’s [Encryption Pass- word] setting, see p.104 “Registering the Administrator”.
For details about specifying [Encryption Key] in SmartDeviceMonitor for Admin, see the SmartDeviceMonitor for Admin Help.
62
5.
Management Based on
Authentication and Access Control
There are four types of administrator according to the administered function:
Machine administrator, network administrator, file administrator, and user ad­ministrator.By sharing the administrative work among different administrators, you can spread the workload and limit unauthorized operation by a single ad­ministrator.
Users are managed using the personal information registered in the machine’s address book.
By enabling user authentication, you can allow only people registered in the ad­dress book to use the machine.
Specify administrator authentication and user authentication according to the following flowchart:
Administrator Authentication
See p.68 “Administrator Authen­tication”.
User Authentication
See p.68 “Enabling Authentica­tion”.
Specifying Administrator Authentication
See p.68 “Administrator Authentication”.
Registering the Administrator
See p.104 “Registering the Administrator”.
Specifying User Authentication
Authentication that requires only the machine:
• User Code Authentication See p.70 “User Code Authentication”.
• Basic Authentication See p.71 “Basic Authentication”.
Authentication that requires external devices:
• Windows Authentication See p.73 “Windows Authentication”.
• LDAP Authentication See p.79 “LDAP Authentication”.
• Integration Server Authentication See p.82 “Integration Server Authentication”.
The Management Function
The machine has an authentication function requiring a login user name and login password. By using the authentication function, you can specify access limits for individual users and groups of users. Using access limits, you can not only limit the machine’s available functions but also protect the machine settings and files and data stored in the machine.
Important
If you have enabled [Administrator Authentication Management], make sure not to
forget the administrator login user name and login password. If an adminis­trator login user name or login password is forgotten, a new password must be specified using the supervisor’s authority.
63
5
Management Based on Authentication and Access Control
Be sure not to forget the supervisor login user name and login password. If
you do forget them, a service representative will to have to return the ma­chine to its default state. This will result in all data in the machine being lost and the service call may not be free of charge.
Reference
For details, see p.121 “Operations by the Supervisor”.
About User Authentication
This machine has an authentication function to prevent unauthorized access.
By using login user name and login password, you can specify access limits for individual users and groups of users.
64
1. User
A user performs normal operations on the machine, such as copying and printing.
2. Group
A group performs normal operations on the machine, such as copying and print­ing.
3. Unauthorized User
4. Authentication
Using a login user name and password, user authentication is performed.
AYJ001S
5. This Machine
6. Access Limit
Using authentication, unauthorized us­ers are prevented from accessing the ma­chine.
7. Authorized users and groups can
use only those functions permitted by the administrator.
The Management Function
About Administrator Authentication
There are four types of administrator according to the administered function: user administrator, machine administrator, network administrator, and file ad­ministrator.
5
1. User Administrator
This administrator manages personal in­formation in the address book. You can register/delete users in the address book or change users’ personal information.
2. Machine Administrator
This administrator manages the ma­chine’s default settings. You can set the machine so that the default such as data security for copying function and delete all logs can only be specified by the ma­chine administrator.
3. Network Administrator
This administrator manages the network settings. You can set the machine so that network settings such as the IP address and settings for sending and receiving e­mail can only be specified by the network administrator only.
AYJ002S
4. File Administrator
This administrator manages permission to access stored files. You can specify passwords for Locked Print files stored in the Document Server so only authorized users can view and change them.
5. Authentication
Administrators must enter their login user name and password to be authenti­cated.
6. This machine
7. Administrators manage the ma-
chine’s settings and access limits. For details about each administrator, see p.99 “The Roles of Administra­tors”.
65
5
Management Based on Authentication and Access Control
Administrators and Users
When controlling access using the authentication specified by an administrator, select the machine’s administrator, enable the authentication function, and then use the machine.
The administrators manage access to the allocated functions, and users can use only the functions they are permitted to access. To enable the authentication function, the login user name and login password are required in order to use the machine.
When specifying user authentication, specify administrator authentication as well.
