Manuale d’uso / di manutenzione del prodotto 47B1001 del fabbricante Lexmark
Vai alla pagina of 56
Common Criteria Installation Supplement and Administ rator Guide Novem ber 2011 www.lex mark.com Lexmark and Lexmark with diamond design a re trademarks of Lexmark International , Inc., registered in the United States and/or o th er cou ntries. All other trademarks are the property of their respective owners.
Edit ion notice November 2011 The followin g parag raph does not a pply to a ny country whe re such pr ovisions a re inconsistent wi th local law: LEXMA RK IN TERN AT IONA L, IN C.
Cont ent s Ove rview and fi rst ste ps.. .... ....... ... ....... .... ... ....... .... ... ........ ... ....... .... ... ....... ... 5 Overvi e w..... .. ... .... ..... ... .... .. ... ... .... .. ... ...... ... ... ... ... ... ... ... ...... ... ...
Creating securi ty temp lates usi ng the EWS ... ....... ...... ....... ....... ...... ...... ........ ............ ....... ....... ...... .... .......... ...... 3 2 Contro llin g ac cess to d evice functio n s....... .. ... ... ... ... ... ...... ...
Overview and first steps Overview This g uide des cribes how to config ure a support ed L exma rk TM m ultif unction printer ( MFP) to r each Com mon Criter ia Eval uat ion A ssura nce Le vel 2 (EAL 2).
Operating environmen t The instruct ions pr ovided i n this guide a re ba sed on the f ollowing as sumptio ns an d obje ctives: • The MFP is ins talled in a cooperative, no nhos tile environm ent that is physically s ecure or monitor ed and provides prot ection fr om unaut horized access to MFP ex ternal i nterfaces.
Atta ching a lock Once a lo ck i s attached, the met al plate an d syste m board can not be rem oved, an d the securit y jumper ca nnot be acce ssed withou t caus ing visible d amage to the d evice.
3 Verify that the M FP is in Conf iguratio n m ode by locating the Exit C onfi g Me nu icon in the l ower r ight co rner of the touch s cre en. 4 Scro ll thro ugh t he conf iguration me nus to locate the Disk E ncryption me nu se lection. 5 Touc h Disk Enc ryption > En a ble .
Installing the minimum configura tion You c an achieve an eval uated c onfi guration on a no n-netw orked (stan dalone) devic e in just a fe w steps. Fo r t his conf iguration , all t asks are per formed a t the de vi ce, using the to uch sc reen.
3 Retype the pas sword, and the n touch Done to sa ve the new pa ssword and r eturn to the E dit Bac kup Passwor d scr een. 4 Set Use Ba ckup Pa ssword to On .
G rou p name T ype of user grou p wo uld be sel ect ed fo r Authenticated_Users • Administr ators permitt ed to access all devi ce functions • Administrator s permitted to us e device functions an.
3 Type a uni que name to identify the template. Us e a de scriptiv e na me, such as ”Admini st rator_Only” or “Authent icate d_Users,” and then t ouch Done . 4 On th e Authentic ation Set up scree n, se lect the inte rnal a ccounts building block, and the n touch Done .
Acc ess co ntrol Le ve l of pr ote ct io n Paper Menu at the Dev ice Authenti cated us ers only Paper Menu Remotely Authenticated users on ly Reports Menu at the Device Administrator access only Repor.
Acc ess co ntrol Le ve l of pr ote ct io n Held Jo bs Acce ss Di sabl e d Use Profiles Authenti cated users only Change Language fr om Home Screen A uthenticated users only Cancel Jobs at the Device A.
Administering the devic e This c hapter d escribe s how to co nfigure additio nal sett ings a nd fu nctions t hat m ay be availab le on yo ur devic e. Using the Embed ded Web Server Many set tings c an be con figured using ei ther the Em bedded W eb Ser ve r (EWS ) or the t ou ch sc reen.
