Xerox 7428, 7435 User Manual

WorkCentre® 7400 Series
Multifunction Printer
®
WorkCentre 7425/7428/7435
System Administrator Guide
Français Guide de l’administrateur système
Español Guía del administrador del sistema
Português Guia de Administração do Sistema
Copyright © 2009 Xerox Corporation. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation.
Copyright protection claimed includes all forms of matters of copyrightable materials and information now allowed by statutory or judicial law or hereinafter granted, including without limitation, material generated from the software programs which are displayed on the screen such as styles, templates, icons, screen displays, looks, etc.
®
Xerox
, CentreWare®, WorkCentre®, PrintingScout®, and Walk-Up® are trademarks of Xerox Corporation in the United States and/or
other countries.
Adobe
Reader®, Adobe Type Manager®, ATM™, Flash®, Macromedia®, Photoshop®, and PostScript® are trademarks of
Adobe Systems Incorporated in the United States and/or other countries.
®
Apple
, AppleTalk®, Bonjour®, EtherTalk®, Macintosh®, Mac OS®, and TrueType® are trademarks of Apple Computer, Inc. in the
United States and/or other countries.
®
, HP-UX®, and PCL® are trademarks of Hewlett-Packard Corporation in the United States and/or other countries.
HP-GL
®
IBM
and AIX® are trademarks of International Business Machines Corporation in the United States and/or other countries.
Microsoft
®
, Windows Vista®, Windows®, and Windows Server® are trademarks of Microsoft Corporation in the United States and/or
other countries.
®
Novell
, NetWare®, NDPS®, NDS®, Novell Directory Services®, IPX™, and Novell Distributed Print Services™are trademarks of
Novell, Incorporated in the United States and/or other countries.
®
SGI
IRIX® is a trademark of Silicon Graphics, Inc.
SM
, Sun Microsystems™, and Solaris™ are trademarks of Sun Microsystems, Incorporated in the United States and/or other
Sun countries.
®
UNIX
is a trademark in the United States and other countries, licensed exclusively through X/Open Company Limited.
As an E
NERGY STAR
efficiency. The E
®
partner, Xerox Corporation has determined that this product meets the ENERGY STAR guidelines for energy
NERGY STAR name and logo are registered U.S. marks.
Contents
1 General Information
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Installation
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Changing the Default Main Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Print Driver Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Obtaining Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
TCP/IP Peer to Peer (LPR or Standard TCP/IP) Printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
NetBIOS over IP Peer to Peer Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
NetBIOS over IP Client/Server Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPP Printing – Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
EtherTalk (AppleTalk) Peer to Peer Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Common UNIX Printing System (CUPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installing Unicode Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3 Administrative Tools
Configuration Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
CentreWare Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
System Administrator Login ID and Passcode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Changing Internet Services (HTTP) Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Proxy Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Jobs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Print Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Scan Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Properties Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Details of Some Properties Tab Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Support Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4 Network Management
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Ethernet Speed Setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
TCP/IP Protocol Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Accessing TCP/IP Protocol Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
TCP/IP LPD Enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Changing LPD Settings at the Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
WorkCentre 7425/7428/7435
System Administrator Guide
3
TCP/IP Dynamic Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
TCP/IP Configuration Selection List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
IP Filtering (IP Address Restriction) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configure Port 9100 (Raw Printing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Microsoft (NetBIOS over IP) Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
IPP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Changing IPP Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
EtherTalk (AppleTalk) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Changing EtherTalk Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
AS400 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
AS400 Raw TCP/IP Printing to Port 9100 (CRTDEVPRT) . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5 Security
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Xerox Secure Access (Authentication) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
802.1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Encryption Service Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuration of HTTPS (SSL/TLS) Communication Encryption. . . . . . . . . . . . . . . . . . . . . 76
Configuration of E-mail Encryption/Digital Signature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuration of Scan File Signatures (PDF/XPS Documents) . . . . . . . . . . . . . . . . . . . . . . 81
IP Sec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
FIPS 140-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Scheduled Image Overwrite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Secure Watermark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Secure Watermark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Secure Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Using Secure Print from the Print Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Using Secure Print from CentreWare Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Xerox Common Access Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Supported Card Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Supported Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Installing the Common Access Card Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Enabling and Configuring the Common Access Card Feature . . . . . . . . . . . . . . . . . . . . . . 92
6 Scanning and Faxing
Enabling Options with Software Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Special Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
WorkCentre 7425/7428/7435
4
System Administrator Guide
Scan to E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
E-mail Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Preparations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
LDAP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Network Scanning (Using Templates) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Installation Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configure a Scan Filing Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configure a Scan Filing Repository using FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configure a Scan Filing Repository using SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Testing Network Scanning (using templates) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Scan to PC (FTP/SMB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Enabling Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Receiving Computer Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Adding the Receiving Computer’s Address to the Address Book . . . . . . . . . . . . . . . . . . . 124
Using the Scan to PC (FTP/SMB) Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Scan to Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Preparing for Scan to Home Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Configure Scan to Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Scanning to the Printer’s Hard Drive (Folders) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Setting Up Folders at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Setup and Use of Job Flow Sheets with Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Enabling Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configuring the SNMP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Creating Job Flow Sheets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Scan to PC Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Software Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Installing and Using the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Before Installing the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Installing the Network Scanner Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Uninstalling the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Importing Scanned Data from the Folder to an Image-Editing Application . . . . . . . .138
Importing Scanned Data from the Folder using Network Scanner Utility 3. . . . . . . . .139
Xerox Extensible Interface Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
XEIP Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
LAN Fax (PCL Drivers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
LAN Fax (PostScript Drivers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
WorkCentre 7425/7428/7435
System Administrator Guide
5
Server Fax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Installation Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Configure a Fax Filing Location (Repository) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Configure a Fax Filing Repository using FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Configure a Fax Filing Repository using SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Configure a Fax Filing Repository using SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Features that Support Server Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Internet Fax (iFAX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Enabling the E-mail Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring the E-mail Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Testing iFAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
7 Printer Management
Xerox Standard Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Enabling Xerox Standard Accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Create a Group Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Create a User Account and Set Usage Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Maximum Usage Limits and Resetting Individual Usage Limits . . . . . . . . . . . . . . . . . . . 172
Using XSA at the printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Resetting Usage Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Print a Usage Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Enable XSA in your Print Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Backing Up XSA Data and Settings and Cloning to Another Device. . . . . . . . . . . . . . . . 174
Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Annotation (Bates Stamping) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Configuring Bates Stamp Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Configuring a Precise Bates Stamp Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Media Card Reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Media Card Reader Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Supported Media and File Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Inserting and Ejecting Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Media Print Text Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Index Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Selecting and Printing Photo Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Problem Solving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
USB Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Supported Media and File Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Selecting and Printing Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Selecting and Printing Photo Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
WorkCentre 7425/7428/7435
6
System Administrator Guide
Thumbnail Preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Hard Disk Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
To Verify or Change Hard Disk Data Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Encryption Key For Confidential Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Xerox Smart eSolutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Enable communications with the Xerox Smart eSolutions Server . . . . . . . . . . . . . . . . . .189
Cancelling Communications with the Xerox Smart eSolutions Server . . . . . . . . . . . . . .190
8 Troubleshooting
General Troubleshooting Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
TCP/IP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
NetBIOS over IP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
At the DNS or WINS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
IPP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
EtherTalk Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
At a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Scanning to Hard Drive Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
Image Quality Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Color Calibration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
WorkCentre 7425/7428/7435
System Administrator Guide
7
WorkCentre 7425/7428/7435
8
System Administrator Guide

General Information

This chapter includes:
Resources on page 10
1
9
General Information

Resources

You can get information about your printer from the following sources.
Information Source
Installation Guide Quick Use Guide User Guide (PDF) User Documentation
Information about menu selection or error messages on control panel
Information pages
Print Drivers www.xerox.com/office/WC7425_WC7428_WC7435drivers
Recommended Material List – North America Recommended Material List – Europe
Online Support Assistant Tec h nic a l Supp o rt
Registration www.xerox.com/office/register
Supplies www.xerox.com/office/WC7425_WC7428_WC7435support
Packaged with printer Packaged with printer Customer Documentation CD
www.xerox.com/office/WC7425_WC7428_WC7435docs
Control panel Help (?) button Control panel menu
www.xerox.com/paper www.xerox.com/europaper
www.xerox.com/office/WC7425_WC7428_WC7435support www.xerox.com/office/WC7425_WC7428_WC7435support
WorkCentre 7425/7428/7435
10
System Administrator Guide

Installation

This chapter includes:
Installation on page 12
Print Driver Installation on page 13
2
11

Installation

Installation

Overview

1. Connect one end of a Category 5 twisted pair cable to a live network drop. Connect the other end
of the cable to the RJ–45 socket at the rear of the printer.
2. Set the printer's power switch to On and wait until the main screen is displayed.
3. Print a Configuration Report. Refer to the Configuration Report to determine which ports and
protocols are enabled for your network. For more information see Configuration Report on page 22.
4. Enable the printer’s internet services (HTTP) and TCP/IP protocol so that you can configure the
printer using the CentreWare Internet Services Web interface. For more information see
CentreWare Internet Services on page 23.
5. Install the print drivers and set up computers to communicate with the printer.
6. If you have purchased optional features for your printer, such as Scanning to the printer's Hard
Drive, configure these options. For more information see Scanning and Faxing on page 97.

Changing the Default Main Screen

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the Too l s tab.
5. Touch Common Service Settings, touch Screen/Button Settings, select Service Screen Default,
touch Change Settings, make your selection and touch Save.
6. Touch Close until the Tools tab is displayed.
7. Wait for the Auto Clear service to log you out.
WorkCentre 7425/7428/7435
12
System Administrator Guide

Print Driver Installation

Print Driver Installation

Supported Operating Systems

Windows 2000 Professional, 2000 Server, 2003 Server, XP Professional, Vista
Macintosh OSX 10.3 and newer
•UNIX

Obtaining Drivers

Drivers are on a CD that came with your printer. If you do not have the CD, you can download drivers at
www.xerox.com/office/WC7425_WC7428_WC7435drivers.

TCP/IP Peer to Peer (LPR or Standard TCP/IP) Printing

Windows Print Driver Installation
1. On the Windows XP desktop, click Start, then Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. Double-click Add Printer.
3. When the Add Printer Wizard screen displays, click Next.
4. Select Local Printer and deselect Automatically detect and install my Plug and Play printer.
Click Next.
5. Select Create a new port and choose LPR from the Typ e drop down menu. (LPR becomes available
when Print Services for UNIX is installed, as above).
Note: If you prefer to print raw data to Port 9100 on the printer, choose Standard TCP/IP Port. Click
Next.
6. When prompted, enter the IP address of the printer.
7. Enter a name for the print queue (such as raw). If you selected the Standard TCP/IP port, you can
accept the default name provided by Windows. Click Next.
8. You will be prompted for a print driver. Select Have Disk and browse to the location of your print
driver.
9. Select the .INF file, then click Open.
10. When the Install from Disk screen displays, verify that the path and file name are correct and click
OK.
11. Select the model that corresponds to your printer and click Next.
12. Enter a name for your printer and select either Yes or No to make this printer your default printer.
Select Yes if you will be printing primarily to this printer from your applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
WorkCentre 7425/7428/7435
System Administrator Guide
13
Installation
Configure the Print Driver
1. Click Start, select Printers and Faxes. The Vista path is Start\Control Panel\Printer(s).
2. Right click the printer's icon and select Properties.
3. Use the available tabs to set the printer's job processing defaults, including enabling Bi-Directional
Communication. Additional settings may be accessed by clicking the Printing Preferences button
on the General Tab.

NetBIOS over IP Peer to Peer Printing

Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, verify that SMB and TCP/IP are enabled. Verify that the workgroup's
default name is Workgroup, or a valid, 15 character maximum, workgroup name. Also note the
printer's SMB Host Name (which assures the uniqueness of the printer's name within the
Workgroup). To enable SMB, see Microsoft (NetBIOS over IP) Networks on page 52. Modify the
name of the Workgroup, or printer's name (SMB Host name) using CentreWare Internet Services.
4. Make sure to configure the DNS/WINS Server(s) for NetBIOS name to IP address resolution. Then
provide the printer with the addresses of the Servers. For more information, see TCP/IP Protocol
Configuration on page 43.
An Alternate Procedure for Setting up NetBIOS over IP Peer to Peer Printing
Note: Experienced System Administrators can use the following procedure:
1. On Windows XP computers, from the Properties selection of the Local Area Connection icon,
verify that the Internet Protocol (TCP/IP) is installed. Select the protocol and click Properties. Verify
that TCP/IP is configured for use of the DNS Server. Click the Advanced button and select the DNS
tab. Verify that the check box labeled Register this connection's addresses in DNS is checked. Select
the WINS Tab and verify that the NetBIOS setting is set to either Use NetBIOS Setting from the
DHCP Server, or that NetBIOS is enabled over TCP/IP. Click Cancel twice and verify that the Client
for Microsoft Networks is installed. Finally, with your Operating System Installer Disk readily
available, through Add/Remove Programs and Add/Remove Windows Components, select Other
Network File and Print Services. Click Details, check the box for Print Services for UNIX, and click
OK and Next.
2. When prompted for the Name or address of the server providing LPD enter the printer's SMB Host
Name as seen on the printer's Configuration Report.
3. When prompted for a queue name, enter your preference of an easily-identified name for this
printer.
4. Install the print driver on your computer and, when prompted to select a port to print through,
select the LPR port that you just created.
5. Print a Test Print to verify successful communication with the printer.
WorkCentre 7425/7428/7435
14
System Administrator Guide
Print Driver Installation

NetBIOS over IP Client/Server Printing

Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, verify that SMB is enabled. Also, verify that TCP/IP is enabled as one
of the supported protocols. To enable SMB, see Microsoft (NetBIOS over IP) Networks on page 52).
4. Set Up a Server to Queue Jobs to the Printer. If you have not already set up a Server, for a quick-
step set up procedure, for help see Microsoft (NetBIOS over IP) Networks on page 52.
Windows Print Driver Installation
Verify that the Correct Protocols and Services are Installed in the Computer
1. Verify that the Internet protocol (TCP/IP) is installed in the Computer. On the Windows XP desktop,
click Start, Control Panel, and double click Network Connections. Right click the Local Area
Connection icon and select Properties.
On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
2. Verify that the Internet Protocol (TCP/IP) has been loaded. If it has, click this item and click the
Properties button to verify that this computer is using either a dynamic or static method to obtain
a valid TCP/IP address.
3. Also verify that this computer is using a DNS (or WINS) Server for resolution of the NetBIOS Host
name (typically the same name as the computer's Internet host name). If the TCP/IP protocol is
not loaded, click the Install… button, then select Protocol as the type of network component that
you wish to install. Click the Add… button and select Internet Protocol (TCP/IP).
4. With your operating system installer disk readily available, click the Have Disk… button and follow
any remaining instructions.
5. Verify that the Client for Microsoft Networks is installed in the computer. On the Windows XP
desktop, click Start, Control Panel, and double click Network Connections. Right click the Local
Area Connection icon and select Properties.
On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
6. If the Client for Microsoft Networks is not loaded, click the Install… button, then select Client as
the type of network component that you wish to install.
7. Click the Add… button and select Client for Microsoft Networks.
8. With your operating system installer disk readily available, click the Have Disk… button and follow
any remaining instructions.
Add the Printer to the Windows Desktop
1. On the desktop, from Start, select Printers and Faxes.
2. Double-click Add Printer. From Printer Tasks, select
3. When the Add Printer Wizard displays, click Next.
4. Select Network Printer and click Next.
Add a printer.
WorkCentre 7425/7428/7435
System Administrator Guide
15
Installation
5. In Windows XP, on the Specify a Printer screen, select Connect to this printer (or to browse for a
printer, select this option and click Next). As a shortcut, if you know the UNC (Universal Naming
Convention) of the printer, enter it in the text box. Click Next.
In Windows 2000, on the Locate Your Printer screen, select Type the printer name or click next to
browse for a printer. Click Next.
6. When the Browse for Printer screen displays, wait for the screen to finish loading its list of Shared
Printers. The displayed format for many of these Shared Printers is the UNC of the Printer (for
example, \\computer (i.e. Server) name\share (i.e. Printer) name).
7. On the Browse for Printer screen, either click one of the displayed Servers or UNCs, or enter the UNC
of your server and its shared printer. Click Next.
8. When prompted for the driver files, select Have Disk and browse to the location of your print driver.
9. Select the .INF file then click Open.
10. When the Install from Disk screen displays, verify the path and file name are correct and click OK.
11. Select the model that corresponds to your Printer and click Next.
12. Enter a name for your Printer and select either Yes or No for making this printer your default
Windows printer. Select Yes if you will be printing primarily to this printer from your Windows
applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
Configure the Print Driver
1. On the desktop, from Start, select Printers and Faxes.
2. Right click the printer's icon and select Properties.
3. Use the available tabs to set the printer's job processing defaults, including enabling Bi-Directional
Communication. Additional settings may be accessed by clicking the Printing Preferences button
on the General Tab.
IPP Printing – Windows
IPP (the Internet Printing Protocol) enables the convenience of printing over the Internet or Intranet through the creation of an IPP network port. This printing service is available for other computer operating systems through downloads from the Microsoft Web site. Follow the instructions provided by Microsoft to install the IPP service on operating systems other than Windows 2000 and XP.
Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Report, under the TCP/IP data label, verify that the printer has a valid IP Address, Subnet
Mask, and Gateway displayed. If it does not, assign these addresses to the printer. For more
information see TCP/IP Protocol Configuration on page 43.
4. On the Report, verify that Port 9100 is displayed with a Port Status of Enabled. If it is not, enable
Port 9100. Click the Port Status in the Connectivity folder on the Properties tab of
CentreWare Internet Services and make sure that the Port 9100 check box is selected.
WorkCentre 7425/7428/7435
16
System Administrator Guide
Print Driver Installation
5. On the report, verify that IPP is enabled. If it is not, enable it. See IPP Configuration on page 54.
6. Verify that IPP is using DNS to resolve Host Names to IP Addresses in support of IPP printing. Enter
your printer’s IP address into your Web browser’s address field to access
CentreWare Internet Services. Click the Properties tab. Click the Connectivity folder, then on the
Protocols folder and select IPP. Verify that the DNS Enablement check box is selected.
Verify that TCP/IP is Installed in the Computer
1. On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
On the Windows XP desktop, click Start, Control Panel, and double click Network Connections.
2. Right click the Local Area Connection icon and select Properties.
3. Verify that the Internet Protocol (TCP/IP) has been loaded. If it has, click this item and click the
Properties button to verify that this computer is using either a dynamic or static method to obtain
a valid TCP/IP address.
4. If the TCP/IP protocol is not loaded, click the Install… button, then select Protocol as the type of
network component that you wish to install. Click the Add… button and select Internet Protocol
(TCP/IP).
5. With your Operating System Installer Disk readily available, click Have Disk… and follow any
remaining instructions.
6. Once the protocol has been installed, you can click the item and click the Properties button to verify
or set up the method being used for TCP/IP addressing.
Add the Printer to the Windows Desktop
1. On the desktop, from the Start menu, select Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. On Windows XP, from Printer Tasks, select Add a printer.
3. When the Add Printer Wizard displays, click Next.
4. Select Network Printer and click Next.
5. To create an IPP printer select Connect to a printer on the Internet….
6. Type http:// followed by the printer's fully qualified Domain name or IP address in the URL field.
You may have to type /ipp after the printer's name or ip address. the printer's name can be either
the Internet Host Name or the SMB Host Name as shown on the printer's Configuration Report,
depending on the name resolution used by your network (DNS or WINS).
7. Click Next.
8. When prompted for the driver files, select Have Disk
and browse to the location of your print driver.
9. Select the .INF file then click Open.
10. When the Install from Disk screen displays, verify the path and file name are correct and click OK.
11. Select the model that corresponds to your printer and click Next.
12. Enter a name for your printer and select either Yes or No for making this printer your default
Windows printer. Select Yes if you will be printing primarily to this printer from your Windows
applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
WorkCentre 7425/7428/7435
System Administrator Guide
17
Installation
Configure the Print Driver
1. On the Windows XP desktop, from Start, select Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. Right click the printer's icon and select Properties. Use the available tabs to set the printer's job
processing defaults, including enabling Bi-Directional Communication. Additional settings may be
accessed by clicking the Printing Preferences button on the General tab.