Important
If user authentication is not possible because of a problem with the hard disk
or network, you can use the machine by accessing it using administrator au­thentication and disabling user authentication. Do this if, for instance, you need to use the machine urgently. For details, see the Web Image Monitor Help.
Reference
For details, see p.88 “Specifying Login User Name and Login Password”.
For details, see p.121 “Operations by the Supervisor”.
Administrator
There are four types of administrator according to the administered function: machine administrator, network administrator, file administrator, and user ad­ministrator.
By sharing the administrative work among different administrators, you can spread the workload and limit unauthorized operation by a single administra­tor.
Administrators are limited to managing the machine’s settings and controlling user access. so they cannot use functions such as copying and printing. To use such functions, you need to register a user in the address book and then be au­thenticated as the user.
Note
By sharing the administrative work among different administrators, you can
spread the workload and limit unauthorized operation by a single adminis­trator. We recommend only one person take each administrator role.
66
Reference
For details, see p.99 “The Roles of Administrators”.
For details, see p.104 “Registering the Administrator”.
Administrators and Users
User
Users are managed using the personal information managed in the machine’s address book.
By enabling user authentication, you can allow only people registered in the ad­dress book to use the machine. Users can be managed in the address book by the user administrator. In addition to registering users with the machine’s control panel, you can register them using SmartDeviceMonitor for Admin or Web Im­age Monitor.
Note
Only the user administrator can register users in the address book with Ridoc
IO Admin and Web Image Monitor.
Reference
For details about registering users in the address book, see General Settings Guide, the SmartDeviceMonitor for Admin Help, or the Web Image Monitor
Help.
5
67
5
Management Based on Authentication and Access Control
Enabling Authentication
To control administrators’ and users’ access to the machine, perform administra­tor authentication and user authentication using login user names and login passwords. To perform authentication, the authentication function must be en­abled.
To perform Basic Authentication, the hard disk must be installed.
To perform Windows Authentication, LDAP Authentication, or Integration Server Authentication, the hard disk and Printer/Scanner unit must be installed.
To specify authentication, you need to register administrators.
Reference
For details, see p.104 “Registering the Administrator”.
Administrator Authentication
To use administrator authentication, enable [Administrator Authentication Manage- ment] on the control panel.
Important
If you have enabled [Administrator Authentication Management], make sure not to
forget the administrator login user name and login password. If an adminis­trator login user name or login password is forgotten, a new password must be specified using the supervisor’s authority.
Reference
For details, see p.121 “Operations by the Supervisor”.
Specifying Administrator Authentication Management
A Press the {User Tools/Counter} key. B Press [System Settings].
68
C Press [Administrator Tools]. D Press [Administrator Authentication Management]. E Press the [User Management], [Machine Management], [Network Management], or
[File Management] key to select which settings to manage.
Enabling Authentication
F Set "Admin. Authentication" to [On].
[Available Settings] appears.
G Select the settings to manage from "Available Settings".
The selected settings will be unavailable to users.
Note
To specify administrator authentication for more than one category, repeat
steps
to G.
E
H Press [OK]. I Press the {User Tools/Counter} key.
User Authentication
There are five types of user authentication method: user code authentication, ba­sic authentication, Windows authentication, Integration Server Authentication, and LDAP authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authen­tication. The settings depend on the authentication method.
Important
When using Windows authentication or LDAP authentication, keep in mind
that if you edit an authenticated user’s e-mail address or any of the other data that is automatically stored after successful authentication, the edited data may be overwritten when it is reacquired at the next authentication.
Note
User code authentication is used for authenticating on the basis of the user
code, and basic authentication, Windows authentication, and LDAP authen­tication are used for authenticating individual users.
5
You cannot use more than one authentication method at the same time.
User authentication can also be specified via Web Image Monitor. For details
see the Web Image Monitor Help.
69
Management Based on Authentication and Access Control
User Code Authentication
This is an authentication method for limiting access to functions according to the user code. The same user code can be used by more than one user. For details about specifying user codes, see General Settings Guide.