• Cou nt ry /Re gi on —Type the countr y or region where the company or organization issuing th e certificate is lo c at ed ( 2 ‑ c h aracter m aximum ). • Pro vinc e Na me —Type the province where the com p any or organization issuing the certificate is located.
The cont ents of the fi le shou ld be in th e followi ng format: ----- BE GI N CERTI FI CA TE--- -- MIIE 1jC CA 76gA wI BA gIQY 6sV 0K L3tI hB tl r4gH G8 5zANB gk qh kiG9 w0B AQ UFAD Bs … l3DT bPe 0.
Disabling the AppleT alk pro tocol IP is the on ly net work pr otocol pe rmit ted under this ev al uation. T he AppleT alk pr otoc ol must be dis abled. Using the EWS Note: For i nformat io n about a ccessin g th e EWS, se e “Using the E mbedded Web S erv er” on pag e 1 5.
3 Click Submit . Other settin gs and f unct ions Ne t wor k Tim e P rot oc ol Use Netwo rk Time Protoco l (NTP) to automatic ally sync MFP date and time setti ngs with a trust ed clock so that Kerbero s request s and audit log events w ill be accurately time ‑ stam ped.
3 Unde r Simple Ker beros Setup, f or KDC Address , t ype the IP addr ess o r host name of the KDC ( Key Dist ri bution Cen ter ) I P . 4 For K DC P ort, ty pe the num ber o f the po rt used by the Kerbero s serve r. 5 For Realm, type the realm used by the Kerberos server.
3 Type the IP addr ess o r hos t name of the R emote Sys log Se rver , and then sele ct the Ena ble Rem ote Syslo g check box. No te: Th e Enabl e R e m ot e Sy sl og check b ox is un availabl e until an IP addres s or host na me is entere d. 4 Type the Re mote Sys log P ort nu mber u sed on the de stination se rver .
9 If you wan t the MFP to a dd a digital signa ture to e-mail a lerts, then s et “Digitall y sign ex ports” to On . 10 For “Severity of events to log,” select 5 ‑ No t ice . The chosen se verity level and anythin g higher (0–4) wil l be logged.
3 Type the Prima ry SMT P Gatew ay Port num ber o f the des ti nation s erver. 4 If you are u sing a se condar y or backup SMTP serv er, then typ e the IP ad dress or host name a nd S MTP por t for that ser ver. 5 For SMT P Tim eout, type the number of seconds (5–30) the device will w ait for a r espons e from the S MTP server before timing out.
6 If you w ant t o receive res ponses to mes sages se nt f rom th e MFP (in c ase o f faile d or boun ced messa ges), t hen pr ov id e a Re ply A ddr es s . 7 Set U se SSL t o Disable d , Negotia te or Require d to specif y whether e-ma il will be sent using an encrypted link.
Setting up a fax storage location (optional) 1 Turn off t he MFP using the p ower switch. 2 Si multaneo usly pr ess an d hol d the 2 and 6 keys on the numeric keypad whi le turning th e MFP ba ck on. It takes approxi mate ly a mi nute to boo t into the Co nfigurat ion me nu.
Exam p le : Employees in the warehouse w ill be given access to black ‑ an d ‑ white print ing only, adm inistra tive office staff will be abl e to print i n black and w hite and send f axes, and emplo yees in the m arketing depa rtment w ill have acc ess to bl ack ‑ and ‑ white pr inting, c olor pri nti ng, and f axing.
5 Click Setti ngs > Security > Se curity Se tup > Int ernal A ccoun ts . 6 Click Add an Internal Acc ount , and then provide the information needed for each account: • Accoun t Name —Type the use r's account name (example : “Jack S mith”).
• Mail Attrib ute —Type the mail attribute. • Full Name At t ribute —Type the full name attribute. • Search Base —Specify the no de in the LDA P serve r where u ser acc ounts reside. Mu ltiple sear ch base s can be en tered, sepa rat ed by s emicolon s.