EtherTalk (AppleTalk) Peer to Peer Printing

Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, under the EtherTalk data label, verify that the EtherTalk port is
enabled, and that the printer has been assigned an EtherTalk (Printer) Name and an EtherTalk
zone. If one or more of these parameters needs to be configured, see EtherTalk (AppleTalk)
Configuration on page 57.
Installation Instructions for Macintosh OS X 10.3 and Newer
1. Double click to open the folder containing the drivers.
2. Double click to open the machine model.dmg.
3. Double click to open the machine model.pkg file.
4. When the Welcome screen displays, click Continue.
5. Click Continue, then Agree or Accept to accept the License Agreement.
6. Select the required disk (if necessary) where you want to install the printer. Click Continue.
7. Click Install.
8. Click Close, and restart the computer.
9. When the computer has restarted, double click the hard drive icon.
10. Double click the Applications icon.
11. Double click the Utilities folder.
12. Double click Print Center icon.
13. Double click Add to add a new printer.
14. Select AppleTalk as your network protocol.
15. Select the required AppleTalk zone.
16. Select the printer that you wish to set up.
17. Select the Printer Model (that is, choose the PPD for your printer).
18. Click Add.
19. Print a document from an application to verify that the printer is installed correctly.
WorkCentre 7425/7428/7435
18
System Administrator Guide
Print Driver Installation

Common UNIX Printing System (CUPS)

Overview
The Common UNIXS Printing System (CUPS) was created by Easy Software Products in 1998 as a modern replacement for the Berkeley Line Printer Daemon (LPD) and AT&T Line Printer (LP) system designed in the 1970's for printing text to line printers.
Currently available for downloading from a number of sources on the Internet, such as www.cups.org, CUPS is offered in both source code and binary distributions.
Before You Start
Verify that IPP and Port 9100 are enabled at your printer. For more information see IPP Configuration on page 54 and Configure Port 9100 (Raw Printing) on page 51.
Installing CUPS on the UNIX computer
The instructions for installing and building CUPS are contained in the CUPS Software Administrators Manual, written and copyrighted by Easy Software Products and available for downloading at
www.cups.org/documentation.php. An Overview of the Common UNIX Printing System, Version 1.1 by
Easy Software is also available at this site.
A case history of the building and installation of CUPS source code on a FreeBSD 4.2 machine, is described in the article entitled Using CUPS – the Common UNIX Printing System, by Ralph Krause, available at www.cups.org, through thes/documentation/tutorials/BSD Today – Using CUPS selections. Directory locations for the CUPS files, as described in this article, are the following:
Programs were copied to /usr/local/bin and usr/local/sbin.
Documentation was copied to /usr/local/share/docs/cups.
A directory called /usr/local/share/cups was created for various CUPS data files.
The configuration files were copied to /usr/local/etc/cups.
The binary distribution of CUPS is available in tar format with installation and removal scripts, as well as in rpm and dpkg formats for RedHat and Debian versions of Linux. After logging into the computer as root (su) and downloading the appropriate files to the root directory, the CUPS installation process begins as follows:
Tar format:
After untarring the files, run the installation script with ./cups.install (and press Enter).
RPM format:
rpm -e lpr
rpm -i cups-1.1-linux-M.m.n-intel.rpm (and press Enter).
WorkCentre 7425/7428/7435
System Administrator Guide
19
Installation
Debian format:
dpkg -i cups-1.1-linux-M.m.n-intel.deb (and press Enter).
Note: RedHat Linux, versions 7.3 and newer, include CUPS support, so software downloading is
unnecessary. Also, CUPS is the default printing system used by Mandrake Linux.
Installing the Xerox PPD on the Computer
The Xerox PPD for CUPS should be available on one of the CDs that came with your printer. If you no longer have the CDs, download the PPD from:
www.xerox.com/office/WC7425_WC7428_WC7435support.
From the CD or from the downloaded Internet file, with root privileges copy the PPD into your cups ppd folder on your computer. If you are unsure of the folder's location, use the Find command to locate the ppd's. An example of the location of the ppd.gz files in RedHat 8.1 is /usr/share/cups/model.
Adding the Xerox Printer
1. Use the PS command to make sure that the CUPS daemon is running. The daemon can be
restarted from Linux using the init.d script that was created when the CUPS RPM was installed. The
command is > /etc/init.d/cups restart. A similar script or directory entry should have been created in
System V and BSD. For the example of CUPS built and installed on a FreeBSD 4.2 machine from the
source code, run cupsd from /usr/local/sbin. (cd /usr/local/sbin cupsd press Enter).
2. Type http://localhost:631/admin into the address (URL) box of your Web browser and press Enter.
3. For User ID, type root. For the requested password, type the root password.
4. Click Add Printer and follow the on screen prompts to add the printer to the CUPS printer list.
Printing with CUPS
CUPS supports the use of both the System V (lp) and Berkeley (lpr) printing commands.
Use the -d option with the lp command to print to a specific printer.
lp -dprinter filename (and press Enter)
Use the -P option with the lpr command to print to a specific printer.
lpr -Pprinter filename (and press Enter)
For complete information on CUPS printing capabilities, see the CUPS Software Users Manual available from www.cups.org/documentation.php.

Installing Unicode Fonts

The Xerox Unicode 3.0 font kit for SAP is available for this printer. Install the Unicode fonts to print documents in multiple languages, in an SAP environment. To order the kit, contact your Xerox representative.
WorkCentre 7425/7428/7435
20
System Administrator Guide

Administrative Tools

This chapter includes:
Configuration Report on page 22
CentreWare Internet Services on page 23
3
21
Administrative Tools

Configuration Report

To print a Configuration Report:
1. Press the Machine Status button on the control panel.
2. Press the Print Reports button.
3. Press the Copy Reports button.
4. Press the Configuration Report button.
5. Press the green Start button, to the right of the control panel’s numeric keypad.
6. The printing process will be displayed on the touch screen.
The Configuration Report is formatted into two columns with horizontal ruled lines indicating four distinct data display areas on the print.
The first area displays System Settings.
The second area displays Copy Service Settings.
The third area displays Print Service Settings.
The fourth area displays Communication Settings.
WorkCentre 7425/7428/7435
22
System Administrator Guide

CentreWare Internet Services

CentreWare Internet Services
CentreWare Internet Services is the Web interface to the HTTP server in the printer. It allows you to configure the printer remotely from a Web browser on a network computer.
Note: You must set your Web browser so that it will not use a proxy server to access
CentreWare Internet Services.

System Administrator Login ID and Passcode

If authentication is enabled, you must enter the system administrator login ID and passcode to access all printer settings. These credentials are required when accessing printer settings at the control panel. and through CentreWare Internet Services. You are required to enter system administrator credentials when accessing settings in the Properties tab in CentreWare Internet Services.
The default settings are:
•Administrator Login ID: admin
•Passcode: 1111
For more information see Authentication on page 62.

Changing Internet Services (HTTP) Settings

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Press the Too l s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the down arrow key to view additional selections.
8. Press the Internet Services (HTTP) selection line.
9. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
10. When the Internet Services (HTTP) menu displays, you have two settings available for selection.
The Port Settings menu selections are Port Status and Internet Services Port Number. After
pressing the selection line, to access available settings press the Change Settings button in the
lower right corner of the touch screen.
Enabling Internet Services (HTTP)
1. Press Port Status in the Internet Services (HTTP) menu.
2. Press the Change Settings button.
3. Press Enabled.
4. Press Save.
WorkCentre 7425/7428/7435
System Administrator Guide
23
Administrative Tools
5. To exit the screen, without making any changes, press the Cancel button.
Internet Services Port Number
1. Press Internet Services Port Number in the Internet Services (HTTP) menu.
2. Press Change Settings.
3. On the Port Number screen, use the keypad to enter the port number (default of 80).
4. Press Save.
5. Press Cancel to exit without making changes.
6. To exit the Internet Services Selection Menu touch Close in the upper right corner of the touch
screen.
7. To exit the Port Settings menu, returning to the printer's Tools screen, touch Close again.

Proxy Server Settings

To use the Web Service button on the printer (if available), which enables the printer to access HTTP file servers on the Internet, you need to enter your Proxy Server information as described here.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select Proxy Server Settings folder.
6. Place a check mark in the Use Proxy Server check box.
7. From the Proxy Setup drop down menu, select either Same Proxy for All Protocols, or Different
Proxy for each Protocol, depending upon your Proxy Server setup.
8. In the Addresses to Bypass Proxy Server box, enter up to 1024 characters of IP addresses, fully
qualified host names, or wildcard host names (such as *.eng), separated by semicolons. Functioning
like the local address exception list in a typical Web browser, these addresses will be permitted to
bypass the Proxy Server.
9. For the HTTP or HTTPS Server Names, provide a name of up to 255 characters in length for one or
both of these Proxy Servers. A fully qualified domain name or IP address can be used.
Note: Make sure that DNS is enabled See TCP/IP Protocol Configuration on page 43.
10. Leave the Port Number set to 8080 (the IANA recognized proxy port) unless you are using a
different port number. If you are using a different port number, enter it in the available box.
11. Check the Authentication box if client authentication is required for the Proxy Server.
12. Enter the Login Name for access to the proxy server. Up to 32 characters can be entered.
13. Enter the Password for access to the proxy server. Up to 32 characters can be entered.
14. Click Apply.
15. Enter the System Administrator user ID and password when prompted and click OK.
WorkCentre 7425/7428/7435
24
System Administrator Guide
CentreWare Internet Services

Overview

CentreWare Internet Services contains the following main menu tabs:
Status: View the status of the printer's trays and consumables.
Jobs: View the current job queue, as well as a history of processed jobs.
Print: Change Job Submission settings.
Scan: Create and edit Distribution Templates.
Properties: Allows you to configure the printer for job processing, options support, and network
communications.
Note: If authentication is enabled, you must enter the system administrator User Name and Password
(default admin, 1111) if prompted, to access the Properties tab.
Support: View system administrator and Xerox contact information.

Status Tab

The Status tab allows you to see the status of the printer’s trays and consumables.
General for a general description of the printer. Click Reboot Machine to restart the printer.
Trays: View the status of the desired item.
Consumables: View the status of the desired item.
Press Refresh a refresh a status page.

Jobs Tab

The Jobs tab allows you to view the current job queue, as well as a history of processed jobs.
Active Jobs: View the current job queue.
Job History List Folder: View a list of jobs that have been printed, copied, and scanned.
Error History: View a list of Errors and the time and date when they occurred.

Print Tab

The Print tab allows you to edit job submission settings. Delivery methods include Immediate Print, Sample Set, Delayed Print, and Secure Print. Click Browse… to locate your print-ready job. Click Submit Job when you are ready to submit your job. For information, see Secure Print on page 87.
Note: Print-ready jobs must be in a file format that the printer recognizes (PostScript files with a .ps file
extension, for example).
WorkCentre 7425/7428/7435
System Administrator Guide
25
Administrative Tools

Scan Tab

Includes Job Templates, Folder, and Job Flow Sheets.
Folder: Lets you create individual folders into which you can direct scanned documents. These
documents can then be retrieved and printed, either at the printer or locally at your computer, as
explained in the Scanning to the printer’s Hard Drive (Folder) topic. For more information see
Scanning to the Printer’s Hard Drive (Folders) on page 128.
Job Templates: Customize and use Job Templates to scan and transfer documents directly to
Network Servers. For more information see Network Scanning (Using Templates) on page 112.
Job Flow Sheets: Change the sheet type, and order and assign a user name. For more information
see Setup and Use of Job Flow Sheets with Folders on page 131.