Limitation
To control the use of RidocDesk2000/Lt for the delivery of files stored in the
machine, select Basic Authentication, Windows Authentication, LDAP Au­thentication, or Integration Server Authentication.
Reference
For details about specifying the user code for the printer driver, see Printer Reference or the printer driver Help.
For details about specifying the TWAIN driver user code, see the TWAIN driver Help.
5
Specifying User Code Authentication
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools]. D Press [User Authentication Management]. E Select [User Code Authentication].
70
Note
If you do not want to use user authentication management, select [Off]
Enabling Authentication
F Select which of the machine’s functions you want to limit.
The selected settings will be available to users.
G Press [OK]. H Press the {User Tools/Counter} key.
Basic Authentication
Specify this authentication when using the machine’s address book to authenti­cate for each user. Using basic authentication, you can not only manage the ma­chine’s available functions but also limit access to stored files and to the personal data in the address book. Under basic authentication, the administrator must specify the functions available to each user registered in the address book.
5
Specifying Basic Authentication
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools]. D Press [User Authentication Management]. E Select [Basic Authentication].
Note
If you do not want to use user authentication management, select [Off].
71
5
Management Based on Authentication and Access Control
F Select the "Printer Job Auth." level.
Note
If you select [Entire], you cannot print using a printer driver or a device that
does not support authentication. To print under an environment that does not support authentication, select [Simple (All)]. By making this setting, only registered users will be able to print.
If you select [Simple(Limitation)], you can specify clients for which printer job
authentication is not required. Specify [Parallel Interface: Simple], [USB: Sim- ple] and the clients’ IP address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticat­ed printer drivers or without any printer driver. Authentication is required for printing with non-specified devices.
If you select [Simple (All)] or [Simple(Limitation)], you can print even with un-
authenticated printer drivers or devices.Specify this setting if you want to print with a printer driver or device that cannot be identified by the ma­chine or if you do not require authentication for printing.However, note that, because the machine does not require authentication in this case, it may be used by unauthorized users.
Reference
For details, see p.86 “Printer Job Authentication Levels and Printer Job Types”.
Specifying [Simple(Limitation)]
A Press [Simple(Limitation)]
B Press [Change].
72
Enabling Authentication
C Specify the range in which [Simple(Limitation)] is applied to Printer Job
Authentication.
D Press [OK].
G Press [OK]. H Press the {User Tools/Counter} key.
Windows Authentication
Specify this authentication when using the Windows domain controller to au­thenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group regis­tered in the directory server. The address book stored in the directory server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the address book.
5
Important
If user information on the server is changed, information registered in the ma-
chine may be overwritten when authentication is performed.
Operational Requirements for Windows Authentication
To specify Windows authentication, the following requirements must be met:
• A domain controller has been set up in a designated domain.
• This function is supported by the operating systems listed below. NTLM authentication is used for Windows authentication. To obtain user infor­mation when running Active Directory, use LDAP. This requires a version of Windows that supports TLSv1, SSLv2, or SSLv3.
• Windows NT 4.0 Server
• Windows 2000 Server
• Windows Server 2003
Limitation
Users managed in other domains are subject to user authentication, but they
cannot obtain items such as e-mail addresses.
If you can obtain user information, the sender’s address (From:) is fixed to pre­vent unauthorized access when sending e-mails under the scanner function.
If you have created a new user in the domain controller and selected [User
must change password at next logon], log on to the machine from the computer
to change the password before logging on from the machine’s control panel.
73
5
Management Based on Authentication and Access Control
Note
Enter the login password correctly, keeping in mind that it is case-sensitive.
In a network environment with a WINS server, where other networks can be
accessed via a router, you must specify WINS.
Users who are not registered in groups and whose available functions are not
limited in the machine’s address book can use the available functions speci­fied in [*Default Group].
Users who are registered in multiple groups can use all the functions availa-
ble to those groups.
If you specify in the address book which functions are available to global
group members, those settings have priority.
A user registered in two or more global groups can use all the functions avail-
able to members of those groups.