• Full Name At t ribute —Type the full name attribute. • Search Base —Specify the no de in the LDA P serve r where u ser acc ounts reside. Mu ltiple sear ch base s can be en tered, sepa rat ed by s emicolon s.
Configu ring Common A ccess Card access A se t of Pu b l ic Ke y Inf ras tr uc tu re (PK I) em bedded a pplicat ions comes i nst alled on the M FP. T hese ap plicat ions prov ide for addi tio nal func tionali ty, i ncluding the use of Smar t Card s suc h as the Depa rtment of Defens e Common A ccess Card (CAC).
• Domain —This is t he car d dom ain that should be mappe d to the spe cifi ed real m. T his is the pr incipal name us ed on t he card an d sho uld be li sted by it self, fo llowe d by a comm a, a peri od, and t hen the pri nci pal name again. This value is case ‑ sensi tive and usu ally app ears i n lowe rcase.
Creat ing s ecuri ty t empla tes us ing the EW S A securit y templat e is assigned to e ach devic e function to control w hich us ers are perm itted to access that funct ion. At a minimum, you must crea te two sec urity templates: one for "Admini strator_O nly" and one for "Authenticated_Users.
Notes: • Clicking Delete Li st from the Manage Security T emplates s creen w ill delete all s ecurity t emplates o n the MFP, regardless of wh ich one is s elected. To delete a n individual sec urity template, select it from t he list, a nd then cli ck Delete E ntry .
• V eri f y J o b Ex pi r at io n —T his can be set to Off , Same as Confident ial Prin t , or one of four inter vals rang ing fro m one hour to one week. • Repeat J ob Expirat ion — This ca n be set to Of f , S ame as C onfident ial Print , or one of fo ur interv als ranging fro m one hour to one week.
Acc ess control Leve l o f pr otec tion Network/Ports Menu at the Device Administr ator ac c ess only Network/Ports Menu R emotely Administr ator ac cess only Manage Shortcuts at the D evice Authentic.
Acc ess control L evel of prot ectio n Use Profiles Authenticated users onl y Change Language from Home Screen Authenticated users onl y Cancel Jobs at the Device Administrator access only PictBridge .
Troubleshooting Lo gin is sues “Unsupported USB Device” error message M AKE SU RE A S UPPORTED S MART C AR D RE AD ER IS ATTAC HED Only the Om niKey read er t hat ca me with the printe r is su pport ed. Remove t he un suppo rted r eader an d att ach the Omni Key reader.
“The KDC and MF P clocks are differe nt bey ond an accept able range; c heck the MFP's date and time” e rror messa ge This er ror indicates that the p rinter clo ck is more than five m inutes out of s ync with th e domain co ntro ller clock.
“The Doma in Controller I ssu ing Certi ficate ha s not b een inst alled” error mes sag e M AKE SU RE THAT THE CORRECT CERTIFIC ATE HA S BEE N IN STA LLE D ON TH E PRINT ER For info rmatio n on inst alling, view ing, or modi fying ce rtif icates, see “Creating an d mod ifying di gital certific ates” on page 15 .
“Realm on t he card w as not found in t he Kerberos C onfigurati on Fi le” error me ssag e This err or oc curs during Smart Card lo gin. U PLOAD A K ERB ERO S CONFI G URATION FI LE AND MAKE SU RE THE RE AL M HA S BEE N ADDED TO THE FILE The PKI Authent icati on sett ings do not support multiple Ke rberos R ealm entries .
LDAP issues LDAP look ups ta ke a long ti me an d the n fail This iss ue c an occu r during lo gin (at “Ge tting Us er Info”) or durin g addres s book sear ches.
Held Jobs/ Pr int Re lea se L ite is sues “You are not authori zed to us e th is feature ” Held Jobs e rror mess age A DD TH E USER TO THE APPROPRIA TE A CTI VE D IREC TOR Y GR OUP If user autho r.