Properties Tab

The Properties tab allows you to configure the printer's job processing options and network communications settings.
Note: If authentication is enabled, you must enter the system administrator User Name and Password
(default admin, 1111) if prompted to access the Properties tab. You may also be prompted for the user name and password when changing settings in the Properties tab.
Configuration Overview: Provides shortcuts to commonly used configuration pages within the
Properties tab. Click Settings, then Configure, to go directly to the page without having to
navigate through the folders in the directory tree on the left.
Description: Allows you to see and edit basic identification information about your printer.
General Setup Folder
The General Setup folder contains the following pages and folders:
Configuration: Lists current printer settings such as memory allocation; available page description
languages and their version numbers; firmware (software) versions for the controller and printer
components; hard disk partition information; and hardware information (indicating the availability
of the Ethernet Port and Hard Disk, for example).
Job Management: Allows you to set permissions that allow system administrators or general (non-
administrator) users to delete jobs from the printer’s print queue.
Paper Tray Attributes: Provides a display of the available trays (including bypass), their media
settings, and tray selection order.
Paper Settings: Displays paper settings, which can be manipulated and set for installed trays. See
the printer's User Guide for more information.
Power Saver Settings: Displays the settings for low power mode and sleep mode. Low Power Mode
is selectable from 1 to 240 minutes. Sleep Mode is selectable from 1 to 240 minutes.
Stored Job Settings: Set a minimum passcode length for jobs stored on the printer.
Memory Settings: View or change the amount of memory allocated on the hard drive for spooling
incoming jobs into buffers (dedicated to specific ports or protocols).
Internet Services Settings: View or change the Auto Refresh Interval, or the Display Language (if
available).
WorkCentre 7425/7428/7435
26
System Administrator Guide
CentreWare Internet Services
Pool Server Settings: Set up the login details from this device to a remote template pool server.
Cloning: Copy the settings and Web-generated scan templates of one printer and transfer them to
other printers operating with the same version of system software. Groups of settings can be
cloned, depending on the optional features installed on the printer.
Alert Notification Folder
Billing Meter Read Alerts: Set up an e-mail notification to the designated Billing Administrator
whenever billing meters are automatically read by the Meter Assistant.
Supplies Data Sent Alerts: Set the receiving E-mail address for alerts from the Supplies
Assistant.
Billing & Counters Folder: View the total number of pages, images, or jobs processed by the
printer.
Smart eSolutions Folder: Set up automatic billing meter reading and supplies reporting. For more
information see Xerox Smart eSolutions on page 189.
Connectivity Folder
Port Settings: Enable or disable ports. Note that if any selections, such as Port 9100 for example,
are unavailable for setting using the printer's control panel, they can be set here. You can enable or
disable the following ports:
•EtherTalk
NetWare (for Novell networks)
•SNMP
•SMB
•LPD
Port 9100
•Send E-mail
Receive E-mail
E-mail Notification Service
•Internet Services
•FTP Client
•IPP
UPnP Discovery
•WebDAV
•Bonjour
•WSD
•SOAP
Physical Connections Folder
Ethernet: View or change Ethernet (speed) Settings from a drop down selection list. Selections
include: Auto (auto sensing), (10/100Base-TX), 100Base-TX (Half or Full Duplex), and 10Base­TX (Half or Full Duplex). The MAC Address of the printer is also displayed, but not editable.
Parallel: View or change the enablement settings for Bi-Directional Communications (a check
box) and Auto Eject Time (Parallel Port Timeout), with a range of 5 to 1275 seconds.
WorkCentre 7425/7428/7435
System Administrator Guide
27
Administrative Tools
USB: View or change the Auto Eject Time, which is the length of time the Controller will wait for
an end of job command before processing the job.
Note: Parallel and USB are options that must installed before they will be displayed.
Protocols Folder: View or modify the communication protocols used by the printer. SMTP Server,
and POP3 Setup allow you to configure E-mail server addresses, for E-mail scanning. Set your proxy
server parameters for Meter Assistant and Web Service (if available)on the Proxy Server page.
LDAP Folder: The LDAP folder contains the same settings available under Authentication
Configuration in the Security folder. This allows you to configure authentication for the printer using LDAP, or to independently configure LDAP for use with the printer, such as in address book for E-mail.
Services Folder
Print Mode: Set the page description language emulation used by the printer's input ports
displayed on the screen. Depending upon the Ports enabled at the printer, the list of ports will
include: Parallel, AppleTalk (with PostScript), SMB, LPD, IPP and Port 9100. Typical page description
selections for each port include: Auto (auto select), PostScript, HP-GL/2, PCL, and TIFF/JPEG.
Language Emulations Folder: View and change the printer's default preferences for processing
Page Description Languages.
E-mail Folder: View and change the printer's default E-mail message settings, and import a public
address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse… button
to locate your CSV formatted file, then click Import Now.
Internet Fax: View and change the printer's default Internet Fax message settings, and import a
public address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse…
button to locate your CSV formatted file, then click Import Now.
Fax Folder: View and change the printer's default Fax and Server Fax setttings, and import a public
address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse… button
to locate your CSV formatted file, then click Import Now. Enable or disable Confirmation printing
(Server Fax).
Network Scanning Folder: Set up Network Scanning using Templates.
Machine Software Folder:
Upgrades: Enable the printer for software upgrades.
Manual Upgrade: Upgrade the printer software.
Xerox Services Folder: Set up the Xerox Communication Server. This is the Xerox server that
supports automatic billing and supplies reporting. For more information see Xerox Smart eSolutions
on page 189.
Custom Services Folder
Validation Options: Works with a validation server, which is used in an enterprise network to
certify the authenticity of Digital Certificates used for file encryption. Note that Digital Certificates typically work with SSL/TLS encryption, which is set up from the Machine Digital Certificate Management in the Security folder. The host name and path settings for a validation server are set up through the Validation Server in the Network Scanning subfolder.
Custom Services: Enable Custom Services and Password Transmission.
WorkCentre 7425/7428/7435
28
System Administrator Guide
CentreWare Internet Services
Accounting Folder
Configure Accounting server and login options.
Security Folder
Authentication Configuration: Set up the printer with local and remote Authentication. User
Details Setup is used to configure the characteristics of the login prompt for User Authentication.
Remote Authentication Server: Configure authentication administered by a remote server.
IP Filtering: Set up IP address restrictions for access to this device.
Audit Log: Enable or disable the Audit Log.
Machine Digital Certificate Management: Manage digital certificates stored on the printer.
IP Sec: Configure IP Sec encryption.
Certificates Management: Sets the categories for trusted certificate management (used with
digital certificates).
802.1x : Enable and configure 802.1x settings.
SSL / TLS: Configure the settings for SSL / TLS encryption.
PDF / XPS Security Settings: Add a digital signature to PDF and XPS files.
System Administrator Settings: Change the Login ID and Passcode used by the System
Administrator to access Tools on the printer’s control panel, and to modify Properties in CentreWare Internet Services.

Details of Some Properties Tab Features

Setting TIFF (and other PDL) Processing Properties
To set the Printer's default TIFF / JPEG, PostScript, PCL, or HP-GL/2 processing properties, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Services folder.
5. Click the Printing folder, then the Language Emulations folder.
6. Click TIFF / JPEG, or PostScript, or PCL, or HP-GL/2 to access the printer's list of default settings for
processing the selected Page Description Language.
7. Select a Printer number and click Edit (when available) to access a list of numerous processing
settings.
8. Click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
29
Administrative Tools
Setting PDL Emulations
To set the PDL (Page Description Language) Emulations, used by the printer's Input Ports, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Services folder.
5. Click the Printing folder, then the Language Emulations folder.to see the Page Description
Languages currently supported by system software.
6. Click Print Mode to access a list of the printer's Input Ports, displaying the Page Description
Language emulations they are currently set to use.
7. Depending upon the Ports enabled at the printer, the list of displayed Ports includes: Parallel,
AppleTalk (with PostScript), SMB, LPD, IPP, WSD, and Port 9100. Typical Page Description
selections for each Port include: Auto (auto select), PostScript, HP-GL/2, PCL and TIFF/JPEG.
8. Click Apply.
Banner Sheet Printing
When documents are sent to print at the printer, a banner sheet is printed identifying the PC that sent the print job. The banner sheet is printed on paper from a selected tray. When the selected tray is empty, the printer will automatically switch to another tray with the same size paper and print the banner sheet from that tray. The printer will continue to print banner sheets from this secondary tray until the selected tray is refilled.
To set banner sheet printing and select a banner sheet paper tray:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. In the Group column, touch Print Service Settings.
7. In the Features column, touch Other Settings.
8. On the Other Settings screen, in the Items column, touch Banner Sheet, then touch Change
Settings.
9. On the Banner Sheet screen, select one of the following:
•Off
Start Sheet (the default choice)
•End Sheet
Start Sheet & End Sheet
10. Touch Save.
WorkCentre 7425/7428/7435
30
System Administrator Guide
CentreWare Internet Services
11. To select a banner sheet tray:
a. On the Other Settings screen, in the Items column, touch Banner Sheet Tray, then touch
Change Settings.
b. Select the tray that will hold the banner sheet paper.
c. Tray 3 is the suggested choice, with Tray 4 as the secondary tray.
12. Touch Save.
Set the Ethernet Speed
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Physical Connections folder.
5. Click Ethernet.
6. Select your network speed from the drop down list.
7. Click Apply, then click Reboot Machine.
Configure TCP/IP Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Click the Connectivity folder, then the Protocols folder.
4. Click TCP/IP.
5. Review the available selections as displayed on your screen and explained in the TCP/IP
Configuration Selection List, below.
6. Accept the default Host Name, or type in your own unique Host Name for this printer.
7. Select the desired method for obtaining an IP Address.
8. If Static is selected, type in the addresses that apply for IP Address, Subnet Mask, and Gateway.
Caution: Changing the IP address for the printer will affect NetBIOS/IP, LPR/LPD, FTP, SNMP, and Port
9100 printing. It will also interrupt the ability to communicate with the printer using the CentreWare Internet Services. When you change the printer's IP Address, make sure to print out a Configuration Report so that you have a record of the TCP/IP addresses for use with computers that need to communicate with the printer using TCP/IP.
Note: If DHCP or BOOTP addressing method is selected, you cannot manually change the IP Address,
Subnet Mask, or Gateway. Select Manual if you wish to manually enter these addresses.
Note: When using DHCP, set a reasonably long Lease Time for the IP Address so that the printer can be
restarted, when taken out of service for maintenance, without being assigned a new IP Address.
Note: Upon rebooting, when the system comes up, if it can’t locate a DHCP server on the network it will
use whatever IP address it was previously configured with.
WorkCentre 7425/7428/7435
System Administrator Guide
31
Administrative Tools
9. Determine the method to use to supply the DNS Server IP Addresses (to resolve Host Names with
IP Addresses).
10. Determine whether or not Dynamic DNS should be enabled.
11. Click Apply, then click Reboot Machine.
TCP/IP Configuration Selection List
As displayed on your screen, the following selections are available for TCP/IP Configuration.
IP Mode: Select the IP Mode that applies to your network environment.
General
Host Name: The default entry assures a name that is unique to this device on the network.
IP Address Resolution: Use this drop down menu to select the method to use to assign IP
Addresses. Select Static, DHCP, RARP, BOOTP, or DHCP/Autonet. Note that with the Autonet option selected, if a Windows 2000 client can’t contact the DHCP server, it will assign itself an IP address from the 169.254.0.0 class B address space. This is also known as zero configuration, or Bonjour, networking. Make sure to check the Enabled box for Self Assigned Address at the bottom of your screen.
IP Address: To be filled in manually only when Static addressing is selected.
Subnet Mask: To be filled in manually only when Static addressing is selected.
Gateway Address: To be filled in manually only when Static addressing is selected.
Domain Name: Enter the fully qualified domain name here. For example: xerox.com.
DNS Configuration
DNS Server Address Resolution: If enabled with a check mark, the printer will contact the
DHCP Server for the IP Addresses of up to three DNS Servers. If unchecked, this information must be entered manually.
Three DNS Address boxes are supplied for the manual entry of DNS Server addresses.
Dynamic DNS Update: If your DNS Server does not support dynamic IP address updates there
is no need to enable this check box. Check the Overwrite box to enable DNS information overwriting.
Generate Domain Search List Automatically: A check box is provided for enabling automatic
Domain searches.
Domain Names 1,2,3: Three text boxes are provided for the entry of Domains to search (for
example, Xerox.com).
Connection Timeout: An entry box is provided for entering a Timeout for searches of Domains.
Zero Configuration Networking: Used with DHCP/Autonet selected from the IP Address
Resolution drop down menu, when this box is checked the printer will assign itself an IP address
from the 169.254.0.0 class B address space.
Note: Changes to TCP/IP settings will not be applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
32
System Administrator Guide
CentreWare Internet Services
Configure LPD
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select LPD in the directory tree.
6. The available selections include:
Port Number: (Default value is 515.) As this is the port for the TCP Spooler assigned by the
IANA (Internet Assigned Numbers Authority), the default value should not need to be changed.
TBCP Filter: (Displayed when PostScript is enabled).
Connection Time-Out
Maximum Number of Sessions: Enter the maximum number of simultaneously connected
hosts for this interface.
7. Enter a Time Out value for jobs being sent to the printer through this port. This is the length of
time that the controller will wait for an end of job command before printing the current job.
8. Click the Apply to accept the changes, or Undo to return the settings to their previous values.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configure SNMP
It is possible to remotely define and modify GET (Read Only), SET (Read/Write), and Trap SNMP (Simple Network Management Protocol) community names for the printer. You can also enter the System Administrator's Name here for packet identification purposes.
SNMP Community Name properties that can be configured
Community Name (Read Only): This is the password for SNMP GET requests from the SNMP
Manager to the Agent in the printer. Applications, such as Xerox Printer Map or CentreWare
Conductor, obtaining information from the printer by SNMP use this password.
Community Name (Read/Write): This is the password for SNMP SET requests from the SNMP
Manager to the Agent in the printer. Applications, such as Xerox Printer Map or CentreWare
Conductor, which set information on the printer by SNMP use this password.
Community Name (Trap Notification): This is the default password for SNMP TRAPS sent from
the printer to the Manager by SNMP.
WorkCentre 7425/7428/7435
System Administrator Guide
33
Administrative Tools
Configuring SNMP Community Names in CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select SNMP Configuration in the directory tree, and check the Enable box for the version desired.
6. Enter a name for Community Name (Read Only), also known as GET.
7. Enter a name for Community Name (Read/Write), also known as SET.
Caution: Caution: If you change the GET and/or SET Community Names, you must also change the
names in all network applications that are communicating by SNMP with this printer.
8. Enter a name for Community Name (Trap Notification). This is the default password for SNMP
TRAPS sent from the printer to the Manager by SNMP.
9. Optionally enter the System Administrator's name for packet identification purposes.
10. Select a trap and click Edit in the Trap Notification Settings section.
11. Select your transport method (IPX or UDP) and fill in the trap destination information for your
selected method.
12. Select the event(s) that you wish to report on by checking the applicable box(es).
13. Click Apply to accept the changes, or the Undo button to return the settings to their previous
values.
Note: Changes to settings will not be applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configuring IPP
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select IPP in the directory tree.
6. The available selections include:
Port Number Static Display: This is the port number assigned by IANA (Internet Assigned Numbers Authority. The default value is 631.
Additional Port Number: You can enter port 80 (HTTP) here as a backup port.
TBCP Filter: Displayed when PostScript is enabled.
Administrator Mode: This is disabled by default.
DNS
Connection Time-out
7. Select the DNS check box. The DNS Server will be available to resolve Host Names to IP Addresses, in support of printing with IPP.
WorkCentre 7425/7428/7435
34
System Administrator Guide
CentreWare Internet Services
8. Enter a Connection Time Out value for jobs being sent to the printer through this Port. This is the length of time that the Controller will wait for an end of job command before printing the current job.
9. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a Reboot Machine button
on the Status tab of CentreWare Internet Services.
Modify the HTTP (Internet Services) Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select HTTP in the directory tree.
6. The available selections include:
Port Number: The default value is 80, which is the HTTP Port number assigned by the IANA
(Internet Assigned Numbers Authority). This default value should not need to be changed.
Maximum Connections
Connection Time-out
Secure HTTP (SSL): Select the check box to set all HTTP communications with the printer to
encrypted communications. If you do this you will have to have a digital certificate installed on the printer. For more information see Configuration of HTTPS (SSL/TLS) Communication
Encryption on page 76.
Secure HTTP Port Number: HTTP traffic will be routed to this port when using HTTP with SSL
encryption.
7. In the Maximum Connections entry box, accept the default value, or enter a number for the maximum number of hosts (networked computers) that can be connected to the printer's HTTP Server (CentreWare Internet Services) at one time.
8. In the Connection Time-Out entry box, accept the default value, or enter the number of seconds that a browser connection can remain open without any activity.
9. Click Apply to apply setting changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a Reboot Machine button
on the Status Tab of CentreWare Internet Services.
WorkCentre 7425/7428/7435
System Administrator Guide
35
Administrative Tools
Configure WSD (Web Services on Devices)
As stated by Microsoft, WSD is Microsoft’s implementation of the printers Profile for Web Services (DPWS) standard, a specification that enables devices, such as printers, cell phones, cameras, and home entertainment centers, to use standard Web-based protocols (HTTP and UDP) to discover one another, advertise their services over the IP (versions 4 or 6) network, and report on their operational status.
Typically, a device such as a network printer will use a small amount of flash memory to store WSD­related information. The WSD device then advertises a primary endpoint that can be located through WS-Discovery (via UDP) on a Windows Vista client.
The endpoint supplies metadata about itself through WS-Metadata Transfer. This information typically includes manufacturer, device information, and service host metadata (information on offered services).
WSD provides two way communication, enabling a printer to both receive jobs and to send status notifications to Windows clients when events occur, such as supplies running low.
To configure this printer for WSD, perform the following steps.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select WSD in the directory tree.
6. The available selections include:
Port Number: Enter the port number between 1 and 65535. Port 80 is the recommended HTTP
default. Do not use the numbers assigned to the other ports.
TBCP Filter: Check to enable TBCP Filter when PostScript data is to be processed. This is only
available when the optional PostScript 3 kit is installed. When the transmission data includes binary data or EPS data, disable this. For Windows, follow the Output Protocol setting in the printer Settings tab of the Properties screen of the print driver.
Data Receive Time-Out: Enter the timeout period for receiving data from WSD clients between
1 and 65535 seconds in 1 second increments.
Notification Delivery Time-Out: Enter the timeout period for notification delivery to WSD
clients between 1 and 60 seconds in 1 second increments.
Maximum TTL: The Time to Live setting (in seconds) for undelivered IP datagrams (such as
UDP being used with WSD). Enter a value 1 and 10.
Maximum Number of Subscribers: Enter the maximum number of clients for reserved
notification between 1 and 200.
7. Click Apply to apply setting changes, or the Undo button to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a convenient button on the
Status Tab of CentreWare Internet Services.
WorkCentre 7425/7428/7435
36
System Administrator Guide
CentreWare Internet Services
Configure Port 9100 (Raw Printing)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select Port 9100.
6. The available selections include:
TCP Port Number: The default is 9100. This does not need to be changed.
TBCP Filter: Displayed when PostScript is enabled.
Connection Time-Out
7. Enter a Time Out value for jobs being sent to the printer through this port. This is the length of time that the Controller will wait for an end of job command before printing the current job.
8. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer.
Note: If Port 9100 is not displayed in the Properties Tab directory tree, click Port Status in the directory
tree. Use your mouse to place a check mark in the check box on the Port 9100 line. Click the Apply button, then click the Reboot Machine button (always available on the Status Tab) to remotely reboot the printer.
IP Filtering (IP Address Restriction)
Using CentreWare Internet Services, access to the printer's Services can be restricted by Host IP Address.
To restrict device access, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select IP Filtering.
6. Choose which IP Filtering to apply depending upon the address space used with your network. Note that IPv4 is the traditional (xxx.xxx.xxx.xxx) address space used with TCP/IP networks.
IP Filter Enablement: If enabled with a check mark, access to the printer's services will be
restricted to the list of IP Addresses and Subnet Masks specified by clicking the Edit button. If disabled (unchecked), host access to the printer is universal (unrestricted).
Add or Edit: When this button is clicked, a list of ten lines of IP Address and Subnet Mask entry
boxes is displayed. Sometimes referred to as a restriction list, this list is used to supply the IP Addresses and Subnet Masks of up to ten hosts (individual computers) that are authorized to access the printer's services. All other hosts, not specified in this list, will be prevented from accessing the printer's services.
WorkCentre 7425/7428/7435
System Administrator Guide
37
Administrative Tools
7. Click Apply when done.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configure EtherTalk (AppleTalk)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols file folder.
5. Select EtherTalk in the directory tree.
Note: If EtherTalk is not displayed in the Properties Tab directory tree, click the Port Settings in the
directory tree. Use your mouse to place a check mark in the check box on the EtherTalk line. Click the Apply button.
6. The available selections include:
•Printer Name
Zone Name
7. Enter the name that you wish to assign to this printer. This is the name that will appear in the Chooser.
8. Either accept the default zone of * which lets the closest router assign the printer to a zone, or assign the printer to a zone (with a 32 character naming limit).
9. Click the Apply button to accept changes, or Undo to return settings to their previous values.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
E-mail, SMTP, and POP3 Settings
You can change E-mail, SMTP, and POP3 settings in CentreWare Internet Services. For complete information on required E-mail settings, see Scan to E-mail on page 100.
Bonjour (if available)
Bonjour (also called Zero-Configuration Networking) allows devices to communicate using 169.254/16 IPv4 addressing, over the same physical or logical (such as in ad hoc, or isolated (non- DHCP) networks).
When the Bonjour protocol is enabled on ALL communicating devices, and those devices are connected, Host names of the individual devices will be resolved to IPv4 addressing, without the use of a DNS server, and IP communications can then take place.
WorkCentre 7425/7428/7435
38
System Administrator Guide
CentreWare Internet Services
To view the Host Name and Printer Name automatically assigned to this machine under Bonjour, do the following:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties tab.
5. Click the Connectivity folder, then the Protocols folder.
6. Click Bonjour.
Note: If Bonjour is not displayed in the Properties tab, click Port Settings and check Bonjour. Click
Apply. If Bonjour is not available in the Port Settings list, click TCP/IP in the Protocols folder, and scroll to the bottom of the displayed page to Zero-Configuration networking.
7. Make a note of the Host Name and Printer Name for reference in working with other Bonjour (zero­configuration) connected computers.
Note: You can change these names, however the Host Name must be unique on the network. The
automatically generated Host Name should assure its uniqueness. The Host Name has a 32 character limit, while the Printer Name has a 62 character limit. If you change either name, be sure to click Apply. You can reboot the printer remotely using the Reboot Machine button, which is available on the Status Tab of CentreWare Internet Services.