If the “Guest” account on the Windows server is enabled, even users not reg-
istered in the domain controller can be authenticated. When this account is enabled, users are registered in the address book and can use all functions.
Specifying Windows Authentication
Note
To automatically register fax numbers and e-mail addresses under Windows
authentication, the machine and domain controller must communicate using SSL. To allow this, you must create a server certificate for the domain control­ler.
You must create a server certificate only if you want to automatically register
user information such as fax numbers and e-mail addresses under Windows authentication.
A Press the {User Tools/Counter} key.
Press [System Settings].
B
74
C Press [Administrator Tools]. D Press [User Authentication Management].
Enabling Authentication
E Select [Windows Authentication].
Note
If you do not want to use user authentication management, select [Off].
F Press [Change] for “Domain Name”, enter the name of the domain controller
to be authenticated, and then press [OK].
5
G Select the "Printer Job Auth." level.
Note
If you select [Entire], you cannot print using a printer driver or a device that
does not support authentication. To print under an environment that does not support authentication, select [Simple (All)]. By making this setting, only registered users will be able to print.
If you select [Simple(Limitation)], you can specify clients for which printer job
authentication is not required. Specify [Parallel Interface: Simple], [USB: Sim- ple] and the clients’ IP address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticat­ed printer drivers or without any printer driver. Authentication is required for printing with non-specified devices.
If you select [Simple (All)], you can print even with unauthenticated printer
drivers or devices.Specify this setting if you want to print with a printer driver or device that cannot be identified by the machine or if you do not require authentication for printing.However, note that, because the ma­chine does not require authentication in this case, it may be used by unau­thorized users.
Reference
For details, see p.86 “Printer Job Authentication Levels and Printer Job Types”.
75
5
Management Based on Authentication and Access Control
Specifying [Simple(Limitation)]
A Press [Simple(Limitation)]
B Press [Change].
C Specify the range in which [Simple(Limitation)] is applied to Printer Job
Authentication.
D Press [OK].
If global groups have been registered:
If global groups have been registered under Windows server, you can limit the use of functions for each global group.
You need to create global groups in the Windows server in advance and reg­ister in each group the users to be authenticated.
You also need to register in the machine the functions available to the global group members.
Create global groups in the machine by entering the names of the global groups registered in the Windows Server. (Keep in mind that group names are case sensitive.) Then specify the machine functions available to each group.
If global groups are not specified, users can use the available functions spec­ified in [*Default Group]. If global groups are specified, users not registered in global groups can use the available functions specified in [*Default Group]. By default, all functions are available to [*Default Group] members. Specify the limitation on available functions according to user needs.
76
Enabling Authentication
A
Under “Group”, press [Program / Change], and then press [*Not Programmed].
If the setting to be specified does not appear, press [TNext] to scroll down
to other settings.
B Press [Change], and then enter the group name.
C Select which of the machine’s functions you want to limit. D Press [OK].
5
H Press [OK]. I Press the {User Tools/Counter} key.
-Installing Internet Information Services (IIS) and Certificate services
Specify this setting if you want the machine to automatically obtain e-mail ad­dresses registered in Active Directory.
We recommend you install Internet Information Services (IIS) and Certificate services as the Windows components.
Install the components, and then create the server certificate.
If they are not installed, install them as follows:
A Select [Add/Remove Programs] on the [Control Panel].
B Select [Add/Remove Windows Components].
C Select the [Internet Information Services (IIS)] check box.
D Select the [Certificate Services] check box, and then click [Next].
E Installation of the selected Windows components starts, and a warning mes-
sage appears.
F Click [Yes].
G Click [Next].
H Select the Certificate Authority, and then click [Next].
On the displayed screen, [Enterprise root CA] is selected.
77
5
Management Based on Authentication and Access Control
I Enter the Certificate Authority name (optional) in [CA Identifying Information],
and then click [Next].
J Leave [Data Storage Location] at its default, and then click [Next].
-Creating the Server Certificate
After installing Internet Information Services (IIS) and Certificate services Win­dows components, create the Server Certificate as follows:
A Start [Internet Services Manager].