Jobs are pri ntin g out imme dia tely Try one o r more of th e foll owi ng : M AKE SU RE PKI H ELD J OBS IS IN STA LLED AND RUN NING 1 From t he Embe dded Web S erver, c lick Settings > Devic e Solu tions > So l u ti o ns (e S F) .
Appendix A: Using the touch screen Understa nding th e home screen The screen located on the front of the MFP is touch ‑ sensitiv e an d can be us ed t o access devic e func tions and navig ate setti ngs and configur ation m enus. The ho me sc reen l ooks simil ar to t his (yours may c ontai n addi tional ic on s): @ Status/ Supplies Ready .
To ty pe a sin gle upperc ase or s hift char acter, touc h Shif t , and the n to uch th e letter or numbe r you ne ed to upper case. To t urn on C aps Lock, t ouch Cap s , and then continue typing . Caps Lock will remain engaged unt il you touch Cap s ag ain .
Appendix B: Acro nyms Acronyms used in this guide CA C ert i f ica te A u th or it y CAC C omm on A cc ess C ard D C Domai n Co ntro ller DHCP Dynamic Host Configuration Protocol DN S Do m a in N am e.
Appendix C: Description o f acce ss controls Acces s contr ols Depend ing on t he devic e type and inst alled options , som e access co ntrols (ref erred t o on s ome devi ces a s Function Access C ontro ls) may no t be availabl e for your print er.
Func tion acc ess contr ol What i t does Settings Menu Rem otely T his protects access to the General and Pr int Settings secti ons of the Setti ngs menu from the Embedded W eb S erver. Supplies Menu at the Device This protec ts access to the S upplies menu from th e printer contr ol panel.
Func tion acc ess contr ol What i t does Create Profiles This contr ols the abi lity to c reate new profiles. E ‑ mail Function This contr ols access to the Scan to E ‑ mail fun cti on. Fax Function This controls access to the Scan to Fax function.
Appendix D : Using Common Acces s Cards Using a Common Access Card to acc ess the printer 1 Insert you r Common Acces s Card int o the card re a der attach ed to the p rinter. 2 Whe n prompt ed, enter your P IN usin g the keyp ad t hat appea rs o n the touc h scree n, and t hen touc h Next .
Notices LEXMARK SOFTWARE LICENSE A GREEMENT PLEAS E READ CAR EFULL Y BEFO RE IN STAL LING AN D/OR U SIN G THI S SOFTW ARE : This Softw are License Ag reement ("License Agreement") is a legal agreement between you (either an individual or a single entity) and Lexmar k Inter national, In c.
c Res ervat ion of Rig hts. The S oftware Pro gram, i ncluding all fonts, is c opyri ghted and owned b y Lexmark I nternationa l, Inc . and/or i ts suppl iers. Lexmark r eserv es all right s not express ly granted to you in t his Lice nse Agreement. d Free ware.
all copies of the Sof twar e Progra m t ogethe r with all m odif icati ons, docu mentat ion, and mer ged port ions i n any for m. 11 TAXES. You agree that you are respo nsible for paymen t of any taxe.
Index A access c ontrols list of 47 setting a t the device 1 2 us i n g th e EW S to s e t 34 acrony ms 46 AppleTa lk disabling 18 assumpt ion s 6 au dit lo gg ing configu ring 20 auth enticati on tok.
securi ty a udit log configu ring 20 secu rity cer tificates creating and modi fying 15 secu rit y obj ectives 6 secu ri ty re set jum pe r enabling 25 secu ri ty sl ot finding 7 secur i ty templates .
www.l e xmar k.com *3065326* PN 3065326 Rev . 001.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Lexmark 47B1001 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Lexmark 47B1001 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Lexmark 47B1001 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Lexmark 47B1001 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Lexmark 47B1001, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Lexmark 47B1001.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Lexmark 47B1001. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Lexmark 47B1001 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.