Support Tab

Click Change Settings to edit the contact information.
WorkCentre 7425/7428/7435
System Administrator Guide
39
Administrative Tools
WorkCentre 7425/7428/7435
40
System Administrator Guide

Network Management

This chapter includes:
General on page 42
TCP/IP Protocol Configuration on page 43
TCP/IP LPD Enablement on page 46
TCP/IP Dynamic Addressing on page 48
IP Filtering (IP Address Restriction) on page 50
Configure Port 9100 (Raw Printing) on page 51
Microsoft (NetBIOS over IP) Networks on page 52
IPP Configuration on page 54
EtherTalk (AppleTalk) Configuration on page 57
AS400 Printing on page 59
4
41
Network Management

General

Ethernet Speed Setting

The printer's Ethernet Interface has speed settings of Auto (10/100Base-TX, 100Base-TX (Half or Full Duplex), and 10Base-TX (Half or Full Duplex). By default the Ethernet Port Configuration is set to Auto.
To Change the Network Speed
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Protocol Settings.
7. When the Protocol Settings menu displays, the selection line labeled Ethernet Rated Speed.
8. Press the Change Settings button.
9. On the Ethernet Rated Speed screen note which one of the buttons is highlighted as the current setting for Ethernet speed. The available settings are Auto (default), 100 Mbps Full Duplex, 100 Mbps Half Duplex, 10 Mbps Full Duplex, 10 Mbps Half Duplex.
10. To change settings, press your setting of choice, then press the Save button.
11. To exit the Ethernet Setting screen, without making any changes, press the Cancel button.
12. To exit the Protocol Settings menu, returning to the Tools tab, press the Close button.
13. Wait several seconds and the Auto Clear service should log you out.
Note: Note that if you changed any settings in the Protocol Settings menu, the printer will
automatically reboot to register and enable your new settings.
WorkCentre 7425/7428/7435
42
System Administrator Guide

TCP/IP Protocol Configuration

TCP/IP Protocol Configuration
To view or change the settings of the printer's TCP/IP Protocol Configuration, perform the following steps:

Accessing TCP/IP Protocol Settings at the Printer

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Protocol Settings.
7. When the Protocol Settings menu displays, note that with the exception of selection one (Ethernet Rated Speed), the remaining selections are specific to TCP/IP address settings. Choose your setting by pressing the numbered, horizontal selection line on the touch screen. Note that the current status of each setting is shown on the applicable line. After pressing a selection line, to access available settings press the Change Settings button in the lower right corner of the touch screen.
TCP/IP – IP Mode
1. Press the selection line labeled TCP/IP – Mode.
2. Press Change Settings.
3. Select the IP Mode best suited to your network environment. Note that your choices include IPv4 Mode, IPv6 Mode, and Dual Stack. The printer supports IPv6 addressing with an automatically­built Local Address for broadcasting to routers that can supply the network layer configuration parameters.
4. For traditional networks (using an address space of xxx.xxx.xxx.xxx), select IPv4 and press Save.
5. Note that the printer may reboot.
IP Address Resolution
1. On the Protocol Settings menu, press the selection line labeled IPv4 (or other mode) Address Resolution.
2. Press the Change Settings button.
3. On the settings screen, note which one of the buttons is highlighted as the current setting for the TCP/IP Addressing method. The available settings are DHCP, BOOTP, RARP, DHCP/Autonet, and STATIC. DHCP/Autonet is the default setting.
4. To change settings, press your selection of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
6. Press Close and, if you made any changes, the system will reboot.
WorkCentre 7425/7428/7435
System Administrator Guide
43
Network Management
IPv4 IP Address
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol Settings menu, press the selection line labeled IPv4 Address. Note that the IP Address may be viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate IP Address.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 Subnet Mask
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol Settings menu, press the selection line labeled IPv4 Subnet Mask. Note that the Subnet Mask may be viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate Subnet Mask.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 Gateway Address
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol Settings menu, press the selection line labeled IPv4 Gateway Address. Note that the Gateway address may be viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate gateway.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 IP Filter (IP Address Restriction)
Note: Before enabling the IPv4 IP filter, open CentreWare Internet Services on your computer. This will
prevent you from accidentally disabling communication with the printer from your computer (blocking your own IP address).
1. In the Protocol Settings menu, press the selection line labeled IPv4 IP Filter.
2. Press the Change Settings button.
3. On the settings screen, note which of the two buttons is highlighted as the current setting for IP Address restriction. The available settings are Enabled or Disabled. Disabled is the factory default setting.
4. To change settings, press your setting of choice, then press the Save button.
5. To return to the Protocol Settings menu, without making changes, press the Cancel button.
WorkCentre 7425/7428/7435
44
System Administrator Guide
TCP/IP Protocol Configuration
Exiting the Protocol Settings Menu and Returning to the Tools Tab
1. To exit the Protocol Settings menu, returning to the Tools tab, press the Close button in the upper right corner of the Protocol Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Protocol Settings menu, the printer will automatically reboot
to register and enable your new settings.
WorkCentre 7425/7428/7435
System Administrator Guide
45
Network Management

TCP/IP LPD Enablement

To support TCP/IP printing through the computer's LPR port in the case of Windows XP, the LPD (Line Printer Daemon) must be enabled at the printer.

Changing LPD Settings at the Printer

To view or change the printer's LPD setting, perform the following steps:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the selection line labeled LPD.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the LPD selections menu displays, note that you have a choice of setting selections by numbered horizontal lines, with the current status of each setting shown. The Close button in the upper right corner of the screen returns you to the Port Settings menu. After pressing the selection, to access available settings press the Change Settings button in the lower right corner of the touch screen.
Port Status (LPD Enablement)
1. On the LPD selections menu, press the selection line labeled Port Status.
2. Press the Change Settings button.
3. On the LPD Port Status screen, note which of the two buttons is highlighted as the current setting for LPD Enablement. The available settings are Enabled or Disabled. For the LPD to function, it must be set to Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
LPD Port Number
1. On the LPD selections menu, press the selection line labeled LPD Port Number.
2. Press the Change Settings button.
3. Note the setting of Port 515, which is the recommended, default value. To change the setting, use the keypad displayed on screen.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
WorkCentre 7425/7428/7435
46
System Administrator Guide
TCP/IP LPD Enab lement
LPD Maximum Number of Sessions
1. Select LPD – Maximum Number of Sessions.
2. Press Change Settings.
3. Select a number from 1 to 10.
4. To change settings, press Save.
5. To exit, without making changes, press Cancel.
Exiting the LPD Selections Menu
To exit the LPD selections menu, which returns you to the Port Settings menu, press the Close button in the upper right corner of the touch screen.
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the printer's Tools screen, press the Close button in the upper right corner of the Port Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
WorkCentre 7425/7428/7435
System Administrator Guide
47
Network Management

TCP/IP Dynamic Addressing

1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click TCP/IP.
6. Review the available selections as displayed on your screen and explained in the TCP/IP Configuration Selection List, below.
7. Accept the default Host Name, or type in your own unique Host Name for this printer.
8. Select DHCP or BOOTP as your method for obtaining an IP Address.
Caution: Changing the IP address for the printer will affect LPR/LPD, FTP, SNMP, and Port 9100
printing. It will also interrupt the ability to communicate with the printer using CentreWare Internet Services. When you change the printer's IP Address, make sure to print out a Configuration Report so that you have a record of the TCP/IP addresses for use with computers that need to communicate with the printer using TCP/IP.
Note: When using DHCP, set a reasonably long Lease Time for the IP Address so that the printer can be
shut down and serviced, when required, without being continuously assigned a new IP Address.
Note: Upon rebooting, when the system comes up, if it can’t locate a DHCP server on the network it will
use whatever IP address it was previously configured with.
9. Determine the method to use to supply the DNS Server IP Addresses (to resolve Host Names with IP Addresses).
10. Determine whether or not Dynamic DNS should be enabled.
11. Click Apply when done.

TCP/IP Configuration Selection List

As displayed on your screen, the following selections are available for TCP/IP Configuration.
IP Mode
Select the IP Mode that applies to your network environment.
General
Host Name: The default entry assures a name that is unique to this device on the network.
IP Address Resolution: Use this drop down menu to select the method to use to assign IP Addresses. Select STATIC, DHCP, RARP, BOOTP, or DHCP/Autonet.
WorkCentre 7425/7428/7435
48
System Administrator Guide
TCP/IP Dynamic Addressing
Note that with the Autonet option selected, if a Windows 2000 client can’t contact the DHCP server, it will assign itself an IP address from the 169.254.0.0 class B address space. This is also known as zero configuration, or Bonjour, networking. Make sure to check the Enabled box for Self Assigned Address at the bottom of your screen.
IP Address: To be filled in manually only when Static addressing is selected.
Subnet Mask: To be filled in manually only when Static addressing is selected.
Gateway Address: To be filled in manually only when Static addressing is selected.
Domain Name
Enter the fully qualified domain name here. For example: xerox.com.
DNS Configuration
DHCP Address Resolution: If enabled with a check mark, the printer will contact the DHCP Server for the IP Addresses of up to three DNS Servers. If unchecked, this information must be entered manually.
DNS Server Addresses
Dynamic DNS Update: If your DNS Server does not support dynamic IP address updates there is no need to enable this check box. Check the Overwrite box to enable DNS information overwriting.
Generate Domain Search List Automatically: A check box is provided for enabling automatic Domain searches.
Domain Names 1,2,3: Three text boxes are provided for the entry of Domains to search (for example, Xerox.com).
Connection Timeout: An entry box is provided for entering a Timeout for searches of Domains.
Zero Configuration Networking
Used with DHCP/Autonet selected from the IP Address Resolution drop down menu, when this box is checked the printer will assign itself an IP address from the 169.254.0.0 class B address space.
Changes to TCP/IP settings will not be applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
System Administrator Guide
49
Network Management

IP Filtering (IP Address Restriction)

1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties Tab .
5. Click the Security folder.
6. Select IP Filtering.
7. In either the IPv4 area or the IPv6 area, complete the following steps.
Note: IPv4 is the traditional (xxx.xxx.xxx.xxx) address space used with TCP/IP networks.
a. To allow universal, unrestricted access to the printer, clear the Enabled check box.
b. To restrict access to specific IP Addresses and Subnet Masks:
Click the Enabled check box.
•Click Add or Edit to add or edit an IP address from which you intend to accept jobs. Click Apply.
Note: IP filtering will not work until at least one IP address has been added. This prevents turning off
ALL access to the printer.
•Click Delete to delete an IP address. Click Apply.
8. Click Apply when done.
9. Send a test job.
WorkCentre 7425/7428/7435
50
System Administrator Guide

Configure Port 9100 (Raw Printing)

Configure Port 9100 (Raw Printing)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder on the left, then the Protocols folder.
5. Select Port 9100 in the directory tree.
6. The available selections include:
TCP Port Number: The default value is 9100. This typically does not need to be changed.
End of Job Timeout: Enter a Time Out value for jobs being sent to the printer through this
Port. This is the length of time that the Controller will wait for an end of job command before printing the current job.
TBCP Filter: A check box (displayed when PostScript is enabled).
7. Click the Apply button to accept changes, or the Undo button to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer.
Note: If Port 9100 is not displayed in the Properties Tab directory tree, click the Port Status in the
Connectivity folder in the tree. In the Port Status table, use your mouse to place a check mark in the check box on the Port 9100 line. Click the Apply button, then click the Reboot button (always available on the Status Tab) to remotely reboot the printer.
WorkCentre 7425/7428/7435
System Administrator Guide
51
Network Management

Microsoft (NetBIOS over IP) Networks

Before You Start

1. Print a Configuration Report. See Configuration Report on page 22.
2. Referring to the report, verify that SMB is enabled. To enable SMB at the printer, if required, follow the procedure below.
3. Referring to the Configuration Report, verify that DNS is enabled. The use of Naming Servers is required to resolve NetBIOS device names to IP addresses for packet routing over the TCP/IP network.
4. To enable the printer to communicate with the Naming Servers, see TCP/IP Dynamic Addressing on page 48.
5. When using WINS or DNS, be sure to refer to your Server Operating System documentation for the appropriate procedure to use to enable NetBIOS name to IP address resolution on the Server.
Enabling SMB Setting at the Printer
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the SMB selection line.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the SMB selection menu displays, note that you have only one setting available on a single, numbered horizontal line. Press this selection line.
10. Press the Change Settings button.
11. On the SMB Port Status screen, note which of the two buttons is highlighted as the current setting for SMB Enablement. The available settings are Enabled or Disabled. To enable SMB at the printer, select the Enabled setting.
12. Press the Save button on the touch screen, which returns you to the SMB selection menu. (To exit the screen, without making changes, press the Cancel button.)
13. Exit the SMB selection menu and return to the Port Settings menu by pressing the Close button in the upper right corner of the touch screen.
14. Exit the Port Settings menu by pressing the Close button in the upper right corner of the Port Settings menu screen.
15. To exit the Tools screen, wait several seconds for the Auto Clear service to log you out.
WorkCentre 7425/7428/7435
52
System Administrator Guide
Microsoft (NetBIOS over IP) Networks
Viewing or Configuring the SMB Host Name or WINS Server
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties Ta b .
5. Click the Connectivity folder, then the Protocols folder.
6. Select Microsoft Networking in the directory tree.
7. The available selections include:
Tran sport
Maximum Connections
Workgroup Name
SMB Host Name
TBCP Filter: (Displayed when PostScript is enabled).
An enabling check box for supporting Unicode (supplying the Host name and Workgroup name
in Unicode characters during SMB transmission).
An enabling check box for Auto Master Mode. When the master browser for the workgroup
cannot be found, if this box is checked, this host will become the master browser.
An enabling check box for Password Encryption (during SMB transmission).
WINS Server: For using a WINS Server to resolve NetBIOS names (SMB host names) to IP
addresses.
8. Select TCP/IP from the Transport menu.
9. Accept the default value, or enter a value from 3 to 10, for maximum number of connections allowed in Maximum Connections.
10. Accept the Workgroup name shown, or enter your own workgroup name.
11. Either accept the default SMB Host Name, which is automatically built by the printer to assure the name's uniqueness, or enter your preferred name. Note that this will be the NetBIOS name that is resolved by the Naming Server (DNS or WINS) to an IP Address for the printer.
12. If using a WINS server, enable the WINS Server Address Resolution check box. When enabled, the printer will contact the DHCP Server for the IP Addresses of the Primary and Secondary WINS (Windows Internet Naming Service) Servers. Note that two IP Address lines, with entry boxes, are provided for manual entry (when DHCP is not selected).
13. To apply setting changes, click the Apply button, then click the Reboot button to reboot the printer. To exit without making any changes, click the Undo button.
Note: To use the printer's NetBIOS name over the TCP/IP Network, the DNS and WINS Servers must be
configured for NetBIOS name to IP address resolution. Also, make sure that the printer is informed of the addresses of the DNS/WINS Servers. For more information see TCP/IP Dynamic Addressing on page 48 and Microsoft (NetBIOS over IP) Networks on page 52.
Setting Up a Computer to Print Directly to the printer
See Microsoft (NetBIOS over IP) Networks on page 52.
WorkCentre 7425/7428/7435
System Administrator Guide
53
Network Management

IPP Configuration

The Internet Printing Protocol provides a convenient way to print over the Internet or Intranet using the printer's IP address. To support this type of printing, make sure that Port 9100 is enabled at the printer. Click Port Status in the Connectivity folder on the Properties Tab of CentreWare Internet Services and make sure that the check box on the Port 9100 line is checked. The Internet Printing Protocol must also be enabled at the printer, and the Internet Print Service must be available and installed on the individual computer's version of Windows. IPP support is already built into Windows operating systems. For other desktop operating systems it is available as a download from Microsoft at www.microsoft.com. The final step is to install the IPP print driver. For more information, see Print
Driver Installation on page 13.