B Right-click [Default Web Site], and then click [Properties].
C On the [Directory Security] tab, click [Server Certificate].
Web Server Certificate Wizard starts.
D Click [Next].
E Select [Create a new certificate], and then click [Next].
F Select [Prepare the request now, but send it later], and then click [Next].
G Enter the required information according to the instructions given by Web
Server Certificate Wizard.
H Check the specified data, which appears as Request File Summary, and then
click [Next]. The server certificate is created.
-If the fax number cannot be obtained
If the fax number cannot be obtained during authentication, specify the setting as follows:
A Start [C:\WINNT\SYSTEM32\adminpak].
Start Setup Wizard.
B Select [Install all of the Administrator Tools], and then click [Next].
C On the [Start] menu, select [Run].
D Enter [mmc], and then click [OK].
E On the [Console], select [Add/Remove Snap-in].
F Click [Add].
78
G Select [ActiveDirectory Schema], and then click [Add].
H Select [facsimile Telephone Number].
I Right-click, and then click [Properties].
J Select [Replicate this attribute], and then click [Apply].
Enabling Authentication
LDAP Authentication
Specify this authentication when using the LDAP server to authenticate users who have their accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the LDAP server. The address book stored in the LDAP server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the address book.
Important
If user information on the server is changed, information registered in the ma-
chine may be overwritten when authentication is performed.
Limitation
When using LDAP Authentication, to prevent the password information be-
ing sent over the network unencrypted, the machine and LDAP server must communicate via SSL. To enable this, you must create a server certificate for the LDAP server.
To use LDAP authentication, the network configuration must allow the ma-
chine to detect the presence of the LDAP server.
5
To use LDAP authentication you need to register the LDAP server in the ma-
chine. For details about registration, see Network Guide.
Under LDAP authentication, you cannot specify access limits for groups reg-
istered in the LDAP Server.
When using LDAP Authentication, you cannot use LDAP search.
Enter the user’s login user name using up to 32 characters and login password
using up to 128 characters.
Enter the administrator’s login user name and login password using up to 32
characters for each.
Do not use Japanese, Traditional Chinese, Simplified Chinese or Hangul mul-
ti-byte characters when entering the login user name or password. If you use multi-byte characters , you cannot authenticate using Web Image Monitor.
Note
If you want to use LDAP authentication, you need to register the user name
that is registered in the LDAP server.
By default, the user can use all of the machine’s functions. If you want to limit
the available functions, specify the available functions for each user.
79
5
Management Based on Authentication and Access Control
Specifying LDAP Authentication
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools]. D Press [User Authentication Management]. E Select [LDAP Authentication].
Note
If you do not want to use user authentication management, select [Off].
F Select the LDAP server to be used for LDAP authentication.
G Select the "Printer Job Auth." level.
Note
If you select [Entire], you cannot print using a printer driver or a device that
does not support authentication. To also print under an environment that does not support authentication, select [Simple (All)]. By making this setting, only registered users will be able to print.
By selecting [Simple(Limitation)], you can specify clients for which printer
job authentication is not required. Specify [Parallel Interface: Simple], [USB: Simple] and the clients’ IP address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenti­cated printer drivers or without any printer driver. Authentication is re­quired for printing with non-specified devices.
80
Enabling Authentication
If you select [Simple (All)] or [Simple(Limitation)], you can print even with un-
authenticated printer drivers or devices.Specify this setting if you want to print with a printer driver or device that cannot be identified by the ma­chine or if you do not require authentication for printing.However, note that, because the machine does not require authentication in this case, it may be used by unauthorized users.
Reference
For details, see p.86 “Printer Job Authentication Levels and Printer Job Types”.
Specifying [Simple(Limitation)]
A Press [Simple(Limitation)]
5
B Press [Change].
C Specify the range in which [Simple(Limitation)] is applied to Printer Job
Authentication.
D Press [OK].
81
5
Management Based on Authentication and Access Control
H Enter the login name attribute in the [Login Name Attribute] box.