Changing IPP Settings at the Printer

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. Press the IPP selection line on the Port Settings menu.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the IPP selection menu displays, note that you have two selections available on numbered horizontal lines. The first selection is Port Status. The second is IPP – Added Port Number. The Close button in the upper right corner of the screen returns you to the Port Settings menu. After pressing the horizontal line selection, to access available settings press the Change Settings button in the lower right corner of the touch screen.
Port Status (IPP Enablement)
1. On the IPP selection menu, press Port Status.
2. Press the Change Settings button.
3. On the IPP Port Status screen, note which of the two buttons is highlighted as the current setting for IPP Enablement. The available settings are Enabled or Disabled. To print with IPP, this setting must be Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
WorkCentre 7425/7428/7435
54
System Administrator Guide
IPP Configuration
IPP – Added Port Number
Note: If you just enabled the IPP port, the machine may have to reboot before you can view or change
the Port Number.
1. On the IPP Selection menu, press the selection line labeled IPP – Added Port Number.
2. Press the Change Settings button.
3. Use the displayed keypad to add a Port Number, such as 80 (the displayed default for HTTP).
4. To save the setting, press Save.
5. To exit the screen, without making any changes, press Cancel.
Exiting the IPP Selection Menu
To exit the IPP selection menu, which returns you to the Port Settings menu, press the Close button in the upper right corner of the touch screen.
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the Tools screen, press the Close button in the upper right corner of the Port Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
Configuring IPP Settings with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click IPP.
6. The available selections include:
Port Number: The default value is 631. This is the port number assigned by IANA (Internet
Assigned Numbers Authority.
Add Port Number
TBCP Filter: Displayed when PostScript is enabled.
Administrator Mode: This is disabled by default.
DNS Enablement
Connection Timeout
7. Verify that DNS is checked (Enabled) by default. If enabled, the DNS Server will resolve Host Names to IP Addresses, in support of printing with IPP.
WorkCentre 7425/7428/7435
System Administrator Guide
55
Network Management
8. Enter a Time Out value for jobs being sent to the printer through this Port. This is the length of time that the Controller will wait for an end of job command before printing the current job.
9. Click the Apply button to accept changes, or the Undo button to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer.
WorkCentre 7425/7428/7435
56
System Administrator Guide

EtherTalk (AppleTalk) Configuration

EtherTalk (AppleTalk) Configuration
The EtherTalk Protocol enables computer to printer communications over the EtherTalk (AppleTalk) network.

Changing EtherTalk Settings at the Printer

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. Press the EtherTalk selection line on the Port Settings menu.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the EtherTalk selection menu displays, note that you have only one selection available on a single, numbered horizontal line, with the current status of this setting shown. The Close button in the upper right corner of the screen returns you to the Port Settings menu. After pressing the horizontal line selection, to access available settings press the Change Settings button in the lower right corner of the touch screen.
Port Status (EtherTal k En ab le me nt )
1. On the EtherTalk selection menu, press the selection line labeled Port Status.
2. Press the Change Settings button.
3. On the Port Status screen, note which of the two buttons is highlighted as the current setting for EtherTalk Enablement. The available settings are Enabled or Disabled. To print with EtherTalk, this setting must be Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
Exiting the EtherTalk Selection Menu
To exit the EtherTalk selection menu, which returns you to the Port Settings menu, press the Close button in the upper right corner of the touch screen.
WorkCentre 7425/7428/7435
System Administrator Guide
57
Network Management
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the Tools screen, press the Close button in the upper right corner of the Port Settings menu screen.
2. Wait several seconds for the Auto Clear service to log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
Configuring EtherTalk Settings with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click AppleTalk (EtherTalk).
Note: If this selection is unavailable, click Port Status, check the EtherTalk box, then click Apply.
6. The available selections include:
Printer Name: Enter the name that you wish to assign to this Printer. This is the name that will
appear in the Chooser.
Zone Name: Either accept the default zone of * which lets the closest router assign the printer
to a zone, or assign the printer to a zone (with a 32 character naming limit).
7. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
58
System Administrator Guide

AS400 Printing

AS400 Printing

AS400 Raw TCP/IP Printing to Port 9100 (CRTDEVPRT)

This is the procedure to set up printing to a printer from an AS/400 using the SNMP drivers. This procedure is intended for users familiar with the AS/400 system, especially those experienced with printing in an AS/400 environment. The AS/400 must run V4R5 of OS/400 so that the SNMP drivers are present (or V4R3/V4R4 with the most current PTFs installed). The printer must have port 9100 enabled.
To enable port 9100
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder.
5. Click the Protocols folder.
6. Select Port 9100 in the directory tree.
7. Ensure the Enabled box is checked to enable Raw TCP/IP Printing.
8. Leave the TCP Port Number set to 9100 for Port 1.
9. Leave the Bidirectional and Maximum Connections settings at their default values.
10. Set the End of Job Timeout to the number of seconds to wait before processing a job without an End Of Job indicator.
11. Leave the PDL Switching Enabled box at its default value.
12. Click Apply to accept the changes, Undo to return the settings to their previous values, or Default All to enter printer defaults for all settings (recommended).
Note: The settings are not applied until you restart the printer.
13. Click the Status Tab.
14. Click the Reboot Machine button and click OK to reboot the printer. The network controller takes approximately 5 minutes to reboot and network connectivity will be unavailable during this time.
WorkCentre 7425/7428/7435
System Administrator Guide
59
Network Management
To create a device description
To create a device description from your terminal's command line.
1. Select the F-4 key to prompt the CRTDEVPRT command. Enter the following parameters:
Device Description: Xeroxprinter
Device Class: *lan
Device Type: 3812
Device Model: 1
2. Press Enter to continue, and enter the following parameters:
Lan Attachment: *IP
Port Number: 9100
Online at IPL: *yes
Font Identifier: 11
Form Feed *autocut
Note: For some versions of AS400, the default may match some of these parameters.
3. Leave all other parameters at their defaults, press Enter, and enter the following parameters:
Activation Timer: 170
Inactivity Timer: *sec15
Host Print Transform: *yes
4. Press Enter to continue, and enter the following parameter:
Manufacturer Type and Model: *hp5si
5. Leave the remaining parameters set to their default values and press Enter to continue. Enter the following parameters:
Remote Location: Enter the IP address of the printer.
User defined options: *IBMSHRCNN
System driver program: *IBMSNMPDRV
6. Leave all other options set to the default values and press Enter. A message indicates that you created the printer Xeroxprinter.
7. Set the printer on and start a print writer. Then place a spool file in the appropriate queue to test the printer.
WorkCentre 7425/7428/7435
60
System Administrator Guide

Security

This chapter includes:
Authentication on page 62
Scheduled Image Overwrite on page 84
Secure Watermark on page 85
Secure Print on page 87
Xerox Common Access Card on page 89
5
61
Security

Authentication

Overview

Procedure
1. Set up authentication
2. Set up authorization (LDAP authorization access)
3. Set up access control (device access, service access)
Users Types
Authenticated Users: Are registered with the printer. When using a restricted service, authenticated users are prompted to type their user IDs on the authentication screen.
Guest Users: Are permitted to use the printer using the Guest password set by the System Administrator.
Authentication Types
No Login Required: Users can access any service without restriction. This is the default type for the printer.
Login to Local Accounts: This type uses the user information registered on the printer to manage authentication.
Note: Setting Login Type to Login to Local Accounts automatically sets Accounting Type to Local
Accounting. Local Accounting cannot be disabed while Login Type is set to Login to Local Accounts.
Login to Remote Accounts: Network Access (authentication) uses the user information managed on a remote accounting service to manage authentication. Network Access allows a unified management of user information for multiple devices.
Note: When registering user information on a remote authentication server, use up to 32 characters for
a user ID and up to 128 characters for a password. For SMB, the password limit is 32 characters.
Login Type set to Xerox Secure Access: This authentication type is used for third-party solutions that support Xerox Secure Access.
Effects of Authentication on Job Flow Sheets and Folders
When Login to Local Accounts is enabled, even if authentication is not enabled for the copy, fax, scan, or print services, authentication will be required for folder and job flow sheet operations.
For full details on the effects of Authentication on Job Flow Sheets and Folders, refer to that topic in the printer’s User Guide.
WorkCentre 7425/7428/7435
62
System Administrator Guide
Authentication

Configuring Authentication

Preparations:
1. Ensure that the printer is on and connected to the network.
2. Ensure that the TCP/IP and HTTP protocols are configured on the printer, and you can access CentreWare Internet Services. For more information see CentreWare Internet Services on page 23.
3. Ensure that the Authentication Server to be used is functional on your network. Refer to your manufacturer’s documentation for instructions to complete this task.
Configuring Local Machine Authentication
When Login to Local Accounts is enabled, the System Administrator can define pass codes for authorized users (and guests, when the selection is available) to use to authenticate to the system and access restricted services.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder, then Authentication Configuration. Enter your user name and password at the prompt (default: admin, 1111).
5. Select Login to Local Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable these services.
7. Select the Non-account Print Enabled check box if you want to enable printing for people without accounts.
8. Click Apply, then click Reboot Machine.
9. Refresh your browser, click the Security folder, then Authentication Configuration.
10. Click Next.
11. To create or edit a user account, enter an Account Number in the Account Number box and click Edit. You can have up to 1000 user accounts.
12. Set the following for the user.
Feature Acce ss: Copy Service, Fax Service, Scan Service, Print Service
User Role: System Administrator, Account Administrator, User, Authorization Group
Note: Authorization Group is a feature that has its own configuration options in CentreWare Internet
Services.
Note: Set each Feature Access as desired. Do not set a Feature Access to No Access, unless you wish to
deny user access to that specific feature.
13. Click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
63
Security
To configure Local Machine Authentication at the printer:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch Authentication/Security Settings, then Authentication.
6. Touch Login Type to change the Login Type, or touch Access Control, then Feature Access to change Feature Access.
To view, create and edit user accounts at the printer:
1. Touch Account in the To ol s tab.
2. Touch View User Accounts.
Configuring Remote Authentication
When Login to Remote Accounts is enabled, users of the printer will be asked to provide a user name and password to be validated by the designated authentication server. If this validation is successful, the printer and any restricted services will be available for individual use.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder, then the Authentication Configuration. Enter your user name and password at the prompt (default: admin, 1111).
5. Select Login to Remote Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable these services.
7. Select the Non-account Print Enabled check box if you wish to allow printing for a user without and account.
8. If you want to allow guest access to the printer, select On next to Guest User. The default setting is Off. If you select On, enter a Guest user name and a passcode (4 – 12 alphanumeric characters). Retype the passcode.
9. To have the printer cache remote account information, select Enabled next to Save remote
accounts in this machine. Specify if you want to have the cached information deleted (click Delete Remote Accounts), and specify how often you want to delete cached information by
selecting a deletion day, month and time.
10. Click Apply, then Reboot Machine.
11. Click Next.
12. Click Configure for Authentication System.
13. Select your system (Kerberos (Windows 2000), Kerberos (Solaris), LDAP, SMB, or Authentication Agent)from the Authentication System Settings drop down list and click Apply.
14. Enter the Server Response Time-Out, and the Search Time-Out.
WorkCentre 7425/7428/7435
64
System Administrator Guide
Authentication
15. Select the Enabled check box next to Assign UPN (User Principal Name) if desired.
16. Click Reboot Machine.
Configure Remote Authentication for a Kerberos Server (Windows 2000 or Solaris)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click the Remote Authentication Servers folder. Enter your user name and password at the prompt (default: admin, 1111).
6. Click Authentication System and pick Kerberos (Windows 2000) or Kerberos (Solaris) from the drop down list. Click Apply, and click Reboot Machine.
7. Navigate back to the Remote Authentication Servers folder and click Kerberos Server.
8. Under Kerberso Server 1 (Default), enter the Primary Server Name / IP Address, Primary Port Number (default port for a Kerberos server is 88), and the Domain Name (Realm name).
Note: Realm name for a Kerberos (Solaris) server should be in upper case. Example: YOURDOMAIN.NET
9. Enter the IP Address of the Primary Server.
10. The Secondary Server information is optional.
11. Enter details for up to 4 alternate Domain Controllers and backups, if required.
12. Click Apply, and supply the Administrator User name and password if prompted.
Configure Remote Authentication for SMB
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click the Remote Authentication Servers folder. Enter your user name and password at the prompt (default: admin, 1111).
6. Click Authentication System and pick SMB from the Authentication System Settings drop down list.
7. Enter the Server Response Time-Out, and the Search Time-Out.
8. Select the Enabled check box next to
Assign UPN (User Principal Name) if desired.
9. Click Apply, and click Reboot Machine.
10. Click SMB Server.
11. From the SMB Server Setup drop down menu, select your desired method. The selections include: By Domain Name, and By Domain Name and Server Address / IP Address.
12. Enter the Domain name (up to 15 characters) in the Domain Name box, for every Domain Controller specified. This entry is required regardless of the selection made from the SMB Server Setup drop down menu.
WorkCentre 7425/7428/7435
System Administrator Guide
65
Security
Note: FQDN requires DNS and SMB Host Name requires WINS to be enabled on the printer.
13. Enter the IP Address, FQDN, or SMB host name of the domain controller (up to 64 characters) in the SMB Server 1 Server Name / IP Address box (if By Domain Name and Server Address / IP Address was selected for SMB Server Setup).
14. Enter the IP Address, FQDN, or SMB host name of up to 4 additional SMB servers, if applicable.
Note: FQDN requires DNS and SMB Host Name requires WINS to be enabled on the printer.
15. Click Apply.
Configure Remote Authentication for LDAP
1. Set up the LDAP Server. For information about setting up an LDAP server, see LDAP Server
Configuration on page 106.
2. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
3. Click the Properties tab.
4. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
5. Click the Security folder.
6. Click the Remote Authentication Servers folder. Enter your user name and password at the prompt (default: admin, 1111).
7. Click Authentication System and pick LDAP from the Authentication System Settings drop down list.
8. Enter the Server Response Time-Out, and the Search Time-Out.
9. Select the Enabled check box next to Assign UPN (User Principal Name) if desired.
10. Click Apply, and click Reboot Machine.
LDAP User Mappings
You ca n clic k LDAP User Mappings to specify the attributes to search for within the LDAP database. For more information about LDAP user mappings, see LDAP User Mappings on page 108.
LDAP Authentication
To set LDAP for authentication, click LDAP Authentication. For Authentication Method, choose either Direct Authentication or Authentication of User Attributes. Direct Authentication uses the user name and password entered by the User for authentication with the LDAP server. Authentication of User Attributes allows you to specify the what is entered by the user (Attribute of Typed User Name) and what is used by the device (Attribute of the Login User Name) to authenticate the user. If Use Added Text String is enabled (default disabled), then what ever text is entered in the Text String Added to User Name box is added to the user input prior to authentication.
Knowledge of LDAP Server authentication requirements and capabilities are required to properly configure these settings.
WorkCentre 7425/7428/7435
66
System Administrator Guide
Authentication
LDAP Group Access
LDAP server user groups can be used to control access to the printer. For example, the LDAP server may contain a group of users called Admin. You can configure the Admin group on the printer so that the members of that group will have administrator access to the printer. When a user logs in at the printer with their network authentication account, the printer performs an LDAP look-up to determine if the user is a member of any groups. If the LDAP server confirms that the user is a member of the Admin group, the user will have administrator access.
The following groups are available:
Color Access Group
System Administrator Access Group
Account Administrator Authorization Group
In one of the group access boxes, enter a name for the group. Repeat for other group access boxes.
Note: Entries should be in base DN format (for instance, cn=Admin, ou=people, dc=xerox, dc=com).
Configuring Network Authentication (by a Remote Accounting server)
Network authentication uses the user information managed on a remote Accounting server to manage authentication (access) to available machine services.
Enable Network Authentication
To enable Network Authentication for use with this printer, at your networked computer, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Select the Security folder, then the Authentication Configuration.
5. Select Login to Remote Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable these services.
7. Select the Non-account Print Enabled check box if you want to enable printing for people without accounts.
8. Click Apply, then click Reboot Machine.
9. Refresh your browser, click the Accounting folder, then Accounting Configuration.
10. Select Network Accounting from the Accounting Type drop down list.
11. From the Verify User Details drop down menu, select either Ye s or No (keep logon records). The Yes selection will verify user information. When No (keep logon records) is selected, User ID and Account ID must be entered at the printer, but user information will not be checked. A logon record will be kept by the printer, however.
12. Click Apply, then click Reboot Machine.
WorkCentre 7425/7428/7435
System Administrator Guide
67
Security
Note: Refresh your Web browser, then click User Details Setup to set the Store User Details setting. You
can set either NVM or hard disk as the destination for saved authentication information. User Details Setup also allows you to configure the characteristics of the login prompt for User Authentication.
Configure Communications Between the Accounting Server and the Printer
Refer to the remote Accounting server manufacturer's documentation for the specific procedures to follow to configure communications between the server and the printer.
The server will contact the printer based upon Accounting service parameters set up at the server, such as the printer's IP address and polling frequency.
Required network communications and server settings will be stated by the server's manufacturer.
Sample list of set up requirements for Xerox Secure Access Unified ID System's Accounting service
Enable TCP/IP and HTTP on the printer.
Set up a static or reserved DHCP IP address for the printer.
Enable TCP/IP port 80 communications at the printer.
Download the Controller Interface for Xerox from the Xerox Secure Access Unified ID System™ Web site.
Install the Controller Interface for Xerox at the server.
Verify that you have purchased a license for the Controller Interface for Xerox, as well as a license for each device communicating with the server.
Register each printer at the server (using the printer's IP address for identification).
Enable the Accounting Option in Computer Print Drivers
Use the Windows Add Printer dialogs to add the printer's print driver to individual, networked computers. For more information see Print Driver Installation on page 13.
In the print driver default setting dialogs, locate and then enable the Accounting option. This step assures that print jobs from individual computers will be recognized by the authentication system, rather than being unrecognized and deleted by the printer.
For Windows operating systems, the default setting dialogs are accessed by right clicking on the printer's icon in the Printers window for Windows 2000, or the Printers and Faxes window for Windows XP. Select Properties from the displayed menu, then locate and enable the Accounting option.
WorkCentre 7425/7428/7435
68
System Administrator Guide
Authentication

Configuring Xerox Secure Access (Authentication)

Xerox Secure Access enables customers to leverage Xerox Partner Solutions to provide user authentication with an optional card reader. Users can access the features available at the printer once they have been authenticated.
Secure Access and Accounting
Secure Access can be enabled with Network Accounting or the Xerox Standard Accounting feature for accounting purposes. To configure Xerox Secure Access with Network Accounting, refer to the Configuring Network authentication (by a remote Accounting server) topic in this section. To configure Xerox Secure Access with Xerox Standard Accounting, refer to the Optional information, in the Information Checklist below, then see Enabling Xerox Standard Accounting on page 171.
Note: Secure Access cannot be enabled at the same time as Foreign printer Interface.
Information Checklist
1. Ensure that the printer is fully functional on the network. TCP/IP and HTTP protocols must be configured so that you can access CentreWare Internet Services.
2. Ensure that the Xerox Partner authentication solution (Secure Access Server, Controller, and Card Reader) is installed and communicating with the printer. Follow the installation instructions from the manufacturer of the authentication solution to correctly set the printers up.
3. Ensure that SSL (Secure Sockets Layer) is configured on the printer. The Xerox Partner authentication solution communicates with the printer via HTTPS.
4. (Optional) Ensure that Network Accounting is configured if you want the printer to send user account information to a Network Accounting server. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services. Click the Properties tab, click the Security folder, click Authentication Configuration, and select Xerox Secure Access for Login Type, matched to Network Accounting for Accounting Type.
5. For use with Xerox Standard Accounting, you select Xerox Secure Access for Login Type, then select Xerox Standard Accounting for Accounting Type. For instructions on setting up Xerox Standard Accounting, see Enabling Xerox Standard Accounting on page 171. For instructions on setting up your Network Accounting server, refer to the instructions that came with your accounting package, and see Configuring Network Authentication (by a Remote Accounting server) on page 67.
Note: When authentication is set to Xerox Secure Access, Xerox Standard Accounting is not available.
You may also need another Authentication Server (running LDAP in an ADS environment, for example) to communicate with the Secure Access Server providing that server with user credential information. A second Authentication Server may be necessary for Web User Interface Authentication, if this feature is additionally desired.
6. If you have an LDAP server on your network, you can configure LDAP on the printer, preferably from the Remote Authentication Server / Directory Service folder. For more information, see LDAP Server
Configuration on page 106.
WorkCentre 7425/7428/7435
System Administrator Guide
69
Security
Configuring Xerox Secure Access with Remote Authentication
To configure Xerox Secure Access with Remote Authentication:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder, then Authentication Configuration.
5. In the Authentication Configuration > Step 1 of 2 page:
a. Select Xerox Secure Access from the Login Type drop down list.
b. Select the Print Stored File from Folder, or Folder to P C/Server Enabled check boxes to enable
these services.
c. Select the Non-account Print: Enabled check box if you wish to allow printing for a user
without and account.
d. Select Apply, then reboot the printer after the prompt.
e. Select Next to continue to the Authentication Configuration > Step 2 of 2 page.
6. In the Authentication Configuration > Step 2 of 2 page, click Configure next to Authentication System.
7. In the Authentication System page:
a. Select Authentication Agent from the Authentication System Settings drop down list,
b. Set the Server Response Time-out, and Search Time-out. c. Select the Assign UPN (User Principal Name): Enabled check box to assign a user principal
name.
d. Select Apply, then reboot the printer after the prompt.
8. To set service access:
a. Refresh your Web browser.
b. Click the Security folder, then Authentication Configuration. c. In the Authentication Configuration > Step 1 of 2 page, click Next.
d. Under Device Default State Configuration, click Configure next to Service Access.
e. Select one of the following for each service you want to control:
Unlocked: Allow unrestricted access.
Locked (Show Icon): Require login for access. The service icon is visible to all users in the all
services screen.
Locked (Hide Icon): Require login for access. The service icon is hidden until an authorized user
logs in.
f. Click Apply and enter the Administrator User name and password when prompted (default of
admin and 1111).
g. Click
h. Click Reboot Machine when it displays on screen.
OK.
WorkCentre 7425/7428/7435
70
System Administrator Guide
Authentication
Enable Specific Xerox Secure Access Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder.
5. In the Security folder, select the Remote Authentication Servers folder.
6. In the Remote Authentication Servers folder, select Xerox Secure Access Settings.
7. In the Xerox Secure Access Settings area:
a. Enter text in the Default Prompt and Default Title boxes to create the prompt and prompt
title that will be displayed on the printer’s screen informing users how to authenticate themselves at the printer.
b. If the Title and Prompt have been configured on the Secure Access Server, then that
information will override the information entered here.
c. Select the Enable box for Local Login to allow users to log in locally at the printer.
d. Select the Enable box for Get Accounting Code to get user accounting data from a networked
Accounting Server (if used).
e. Click Apply.
Using Secure Access
1. Read the printer’s prompt to determine what needs to be done to be authenticated at the printer. Authentication methods include swiping a card, placing a proximity card near the reader, or entering a user ID or PIN (personal identification number).
2. If the printer requests further information such as accounting details, enter this information at the printer.
3. The printer will confirm successful authentication allowing access to previously locked system features.
4. When finished, press the Login/Out button.
Configure Color Copy Access for LDAP Group
Refer to your LDAP server documentation for the full range of information that can be entered into this LDAP dialog to fully support both e-mail applications and authentication using your LDAP server.
Creating Color Access Group within Active Directory
This procedure describes how to create an Active Directory color access group to be used to restrict color copying and printing.
Click Start, click Control Panel, double-click Administrative Tools, and then click Active Directory Users and Computers.
1. In the Active Directory Users and Computers window, expand the domain folder.
2. In the console tree, right-click the Users folder in which you want to add a new group.
3. Click New, and then click Group.
WorkCentre 7425/7428/7435
System Administrator Guide
71
Security
4. Type the name of the new group. Use a name that you can easily associate with the role or service for which you are creating.
5. To add users and/or groups to the newly created color access group, right-click the group and select Properties.
6. Click the Members tab, then click the Add button to add members to the group.
7. Click Finish.
LDAP Group Access
1. Click the Properties tab, click the Connectivity folder, click the Protocols folder, then click the LDAP folder.
2. In the LDAP folder, click LDAP Group Access.
3. On the LDAP Group Access page:
4. In the Color Authorization area, on the Color Access Group line, type
CN=Color,CN=Users,DC=crmttrinity,DC=lab
5. Click Apply, then reboot the printer at the prompt.
6. Continue with the next procedure to set Authentication Configuration.
Authentication Configuration
1. Click the Properties tab, then click the Security folder.
2. Click Authentication Configuration.
3. The Properties tab refreshes and the Authentication Configuration > Step 1 of 2 page appears.
4. On the Authentication Configuration > Step 1 of 2 page, in the Authentication Configuration box: a. In the Login Type drop down list, click or verify Login to Remote Accounts.
b. On the Folder to PC / Server line, click or verify the Enabled check box.
c. On the Non-account Print line, ensure that the Enabled check box is not checked if you wish to
enable people without accounts to continue to print.
d. On the Guest User line, in the drop down list, click or verify Off.
5. Click Apply, then reboot the printer following the prompt.
6. Continue with the next procedure to set Authentication System.
Authentication System
1. Click the Properties tab, click the Security folder, then click the Remote Authentication Servers folder.
2. In the Remote Authentication Servers folder, click Authentication System.
3. On the Authentication System page, in the Authentication Type box:
a. In the Authentication System Settings drop down list, click or verify LDAP. b. Click Apply, then reboot the printer at the prompt.
Configure Color Copy Access Control at the Printer
1. Press the Log In/Out button on the printer control panel.
2. Enter the default User Name (admin) and Password (1111) if prompted.
3. Touch Enter.
WorkCentre 7425/7428/7435
72
System Administrator Guide
Authentication
4. Press the Machine Status button.
5. Touch the To ol s tab.
6. Touch Authentication / Security Settings.
7. In the Group column, touch Authentication.
8. In the Features column, touch Access Control.
9. On the Access Control screen, touch Feature Access.
10. On the Feature Access screen:
a. In the Items column, touch Color Copying. b. Touch the Change Settings button.
11. On the Color Copy screen, touch Locked, then touch Save.
12. Reboot the printer.
13. Press the Services button, touch the Copy icon, then the Color button.
14. The Login screen appears. The printer is configured for Color Copy Access for LDAP Group.
To Enable Print Color Access Control
This process will restrict a user from printing in color unless they are authorized to do so via the Active Directory group.
1. Click Start, click Control Panel, double-click Printers and Faxes, then right-click the printer to be enabled. In the printer pop-up menu, click Properties.
2. In the Properties dialog box, click the Options tab.
3. On the Options tab, in the Options Settings area, click the Predefined Configurations folder.
4. In the the Predefined Configurations area, click the Color Access Control field and click Enabled.
5. Click the Color Access Group field and type or enter the color access group name.
6. Click Apply, then click OK.
Note: On the client side, if the user that installs the print driver is a member of the group given
permission to print in color, then the Output Color option within the driver will be selectable between Color and Black and White. If the user does not have permission to print in color, then the Output Color option within the driver will list Black and White and is not selectable.

Access Control

After configuring the Authentication system, you must specify what services and features are to be controlled by authentication and will require the user login.
Device Access: Use for restricting access to the Services Pathway, Job Status Pathway, or Machine Status pathway. Device Access settings are:
Unlocked: Allow unrestricted access
Locked: Require login for access.
Service Access: Use for restricting access to each individual service (copy, e-mail, etc). Services Access settings are:
Unlocked: Allow unrestricted access.
WorkCentre 7425/7428/7435
System Administrator Guide
73
Security
Locked (Show Icon): Require login for access. The service icon is visible to all users in the all
services screen
Locked (Hide Icon): Require login for access. The service icon is hidden until an authorized user
logs in.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder
5. Click Authentication Configuration.
6. In the Authentication Configuration box, select the Next button.
7. In the Device Default State Configuration section, select the Configure button next to Device Access and/or Service Access, and Apply and supply the Administrator User name and password if prompted.

802.1x

The printer supports 802.1x authentication based on the Extensible Application Protocol (EAP). 802.1x can be enabled for devices connected through both wired and wireless Ethernet networks. As described here, the 802.1x configuration is used to authenticate the printer, rather than individual users. After the printer has been authenticated, it will be accessible to users on the network.
The administrator can configure the printer to use one EAP type. EAP types currently supported on the printer are:
•EAP-MD5
PEAP/EAP-MS-CHAPv2
•EAP-MS-CHAPv2
Information Checklist
Create a user name and password on your authentication server which will be used to authenticate the Xerox device.
Ensure your 802.1x authentication server and authentication switch are available on the network.
Configure 802.1x with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click IEEE 802.1x.
6. Select the Enabled check box next to Enable IEE 802.1x.
WorkCentre 7425/7428/7435
74
System Administrator Guide
Authentication
7. Select the required Authentication Method.
8. Enter the User Name and Password required by your authentication switch and server.
9. Click Apply, then Reboot Machine.

Encryption Service Overview

You may have to purchase the Security Kit option to enable encryption with your printer. If you cannot generate a self-signed certificate, or enable SSL/TLS Communication, as stated under Configuration of HTTP Communication Encryption, in this section, contact your Xerox Representative to purchase the option.
The communication data between the printer and computers on a network can be encrypted. Encryption for the printer is set up using CentreWare Internet Services. Note that the quickest and easiest, although not the most trusted, method to use to set up initial HTTP communication encryption is the generation of a self-signed certificate. Click Printer Digital Certificate Management in the Security folder on the Properties page of CentreWare Internet Services. Use this to manage all the digital certificates, of various types, stored on the printer.
Types of Encryption Services Available
Encryption of HTTP Communications from a Client to the Printer (Server Certificate)
The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the printer.
The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the printer. A user of a client computer accesses the printer’s HTTP server by typing https://, followed by the IP address of the printer, into the Address box of a Web browser application. The printer then offers the client a Digital Certificate, which the client accepts (after reviewing the validity of same). Upon acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are agreed upon between the two parties, and the client uses the server’s Public Key to communicate with the server using digitally signed and encrypted data.
Digital certificates imported from a Certificate Authority, or self-signed certificates created with CentreWare Internet Services, can be used as SSL/TLS certificates on the printer’s HTTP server.
Encryption of HTTP Communications from the Printer to a Remote Server (Client Certificate)
The SSL/TLS suite of protocols is used to encrypt HTTP communications with a remote server.
No client certificate is typically required for this activity. However, if a remote server is set to require an SSL client certificate, an SSL/TLS client certificate must be registered on the printer.
Digital certificates imported from a Certificate Authority can be used as SSL/TLS certificates on the printer’s HTTP server.
Note: When Remote Server Certificate Validation is enabled, under SSL/TLS Settings in CentreWare
Internet Services, the root certificate of the remote server must be registered to the printer (imported with CentreWare Internet Services) to verify the Digital certificate of same.
WorkCentre 7425/7428/7435
System Administrator Guide
75
Security
E-mail Encryption/Digital Signature
S/MIME certificates, imported from a Certificate Authority (in PKCS7 format), can be used on the printer’s for E-mail Encryption.
Note: To import S/MIME certificates, use the Machine Digital Certificate Management in the Security
folder on the Properties tab of CentreWare Internet Services.
Encryption/Digital Signature of Scanned Files (PDF/XPS Documents)
While no digital signatures are required to encrypt PDF and XPS documents, these documents can be signed with imported PKCS12 Digital signatures.
When adding digital signatures to PDF or XPS documents, scan file certificates imported to the printer from a Certificate Authority, are typically used.
To import PKCS12 scan file certificates, use the Machine Digital Certificate Management in the Security folder on the Properties Page of CentreWare Internet Services.
IP Sec (typically used to encrypt FTP) can be enabled from the Security file folder on the Properties tab of CentreWare Internet Services.
802.1x can be enabled for devices connected through both wired and wireless Ethernet networks. It is
used to authenticate the printer on the 802.1x network, rather than individual users. 802.1x can be enabled from the Security file folder on the Properties tab of CentreWare Internet Services.