Note
When using OpenLDAP, register the login name attribute using an at-
tribute name such as “uid”. However, you do not need to register this if you want to authenticate using the DN.
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
I Enter the unique attribute in [Unique Attribute], and then press [OK].
Note
In [Unique Attribute], enter the attribute for managing unique information
on the server. You can enter an attribute such as “serialNumber” or “uid”. Additionally, you can enter “cn” or “employeeNumber”, provided it is unique.
J Press [OK]. K Press the {User Tools/Counter} key.
Integration Server Authentication
To use Integration Server Authentication, you need a server on which ScanRout­er software that supports authentication is installed.
For external authentication, the Integration Server Authentication collectively authenticates users accessing the server over the network, providing a server-in­dependent centralized user authentication system that is safe and convenient.
For example, if the delivery server and the machine share the same Integration Server Authentication, single sign-on is possible using DeskTopBinder.
Important
If user information on the server is changed, information registered in the ma-
chine may be overwritten when authentication is performed.
Limitation
To use Integration Server Authentication, which depends on communication
via the secure sockets layer (SSL), the machine must have the printer and scanner functions.
82
Note
The built-in default administrator name is “Admin” on the Server and “ad-
min” on the machine.
Specifying Integration Server Authentication
A Press the {User Tools/Counter} key. B Press [System Settings].
C Press [Administrator Tools]. D Press [User Authentication Management]. E Select [Integration Svr. Auth.].
Enabling Authentication
5
Note
If you do not wish to use User Authentication Management, select [Off].
F Press [Change] for “Server Name”.
Specify the name of the server for external authentication.
G Enter the server name, and then press [OK].
Enter the IP address or host name.
H In ”Authentication Type”, select the authentication system for external au-
thentication.
Select an available authentication system.
I Press [Change] for “Domain Name”.
83
5
Management Based on Authentication and Access Control
J Enter the domain name, and then press [OK].
Note
You cannot specify a domain name under an authentication system that
does not support domain login.
If global groups have been registered:
If global groups have been registered under Windows server, you can limit the use of functions for each global group.
You need to create global groups in the Windows server in advance and reg­ister in each group the users to be authenticated.
You also need to register in the machine the functions available to the global group members.
If global groups are not specified, users can use the available functions spec­ified in [*Default Group]. If global groups are specified, users not registered in global groups can use the available functions specified in [*Default Group]. By default, all functions are available to [*Default Group] members. Specify the limitation on available functions according to user needs.
A Under “Group”, press [Program / Change], and then press [*Not Pro-
grammed].
If the setting to be specified does not appear, press [TNext] to scroll down
to other settings.
B Press [Change], and then enter the group name. C Select which of the machine’s functions you want to limit. D Press [OK].
K Press [Obtain URL].
The machine obtains the URL of the server specified in [Server Name].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
L Press [OK] M Select the "Printer Job Auth." level.
84
Note
If you select [Entire], you cannot print using a printer driver or a device that
does not support authentication. To print under an environment that does not support authentication, select [Simple (All)]. By making this setting, only registered users will be able to print.
Enabling Authentication
If you select [Simple(Limitation)], you can specify clients for which printer job
authentication is not required. Specify [Parallel Interface: Simple], [USB: Sim- ple] and the clients’ IP address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticat­ed printer drivers or without any printer driver. Authentication is required for printing with non-specified devices.
If you select [Simple (All)] or [Simple(Limitation)], you can print even with un-
authenticated printer drivers or devices.Specify this setting if you want to print with a printer driver or device that cannot be identified by the ma­chine or if you do not require authentication for printing.However, note that, because the machine does not require authentication in this case, it may be used by unauthorized users.
Specifying [Simple(Limitation)]
A Press [Simple(Limitation)]
5
B Press [Change].
C Specify the range in which [Simple(Limitation)] is applied to Printer Job
Authentication.
D Press [OK].
85
Management Based on Authentication and Access Control
-Printer Job Authentication Levels and Printer Job Types
This section explains the relationship between printer job authentication levels and printer job types.
Depending on the combination of printer job authentication level and printer job type, the machine may not print properly. Set an appropriate combination ac­cording to the operating environment.
User authentication is supported by the RPCS and PCL printer drivers.
Machine Settings (displayed on the control panel) Printer Job Types
5
[User Authentication Management]
[Off] ——✩✩✩✩✩✩✩
[User Code Authentica- tion]
[Basic Authentication],
Windows Authentication
[ [LDAP Authentication], [Integration Svr. Auth.]
[Printer Job Auth.][Restrict Use of
Simple Encryption]
——❍❍❍❍❍uu
[Simple (All)][Off] $ u ✩✩✩❍
],
[Entire][Off] $ u uu
[On] u
[On] u
ABCDEFG
: Printing is possible regardless of user authentication.
: Printing is possible if user authentication is successful. If user authentication
fails, the print job is reset.
$: Printing is possible if user authentication is successful and [Driver Encryption
Key] for the printer driver and machine match.
u:
Printing is not possible regardless of user authentication, and the print job is reset.
Reference
For details about [Restrict Use of Simple Encryption], see p.109 “Specifying the Extended Security Functions”.
86
[Printer Job Auth.]
[Entire] The machine authenticates all printer jobs and remote settings, and cancels jobs and settings that fail authentication. Printer Jobs: Job Reset Settings: Disabled
[Simple (All)] The machine authenticates printer jobs and remote settings that have authen­tication information, and cancels the jobs and settings that fail authentication. Printer jobs and settings without authentication information are per­formed without being authenticated.
[Simple(Limitation)]. You can specify the range to apply [Simple(Limitation)] to by specifying [Par- allel Interface: Simple], [USB: Simple], and the client’s IP address.
Enabling Authentication
Printer Job Types
A In the RPCS printer driver dialog box, the [Confirm authentication information
when printing] and [Encrypt] check boxes are selected. In the PCL printer driver dialog box, the [User Authentication] and [With En- cryption] check boxes are selected.
Personal authentication information is added to the printer job. The printer driver applies advanced encryption to the login passwords. The printer driver encryption key, enables the driver encryption to prevent the login password being stolen.
B In the RPCS printer driver dialog box, the [Confirm authentication information
when printing] check box is selected. In the PCL printer driver dialog box, the [User Authentication] and [With En- cryption] check boxes are selected.
Personal authentication information is added to the printer job. The printer driver applies simple encryption to login passwords.
C In the RPCS printer driver dialog box, the [Confirm authentication information
when printing] check box is not selected.
In the PCL printer driver dialog box, the [User Authentication] check box is not selected. Personal authentication information is added to the printer job and is dis­abled.
5
D When using the PostScript 3 printer driver, the printer job contains user
code information. Personal authentication information is not added to the printer job but the user code information is.
Note
This type also applies to recovery/parallel printing using an RPCS/PCL printer driver that does not support authentication.
E When using the PostScript 3 printer driver, the printer job does not contain
user code information. Neither personal authentication information nor user code information is added to the printer job.
Note
Type 5 also applies to recovery/parallel printing using an RPCS/PCL
printer driver that does not support authentication.
F A printer job or PDF file is sent from a host computer without a printer
driver and is printed via LPR. Personal authentication information is not added to the printer job.
G A PDF file is printed via ftp.
Personal authentication is performed using the user ID and password used for logging on via ftp. However, the user ID and password are not encrypt­ed.
87
Management Based on Authentication and Access Control
Authentication Information Stored in the Address Book
Preparation
For details about logging on and logging off with administrator authentica­tion, see p.106 “Logging on Using Administrator Authentication”, p.107 “Logging off Using Administrator Authentication”.
You need to register a user in the address book. For details about the address book, see General Settings Guide.
Specifying Login User Name and Login Password
A Press the {User Tools/Counter} key.
5
B Press [System Settings]. C Press [Administrator Tools]. D Press [Address Book Management].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Select the user or group. F Press [Auth. Info]. G Press [Change] for [Login User Name].