Configuration of HTTPS (SSL/TLS) Communication Encryption

Two methods are available depending on the type of certificate.
Create a self-signed certificate on the printer with CentreWare Internet Services, and enable HTTPS. This method is used primarily for Server certificates.
Enable HTTPS, and import a signed certificate from a Certificate Authority, using the Machine Digital Certificate Management in the Security folder on the Properties Page of CentreWare Internet Services.
To see this, at least one certificate must have been created and stored on the printer.This is one of the purposes for creating a self-signed certificate.
Before enabling any encryption or digital signing feature, or importing any digital certificates, check the status of the certificate and create a new certificate if there is not one already created:
1. In CentreWare Internet Services, click the Properties tab, then click the Security folder.
2. Click Machine Digital Certificate Management.
3. Click Create New Certificate.
4. Select Self-Signed Certificate and click Continue.
5. Select Public Key Size (512 Bits or 1024 Bits).
6. Set Issuer (default device host name)
7. Apply.
WorkCentre 7425/7428/7435
76
System Administrator Guide
Authentication
After clicking Machine Digital Certificate Management in the Security folder, the current status is displayed. If the status shows "A Self-Signed Certificate is established on this machine", then you do not need to create new certificate.
Note: You must enable HTTP – SSL/TLS Communication in order to Upload Signed Certificates and to
see Certificate Management , and Certificate Revocation Retrieval Settings in the Security folder.
Configuring Certificates with CentreWare Internet Services
Two methods are available to configure certificates with CentreWare Internet Services: creating a self­signed certificate (for SSL server), and importing a signed certificate from a Certificate Authority.
This section describes how to create a self-signed certificate (for SSL server).
Note: When importing a certificate, if the same certificate has been already registered in Local Device
or Others, the certificate cannot be imported. Delete the registered certificate before importing.
1. Open your Web browser and enter the printer’s IP address into the Address box of your Web browser, and press the Enter key.
2. Click the Properties tab.
3. Click the Security folder.
4. Click Machine Digital Certificate Management.
5. When prompted, enter the system administrator user name and password (default: admin, 1111).
6. Generate a certificate.
a. Click the Create Self-Signed Certificate button.
b. Set the size of the Public Key as necessary. c. Set Issuer as necessary.
7. Click the Apply button.
8. Refresh the Web browser.
9. Click the Security folder.
10. Click SSL/TLS Settings.
11. Select the Enable check box for SSL / TLS Server Communication.
12. Check the SSL / TLS Port Number.
Note: The default port is 443.
13. Click Apply and click Reboot Machine. The printer will be unavailable for a short period of time.
WorkCentre 7425/7428/7435
System Administrator Guide
77
Security

Configuration of E-mail Encryption/Digital Signature

Configuration on the Printer
Import an S/MIME certificate from a Certificate Authority (in PKCS7 format), then configure the certificate on the printer using CentreWare Internet Services.
To send encrypted e-mail from the machine, you will need the public key of the recipient to be loaded on the device.
Note: The e-mail address of the machine must match the e-mail address specified in the certificate
must match, otherwise S/MIME will be disabled.
Note: The e-mail address of the device must be set before you are able to select the S/MIME device
certificate to use.
Configuration on a Computer
To send encrypted e-mail to the printer, you will need a copy of the printer’s S/MIME certificate on your computer to allow you to encrypt E-mail being sent to the printer. The S/MIME certificate represents the Public Key of the printer, allowing encryption or digital signing to take place.
To acquire the Public Key, you must use the Export feature or send a digitally signed E-mail.
Configuring S/MIME certificates with CentreWare Internet Services
To configure S/MIME certificates with CentreWare Internet Services, first enable HTTP communications (as stated under Configuration of HTTP Communication Encryption in this section). Next, import an S/MIME certificate from a Certificate Authority (in PKCS7 format). Finally, enable S/MIME.
First import an S.MIME certificate:
1. Open your Web browser and enter the printer's IP address, beginning with https, into the Address box of your Web browser, and press Enter.
Example:
https://192.168.1.1/
2. Click the Properties tab.
3. Click the Security folder.
4. Click Machine Digital Certificate Management.
5. When prompted, enter the system administrator user name and password (default: admin, 1111).
WorkCentre 7425/7428/7435
78
System Administrator Guide
Authentication
6. Click Upload Signed Certificate.
Note: When importing a certificate, if the same certificate has been already registered in Local printer
or Others, the certificate cannot be imported. Delete the existing certificate before importing the new one.
a. Enter the Password. (if required) b. Re-enter the Password (if required).
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the
Browse button.
7. Click the Import button.
8. Refresh the Web browser.
9. Click the Security folder.
Configure the certificate:
10. Click Certificates Management.
11. Select Local printer for Category, S/MIME for Certificate Purpose, and then click the Display the List button.
12. Place a check mark in the box in front of the Certificate you wish to view details for.
13. Click the Certificate Details button.
14. Click the Use this certificate button.
15. Click Reboot Machine. The printer will be unavaillable for a short period of time.
Configure S/MIME settings:
16. Refresh the Web browser.
17. Click the Security folder.
18. Click SSL/TLS Settings.
19. Select the Enable check box for S/MIME Communication.
20. Apply the settings. a. Click Apply.
b. The right frame on the Web browser will change to the printer reboot display.
c. Click Reboot Machine. The printer will be unavailable for a short period of time.
Configure the settings for S/MIME.
21. Refresh the Web browser.
22. Click the Security folder.
23. Click S/MIME Settings and set the following items.
Message Digest Algorithm: Select a message digest algorithm from SHA1 or MD5.
Contents Encryption Method: Select a contents encryption method from 3DES, RC2-40, RC2-
64, or RC2-128.
Certificate Auto Store: Click the check box to automatically save an S/MIME certificate
attached to an e-mail received from an address registered in your address book.
Receive Untrusted E-mail: Decide whether or not you wish to receive untrusted E-mail.
Receive Untrusted iFAX: Decide whether or not you wish to receive untrusted iFAXes.
WorkCentre 7425/7428/7435
System Administrator Guide
79
Security
Digital Signature – Outgoing E-mail: Decide whether or not to add a digital signature to
outgoing E-mail, and the method to use if a signature is desired. Select Always Add Signature, Do not add Signature, or Select During Send.
Digital Signature – Outgoing iFAX: Decide whether or not to add a digital signature to
outgoing iFAXes, and the method to use if a signature is desired.
Note: The Fax option is required.
24. Click Apply.
Configuration on a Computer
The following describes the configuration for a remote, networked computer.
Sending Scanned Data by S/MIME Encrypted E-mail from the Printer to a Computer
An S/MIME certificate must be imported, configured, and stored on the printer as stated in this section under Configuring S/MIME certificates with CentreWare Internet Services.
When importing the S/MIME certificate, make sure that a root certificate is included for use with the Supported E-mail applications shown below.
Receiving E-mail with S/MIME Digital Signature from the Printer
No settings are required on a recipient computer.
Sending S/MIME Encrypted E-mail by E-mail Printing from a Computer to the Printer
It is necessary to register the S/MIME certificate of the printer on the computer.
There are two methods to set an S/MIME certificate of the printer on the computer:
Sending e-mail with S/MIME digital signature from the printer to the computer
To send e-mail with an S/MIME digital signature from the printer, configure to attach the digital signature when sending E-mail in the Digital Signature – Outgoing E-mail settings.
Exporting an S/MIME certificate to the computer using CentreWare Internet Services and registering the exported S/MIME certificate in the certificate storage location of the E-mail application.
Note that the exporting of certificates is accomplished using the Trusted Certificates Management under Security folder on the Properties page of CentreWare Internet Services. For information on how to register a certificate in an E-mail application, refer to the manuals provided with the E-mail application.
Sending E-mail with S/MIME digital signature from a computer to the printer
It is necessary to register a personal certificate of a sender's E-mail address, an intermediate certificate authority certificate of the personal certificate, and a root certificate on the printer.
WorkCentre 7425/7428/7435
80
System Administrator Guide
Authentication
Supported E-mail applications
E-mail applications that can send and receive E-mail to and from the printer are:
Outlook 2000/2002/2003
Outlook Express 6
Netscape 7.x

Configuration of Scan File Signatures (PDF/XPS Documents)

Configuration at the Printer
Import a certificate from a Certificate Authority (in PKCS12 format), then configure the certificate on the printer using CentreWare Internet Services.
Configuration on a Computer
Prepare for verification of the PDF or XPS signature.
Configuring Scan File certificates with CentreWare Internet Services
To configure certificates with CentreWare Internet Services, first enable HTTP communications (as stated under Configuration of HTTP Communication Encryption in this section). Next, import a certificate from a Certificate Authority (in PKCS12 format). Finally, set the certificate as a scan file certificate.
1. Start a Web browser.
2. Enter the printer's IP address, beginning with https, into the Address box of your Web browser, and press Enter.
Example:
https://192.168.1.1/
3. Click the Properties tab.
4. Click the Security folder.
5. Click Machine Digital Certificate Management.
6. Click Upload Signed Certificate.
Note: When importing a certificate, if the same certificate has been already registered in Local printer
or Others, the certificate cannot be imported. Delete the existing certificate before importing the new one.
a. Enter the Password.
b. Re-enter the Password.
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the
Browse button.
d. Click the Import button. When a screen to enter the user name and password appears, enter
the System Administrator user ID and password into User Name and Password, and then click OK.
WorkCentre 7425/7428/7435
System Administrator Guide
81
Security
Note: The default user ID is admin and the default password is 1111.
7. Refresh the Web browser.
8. Click the Security folder.
9. Configure the certificate.
a. Click Trusted Digital Certificate Management. b. Select Local printer for Category, Scan File for Certificate Purpose, and then click the Display
the List button.
c. Place a check mark in the box in front of the certificate you wish to view details for. d. Click the Certificate Details button.
e. Click the Use this certificate button.
f. Click Reboot. The printer will reboot and the setting values will be reflected.
10. Configure the settings for PDF/XPS Signatures.
a. Refresh the Web browser.
b. Click the Security folder. c. Click PDF/XPS Security Settings and then set the following items.
PDF Signature: Select the setting for PDF Signature from Do not add signature, Always add
visible signature, Always add invisible signature, or Select during send.
XPS Signature: Select the setting for XPS Signature from Do not add signature, Always add
visible signature, Always add invisible signature, or Select during send.
d. Click the Apply button.
Configuration on a Computer
Confirm that the digital certificate being used by the printer to encrypt PDF and XPS files has been imported and is registered on the recipient’s computer. This will assure the ability to conduct two way digital signing of files, should this capability be desired or needed.

IP Sec

IP Sec (IP Security) is comprised of the IP Authentication Header and IP Encapsulating Security Payload protocols, that secure IP communications at the network layer of the protocol stack, using both authentication and data encryption techniques. The ability to send IP Sec encrypted data to the printer is provided by the use of a public cryptographic key, following a network negotiating session between the initiator (client computer) and the responder (printer or server). To send encrypted data to the printer, the computer and the printer have to establish a Security Association with each other by verifying a matching password (shared secret) to each other. If this authentication is successful, a session public key will be built and used to send IP Sec encrypted data over the TCP/IP network to the printer.
Providing additional security during the Public Key negotiating process, Digital Certificates can alternatively be used in place of the Shared Secret, to encrypt the Public Key information being exchanged between communicating parties. The Digital Certificate resides on the printer (managed as stated in this Encryption section in the Configuring Scan File certificates topic) and must also have been imported and stored on the computer that is encrypting data being sent to the printer.
WorkCentre 7425/7428/7435
82
System Administrator Guide
Authentication
Certificates add digital signatures (individualized checksums verifying data integrity) to datagrams during the public key negotiating process, greatly assisting in securing that data from network sniffers.
Enabling IP Sec
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select IP Sec in the directory tree.
6. Enable the Protocol by placing a checkmark in the Enabled box.
7. Select Pre-Shared Key to use the Shared Secret (between this device and remote computers also possessing the secret). Note that if you select Digital Signature, the Shared Secret boxes will be grayed out and you will have to supply a certificate stored on this device to the remote computer that wishes to send IP Sec encrypted data to this device.
8. Enter the Shared Secret (a password) in the Shared Secret and Verify Shared Secret boxes.
9. Select Enabled (default setting) for the Communicate with Non-IP Sec Device setting, so that computers not set up for encryption can still communicate with this device.
10. Click Apply when done and supply the Administrator User Name and Password, if prompted.
Note: The default user ID is admin and the default password is 1111.

FIPS 140-2

To enable FIPS 140-2 encryption:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder and click FIPS140 Validation Mode.
5. Click the Enabled check box and click Apply.
Note: FIPS 140-2 encryption does not apply to the following services and protocols: SMB, NetWare,
SNMP v3, PDF Direct Print Service.
WorkCentre 7425/7428/7435
System Administrator Guide
83
Security

Scheduled Image Overwrite

A TCP/IP network-connected device can be set to overwrite image data on a scheduled basis.
The Image Overwrite will delete all image data from the hard disk.
To enable a scheduled image overwrite, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Click the Security folder.
4. Click Scheduled Image Overwrite.
5. Click the Scheduled Image Overwrite Enabled check box.
6. Configure the Frequency, Day, Week, Hour, and Minute settings.
Note: The printer will be taken off-line each day at the specified time to perform the overwrite.
7. Click Apply.
8. Click OK to confirm.
9. If prompted, enter the system administrator user name and password (default: admin, 1111).
WorkCentre 7425/7428/7435
84
System Administrator Guide

Secure Watermark

Secure Watermark
This procedure enables the System Administrator to set parameters for the inclusion of a Secure Watermark as the background for any documents that are copied or printed on this, or another identical model machine.
Secure Watermark works with copy job, client print, folder print, media print, incoming fax prints and reports.
You must purchase the Security option to enable this feature. Contact your Xerox representative to purchase the option.
Secure Watermark configuration items include:
Default Watermark Effect
Default Watermark
•Font Size
•Background Pattern
Date Format
•Font Color
•Density
Watermark / Background Contrast
Force Watermark – Copy Job
Force Watermark – Client Print
Force Watermark – Print Stored File
Force Watermark – Media Print
Custom Watermark 1
Custom Watermark 2
Custom Watermark 3

Configuring Secure Watermark

1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. Touch Common Service Settings.
7. Touch Watermark. If not visible, use the scrolling arrow in the Features column.
8. On the Watermark screen, in the Items column, touch the item to be configured, then touch Change Settings. The screen for the item will open.
9. On the selected item screen, make your change and touch Save.
WorkCentre 7425/7428/7435
System Administrator Guide
85
Security
10. Touch Close to return to the Tools tab.
11. Press the Log In/Out button.
12. Select Log Out.
13. Place a copy in the document feeder of the printer and press the Start button.
14. Place the copy just made into the document feeder of the same, or an identical model, machine, and attempt to make a copy. Note that copying of this document is prohibited.
WorkCentre 7425/7428/7435
86
System Administrator Guide

Secure Print

Secure Print
Supported by the printer’s print driver, or CentreWare Internet Services Print tab, this feature directs the printing of confidential documents, or documents which should not be seen by third parties, to a User Account on the printer. The user can then access his or her Account, with a numeric password, at the printer, and privately print out the stored documents.

Using Secure Print from the Print Driver

To use the Secure Print feature from the print driver, installed on a networked computer, perform the following steps.
1. Open a document to print from the computer.
2. Select Print in your software application, select the Printer, then select Properties.
3. On the Paper / Output tab, select Secure Print as your Job Type.
4. Enter Passcode (1-12 digits). Enter the Passcode again in the Confirm Passcode field.
5. Click Setup… and enter a User ID (such as 001) and a numeric password.
6. Click OK on successive driver screens until the job prints.
7. Go to the printer and press the Job Status button.
8. Press the Secure Print Jobs & More tab.
9. Press Secure Print.
10. Highlight your user ID and press Job List.
11. Enter Passcode and select Confirm.
12. Select a job or select Select All.
13. Click Print.
14. Press Close several times, when done, to return to the Job Status screen.
15. Press the Services button on the control panel to return to the Services screen.

Using Secure Print from CentreWare Internet Services

1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Print tab.
3. Scroll down to the bottom of the page to see the Secure Print radio button.
4. Click the Secure Print radio button to enable it.
5. Enter a User ID (such as 001).
6. Enter your desired, numeric passcode in the two boxes provided.
7. Use the Browse… button to locate your PRINT READY file.
8. Click Submit Job. Then go to the printer and press the Job Status button.
9. Press the Secure Print Jobs & More tab.
10. Press Secure Print.
WorkCentre 7425/7428/7435
System Administrator Guide
87
Security
11. Highlight your user ID and press Job List.
12. Enter Passcode and select Confirm.
13. Select a job or select Select All.
14. Click Print.
15. Press Close several times, when done, to return to the Job Status screen.
16. Press the Services button on the control panel to return to the Services screen.
WorkCentre 7425/7428/7435
88
System Administrator Guide

Xerox Common Access Card

Xerox Common Access Card
Xerox Common Access Card is an optional solution which provides an advanced level of security to sensitive information. By using this solution, you can restrict access to the walk-up features of the printer. This ensures that only authorized users are able to copy, scan, E-mail, and fax information.
The key benefit of this solution is its two-factor identification requirement. Users must insert their access card and enter a unique Personal Identification Number (PIN) at the device. This provides added security in the event that a card is lost or stolen.
The Xerox Common Access Enablement kit integrates with Xerox multifunction printers and existing common access and personal identity verification cards and readers.

Supported Card Readers

The customer is responsible for providing a card reader for each Printer. The following card readers are compatible with the solution:
Gemplus GemPC Twin
Gemplus GemPC USB SL
•SCM Micro SCR3310
Panasonic ZU9PS
Omnikey Cardman 3021USB
Omnikey Cardman 3121USB
Note: Other CCID compliant readers may function with the solution, but have not been validated.

Supported Card Types

The customer is also responsible for purchasing and configuring the access cards. The following card types are recommended:
Axalto Pegasus 64K / V2
Axalto Cyberflex 32K / V1
Axalto Cyberflex 64K \ V2
Gemplus GemXpresso 64K / V2
Oberthur 72K \ V2
Oberthur Cosmopoll 32K / V1
Oberthur D1 72K / V2 (contact-less and PIV)
Note: Other card types may function with the solution, but have not been validated.
WorkCentre 7425/7428/7435
System Administrator Guide
89
Security

Preparation

The following items and information are required before installation
Compatible Card Reader: See Supported Card Readers on page 89.
Compatible Access Card: See Supported Card Types on page 89.
Common Access Card Enablement Kit
TCP/IP enabled on the Printer
DNS Host name or static IP address assigned
Network Settings to be checked to ensure network is fully functional
Domain Controller (DC) information:
Domain Controller authentication environment
IP address or Host Name
Domain information
Domain Controller Root and Intermediate certificates
Check that all certificates are in 64 bit X.509 format
Determine if the DC is registered with the OCSP at this site
OCSP Server information:
•OCSP Server URL
OCSP Root and Intermediate Certificates
Check that all certificates are in 64 bit X.509 format
Proxy Server configuration details
To set up the Domain Controller (DC) validation, you will need to determine if your site validates the DC against the OCSP server. Many sites use OCSP to validate individuals, but do not register the DC with it. If you set up the Printer to validate the DC and it isn’t registered, the procedure will fail.
The retrieved DC certificate is compared to the one stored at installation. This provides a high level of security as it prevents rogue DCs masquerading as the real DC.
Note: Certificates are often obtained from the Information Technology professionals that support your
organization.
Server Requirements
Ensure your network infrastructure supports Common Access Card or Personal Identification Verificati on (PIV ).
Names or IP addresses of all servers and domains are required during setup.
Electrical Requirements
The USB port on the back of the printer’s network controller provides the power required for any of the supported card readers.
WorkCentre 7425/7428/7435
90
System Administrator Guide
Xerox Common Access Card

Installing the Common Access Card Software

Ensure that you have downloaded the Xerox WorkCentre software before performing these instructions.
If you are using a Proxy Server to reach external addresses, turn the proxy off at your browser before beginning the software install process. You can also send the printer to the list of exceptions that do not use the Proxy Server.
Follow the instructions below to install the Xerox WorkCentre software.
Enable software upgrades:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Services folder.
5. Select Machine Software, then Upgrades.
6. Select the Enabled check box, and then select Apply.
Locate the Software:
7. Select Properties then Services.
8. Select Machine Software then Manual Upgrade.
9. Browse to the location of the software which was downloaded from the Xerox Web site and select the file.
10. The path to the software file displays in the browse window.
Install the software on the Printer:
11. Select Install Software. The software file will begin uploading, and a message will be displayed when finished.
The status of the upgrade is shown at the printer and the CentreWare Internet Services interface is no longer accessible.
Check the upgrade status:
12. Check the upgrade status at the printer, by pressing the Machine Status button on the control panel and verifying the updated System Software level.
13. Once the software has been upgraded, the printer reboots automatically.
Note: The system may reboot more than once, depending on the software level of the machine before
the upgrade.
14. Print out a Configuration Report to verify the new software level.
15. The Common Access Card settings are now ready for configuring, using the CentreWare Internet Services interface.
WorkCentre 7425/7428/7435
System Administrator Guide
91
Security

Enabling and Configuring the Common Access Card Feature

Enabling the Common Access Card Software Option
Once the correct version of the software has been successfully loaded and verified, the Common Access Card software feature needs to be enabled on the printer.
This procedure should be performed by your System Administrator, or someone with System Admin access rights.
1. Press the Log In/Out button on the control panel.
2. Using the keyboard screen, enter the following PIN number into the System Administrator’s Login ID field: *6421145151.
Note: To de-activate the PIN number, simply enter the following PIN number into the System
Administrator’s Login ID field: *6421145150.
3. Touch Next.
4. Touch Logout. The printer will reboot.
5. Login as the System Administrator and select the Machine Status button.
6. Locate the Tools tab and select the System Settings followed by the Common Settings option, and then the Maintenance option.
7. Next, select the Software Option button and select the Keyboard button to enter the supplied number.
8. When finished, press the Save button, followed by the Reboot button for changes to take effect.
Configuring the Date and Time to update automatically using Network Time Protocol (NTP)
Ensure that the NTP Enable box is enabled on the printer. In order to do so, the System Administrator must log in to the printer.
1. Press the Log In/Out button on the control panel.
Note: In order to login as the System Administrator, you must select System Administrator from the
pull down menu. Verify that this selection is being made. If you see the option for Registered User, then you will not be able to login as the System Administrator.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Next, select the Machine Status button.
4. Touch the To ol s tab.
5. On the right side of the display, under Features, select the Machine Clock/Timers option.
6. Select the option for NTP Time Synchronization.
7. Select the Change Settings option and select the On option.
8. Select the Save option.
9. Select the Time Server Address option.
WorkCentre 7425/7428/7435
92
System Administrator Guide
Xerox Common Access Card
10. Select the Change Settings option and enter the IP address of the server in which the network time will be synched with.
11. Press the Save button.
12. Press the Log In/Out button.
13. Touch Logout. The printer will automatically reboot.
Configure Authentication settings for CAC
Note: These installation steps can also be performed at the printer. This is be done by logging in as the
System Administrator, selecting the Machine Status button, then proceeding to the Tools tab and navigating to the Authentication/Security Settings button. From the Authentication/Security Settings button, continue to navigate to Authentication, followed by Login Type. Then navigate back to the To ol s menu option for System Settings. Select Common Service Settings and navigate to
Connectivity & Network Setup. Select Remote Authentication Server Settings, followed by Authentication Systems. Then select Kerberos (Windows 2000). Enter the network settings for the
Authentication server by selecting Kerberos Server Settings.
To configure the Authentication settings from your computer, you must use CentreWare Internet Services.
Note: Verify that your Common Access Card reader is plugged in and operational.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select the option for Authentication Configuration, and select Login to Remote Accounts from the pull down menu. After selected, press the Apply button. The system will automatically reboot.
6. While still in the Security folder, scroll down and click the Remote Authentication Servers/Authentication System Settings folder.
7. Locate and select the Authentication System folder.
8. Press the pull down arrow and select the option for Kerberos (Windows 2000) and select Apply.
9. Enter the Kerberos server network address and realm name for all available Kerberos servers.
10. When entering the domain names, make sure to use ALL CAPS in the field.
Configuring the CAC Device Access Control
Note: This installation process can also be performed at the printer. This can be done by logging in as
the System Administrator, selecting the Machine Status button, then proceeding to the Tools tab and navigating to the Authentication /Security Settings button. From the Authentication/Security Settings button, continue to navigate to Authentication, followed by Access Control.
1. Continuing from the previous setup, select Authentication Configuration in the Security folder.
2. Select either the Device Access configure button, or the Service Access configuration button.
3. If you select the Device Access configure button, the following window will appear.
WorkCentre 7425/7428/7435
System Administrator Guide
93
Security
Note: If you wish to “Lock” individual device pathways, you may choose to lock any combination of All
Services, Job Status Pathway, or Machine Status Pathway. After you have made your selection, or selections, press the Apply button for your selections to be saved.
Use this option to Lock individual Services as well as configure your desired combination of services.
Note: When the Common Access Card is enabled, the full Copy Service feature is locked by default.
Configure CAC Settings at the Printer
Note: Be sure that the Common Access Card Reading device has been installed prior to the following
procedure steps.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Select the Authentication/Security Settings button, followed by the Authentication button.
4. Select the User Details Setup button, and set the Use of Smartcard option to Enabled.
Note: If you set this value to Enable PKI Only, the smartcard is used only for signing and/or encrypting
the scan document, not for authentication.
5. Set the SmartCard Link Mode to No Passcode required.
6. Set the SmartCard Certificate Verification Mode to Disabled.
Note: By setting the option to Disabled, you are only verifying the PIN on the card. By selecting the
option for Enabled, you are verifying both the PIN and the Certificate.
Setting up Certificates for Authentication
The following procedure is performed using the CentreWare Internet Services. Access the Printer by typing in the device’s’ IP address in your Web browser’s address field.
Note: Certificates can only be registered on the device when SSL is enabled on the device. This can be
accomplished by first creating a self-signed certificate on the device and then enabling SSL. This procedure must be performed by someone with System Administrator rights.
1. At your computer, Login to the CentreWare Internet Services as the System Administrator.
2. Select the Properties tab, and select the Security folder and navigate down until you locate the Machine Digital Certificate Management option.
3. Select the Create New Self Signed Certificate option.
4. Select Apply.
5. Next, while still under the Security folder, scroll down the list and locate the option for SSL / TLS Settings.
6. The following window will be displayed. Under the HTTP – SSL / TSL Communication check box, make the selection for Enabled, and then select Apply.
7. The Printer will need to be rebooted before the changes can take effect. Select the Reboot Machine option.
WorkCentre 7425/7428/7435
94
System Administrator Guide
Xerox Common Access Card
Note: After the Printer has returned online, the System Administrator can load the required Root
Certificate Authority certificates for the Domain Controllers and the OCSP Server.
8. At your computer, within the option for Machine Digital Certificate Management locate and select the option for Upload Signed Certificate. This option should now be available to you based on the machine reboot.
Uploading Signed Certificates
After selecting the Upload Signed Certificate option, the System Administrator will perform the following procedures.
1. Upon selecting the Upload Signed Certificate button, the following window will display. The System Administrator can browse to the directory location on the PC where the certificates will be stored.
2. After the certificate has been saved to the PC, the System Administrator can manage certificates that are loaded onto the Printer, as well as the functions they are to be used for.
Note: In order to review all the certificates, select the option for Other to view the available
certificates.
3. Select the desired options and select the Display the list button.
4. When the certificates are listed, you can select one by checking the box and then select Certificate Details to review.
5. The Certificate Details window will allow the System Administrator to Export this certificate, Delete, or Use this certificate.
Checking Proxy Server details
If required by your network environment, ensure the Proxy Server details have been configured.
1. At your computer, select the Properties tab in CentreWare Internet Services.
2. From the displayed window, select the option for Connectivity.
3. Next, select the option for Proxy Server.
4. The Proxy Server option needs to be Enabled and the server address needs to be configured.
5. Select the option for Apply.
Certificate Revocation Retrieval Settings
The System Administrator can use the functionality found in the Certificate Revocation Retrieval Settings option to configure the desired Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL).
1. Under the Security folder, select the option for Certificate Revocation Retrieval Settings.
2. Under the Level of Certificate Verification section, select the Level of Certificate Verification setting for the Common Access Card to High.
The following Level of Certificate Validation descriptions are listed below;
Low: The revocation status of certificates is not checked.
WorkCentre 7425/7428/7435
System Administrator Guide
95
Security
Medium: The revocation status of certificates is checked, but if the certificate status cannot be
obtained due to a network issue, the certificate will be considered valid.
High: The revocation status of certificates is checked. A certificate is only considered valid after
verifying that the certificate has not been revoked.
3. Next, under Retrieval of Certificate Status, select the option for By OCSP for Common Access Card setup.
Note: The By Retrieving CRL option checks the certificate status on the Printer after retrieving a CRL.
4. Next, under the URL for the OCSP Responder With option, this should be setup by the System Administrator for the Common Access Card setup. There is also an option to use an URL that’s available on a certificate.
5. Next, set the OCSP Communication Timeout Value option based on your network performance.
6. Under the CRL options, verify that the check mark box for Auto Retrieval of CRL is unchecked.
Note: The CRL Retrieval Time-out is not required for Common Access Card setup.
7. Upon making your selections, select the Apply button to register your selections. This will initiate the printer to reboot, allowing the settings to take effect.
Configuring E-mail Signing Feature
The following procedure will be performed at the printer.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Select the option for System Settings.
6. Locate and select the option for Connectivity & Network Set-up.
7. On the right side of the display, scroll down the list and locate the option for Security Settings.
8. Select the option for S/MIME Settings.
For Option #6 Digital Signature – Outgoing Mail, select the option for Always Add Signature
and press the Save button.
For Option #7 Signing Certificate – Outgoing Email, select the option for SmartCard
Certificate and press the Save button.
9. Press the Log In/Out button, and select the option for Reboot.
WorkCentre 7425/7428/7435
96
System Administrator Guide

Scanning and Faxing

This chapter includes:
Enabling Options with Software Keys on page 98
Special Features on page 99
Scan to E-mail on page 100
Network Scanning (Using Templates) on page 112
Scan to PC (FTP/SMB) on page 121
Scan to Home on page 126
Scanning to the Printer’s Hard Drive (Folders) on page 128
Setup and Use of Job Flow Sheets with Folders on page 131
Scan to PC Desktop on page 136
Installing and Using the Network Scanner Utility on page 138
Xerox Extensible Interface Program on page 140
Fa x on page 142
Server Fax on page 154
Internet Fax (iFAX) on page 162
6
97
Scanning and Faxing

Enabling Options with Software Keys

Options such as Scanning (E-Mail, Folder, Network, Twain), Security (Disk Overwrite, Secure Watermark), Internet Fax (iFAX), Server Fax, and Job Based Accounting, require purchase and subsequent enabling with a supplied 12 character key. Software keys are usually included with the kit documentation as a sticker on the manual, or they may be already installed on the printer as per the purchase agreement.
Upon receipt of the software key, use the following procedure to enable the associated Option.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. Touch Common Service Settings.
7. Touch Maintenance. Note that you may have to use the scrolling arrow to see this selection.
8. Touch Software Options and touch Keyboard. Enter the key, using the on-screen keyboard, in the box provided.
9. Touch Save, then touch Reboot.
WorkCentre 7425/7428/7435
98
System Administrator Guide

Special Features

Special Features
Some features can be customized, and special features can be enabled. For example, you can change the duration of built-in timers. Contact your Xerox representative for more information about special features, and special feature codes.
To enable a special feature:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder, then Feature Enab lement .
5. Enter the code for the special feature and click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
99
Scanning and Faxing

Scan to E-mail

E-mail Overview

You must purchase the Scanning option to Scan to E-mail. If you did not, contact your Xerox Representative to purchase this option.
The following E-mail features are available.
E-mail: Scanned documents can be converted into an electronic format and transmitted via E-mail.
iFAX: Unlike conventional fax machines which utilize public phone lines, the printer can transmit or receive scanned data as e-mail attachments using either corporate networks or the Internet.
Contents of E-mail are processed according to the settings of Print iFAX Headers and Contents in CentreWare Internet Services.
E-mail Printing: E-mail with attachments in either TIFF or PDF format can be sent to the printer. Received E-mail will automatically be printed. Contents of E-mail are processed according to the settings of Print Mail Headers and Contents in CentreWare Internet Services.
Job Completion Notice: When a computer has submitted a job to the printer, a notification of the job’s completion can be sent by E-mail.
Xerox recommends that you register the address of a network administrator or a shared address.

Preparations

Before you set up the Scan to Email feature, confirm that:.
1. The printer is turned on and connected to a network.
2. TCP/IP protocol is enabled on the printer.
3. The device has been set up with DNS.
4. The Domain Name settings for the network have been correctly setup for the printer.
Obtain the following information:
Item Description
SMTP, POP3, or SMTP mail server Host Name or IP address.
SMTP, POP3, or SMTP login and password.
The printer’s assigned email address. This E-mail address will appear in the From field on E-mails sent from
Email addresses (optional). A local address book can be created to store E-mail addresses.
LDAP server host name. Email addresses stored in a network address book LDAP can be
If using an external mail server, ask your internet service provider to provide this information.
the printer.
referenced from the printer.
WorkCentre 7425/7428/7435
100
System Administrator Guide
Loading...