H Enter a login user name, and then press [OK].
88
I Press [Enter] for [Login Password].
J Enter a login password, and then press [OK]. K If a password reentry screen appears, enter the login password, and then
press [OK].
Authentication Information Stored in the Address Book
L Press [OK]. M Press [Exit]. N Press the {User Tools/Counter} key.
Specifying Authentication Information to Log on
In [User Authentication Management], specify the login user name and password. The login user name and password specified in [User Authentication Management] can be used as the login information for “SMTP Authentication", “Folder Au­thentication", “Integration Server Authentication" and “LDAP Authentication".
If you do not want to use the login user name and password specified in [User Authentication Management] for “SMTP Authentication", “Folder Authentication", "Integration Server Authentication" or “LDAP Authentication", see General Set- tings Guide.
Note
If you want to use [Windows Authentication], [LDAP Authentication], or [Integration
Svr. Auth.] in [User Authentication Management], take the user name registered in
the server and register it in the machine’s address book.
A Press the {User Tools/Counter} key. B Press [System Settings]. C Press [Administrator Tools]. D Press [Address Book Management].
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
E Select the user or group. F Press [Auth. Info]. G Specify the login user name and password. H In “Available Functions”, select the functions available to the user.
5
Reference
For details about limiting available functions, see p.42 “Limiting Available Functions”.
89
5
Management Based on Authentication and Access Control
I Select [Use Auth. Info at Login] in “SMTP Authentication”.
If the setting to be specified does not appear, press [TNext] to scroll down to
other settings.
Limitation
When using [Use Auth. Info at Login] for “SMTP Authentication”, “Folder
Authentication”, or “LDAP Authentication”, a user name other than “oth­er” , “admin” , “supervisor” or “HIDE***” must be specified. The symbol “***” represents any character.
To use [Use Auth. Info at Login] for SMTP authentication, a login password
up to 64 characters in length must be specified.
Note
For folder authentication, select [Use Auth. Info at Login] in “Folder Authen-
tication”.
For LDAP authentication, select [Use Auth. Info at Login] in “LDAP Authen-
tication”.
J Press [OK]. K Press [Exit]. L Press the {User Tools/Counter} key.
90
If User Authentication Has Been Specified
If User Authentication Has Been Specified
When user authentication (User Code Authentication, Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authen­tication) is set, the authentication screen is displayed. Unless a valid user name and password are entered, operations are not possible with the machine. Log on to operate the machine, and log off when you are finished operations. Be sure to log off to prevent unauthorized users from using the machine.When auto logout timer is specified, the machine automatically logs you off if you do not use the control panel within a given time.
Note
Consult the User Administrator about your login user name, password, and
user code.
For user code authentication, enter a number registered in the address book
as [User Code].
5
User Code Authentication (Using the Control Panel)
When user authentication is set, the following screen appears.
Enter a user code (eight digit), and then press [#].
Note
To log off, do one of the following:
• Press the Operation switch.
• Press the {User Tools/Counter} key.
• Press the {Energy Saver} key after jobs are completed.
User Code Authentication (Using a Printer Driver)
When user authentication is set, specify the user code in the printer properties of a printer driver. For details, see the printer driver Help.
91
Management Based on Authentication and Access Control
Login (Using the Control Panel)
Follow the procedure below to log on when Basic Authentication, Windows Au­thentication, LDAP Authentication, or Integration Server Authentication is set. Follow the procedure below to log on when basic authentication, Windows au­thentication, LDAP Authentication, or Integration Server Authentication is set.
A Press [Enter] for [Login User Name].
B Enter a login user name, and then press [OK].
5
C Press [Enter] for [Login Password]. D Enter a login password, and then press [OK]. E Press [Login].
When the user is authenticated, the screen for the function you are using ap­pears.
Log Off (Using the Control Panel)
Follow the procedure below to log off when Basic Authentication, Windows Au­thentication, or LDAP Authentication is set.
A Press {User Tools / Counter}. B Press [Logout].
92
C Press [Yes]. D Press {User Tools / Counter}.
Loading...