Lexmarkメーカー47B1001の使用説明書/サービス説明書
ページ先へ移動 of 56
Common Criteria Installation Supplement and Administ rator Guide Novem ber 2011 www.lex mark.com Lexmark and Lexmark with diamond design a re trademarks of Lexmark International , Inc., registered in the United States and/or o th er cou ntries. All other trademarks are the property of their respective owners.
Edit ion notice November 2011 The followin g parag raph does not a pply to a ny country whe re such pr ovisions a re inconsistent wi th local law: LEXMA RK IN TERN AT IONA L, IN C.
Cont ent s Ove rview and fi rst ste ps.. .... ....... ... ....... .... ... ....... .... ... ........ ... ....... .... ... ....... ... 5 Overvi e w..... .. ... .... ..... ... .... .. ... ... .... .. ... ...... ... ... ... ... ... ... ... ...... ... ...
Creating securi ty temp lates usi ng the EWS ... ....... ...... ....... ....... ...... ...... ........ ............ ....... ....... ...... .... .......... ...... 3 2 Contro llin g ac cess to d evice functio n s....... .. ... ... ... ... ... ...... ...
Overview and first steps Overview This g uide des cribes how to config ure a support ed L exma rk TM m ultif unction printer ( MFP) to r each Com mon Criter ia Eval uat ion A ssura nce Le vel 2 (EAL 2).
Operating environmen t The instruct ions pr ovided i n this guide a re ba sed on the f ollowing as sumptio ns an d obje ctives: • The MFP is ins talled in a cooperative, no nhos tile environm ent that is physically s ecure or monitor ed and provides prot ection fr om unaut horized access to MFP ex ternal i nterfaces.
Atta ching a lock Once a lo ck i s attached, the met al plate an d syste m board can not be rem oved, an d the securit y jumper ca nnot be acce ssed withou t caus ing visible d amage to the d evice.
3 Verify that the M FP is in Conf iguratio n m ode by locating the Exit C onfi g Me nu icon in the l ower r ight co rner of the touch s cre en. 4 Scro ll thro ugh t he conf iguration me nus to locate the Disk E ncryption me nu se lection. 5 Touc h Disk Enc ryption > En a ble .
Installing the minimum configura tion You c an achieve an eval uated c onfi guration on a no n-netw orked (stan dalone) devic e in just a fe w steps. Fo r t his conf iguration , all t asks are per formed a t the de vi ce, using the to uch sc reen.
3 Retype the pas sword, and the n touch Done to sa ve the new pa ssword and r eturn to the E dit Bac kup Passwor d scr een. 4 Set Use Ba ckup Pa ssword to On .
G rou p name T ype of user grou p wo uld be sel ect ed fo r Authenticated_Users • Administr ators permitt ed to access all devi ce functions • Administrator s permitted to us e device functions an.
3 Type a uni que name to identify the template. Us e a de scriptiv e na me, such as ”Admini st rator_Only” or “Authent icate d_Users,” and then t ouch Done . 4 On th e Authentic ation Set up scree n, se lect the inte rnal a ccounts building block, and the n touch Done .
Acc ess co ntrol Le ve l of pr ote ct io n Paper Menu at the Dev ice Authenti cated us ers only Paper Menu Remotely Authenticated users on ly Reports Menu at the Device Administrator access only Repor.
Acc ess co ntrol Le ve l of pr ote ct io n Held Jo bs Acce ss Di sabl e d Use Profiles Authenti cated users only Change Language fr om Home Screen A uthenticated users only Cancel Jobs at the Device A.
Administering the devic e This c hapter d escribe s how to co nfigure additio nal sett ings a nd fu nctions t hat m ay be availab le on yo ur devic e. Using the Embed ded Web Server Many set tings c an be con figured using ei ther the Em bedded W eb Ser ve r (EWS ) or the t ou ch sc reen.
• Cou nt ry /Re gi on —Type the countr y or region where the company or organization issuing th e certificate is lo c at ed ( 2 ‑ c h aracter m aximum ). • Pro vinc e Na me —Type the province where the com p any or organization issuing the certificate is located.
The cont ents of the fi le shou ld be in th e followi ng format: ----- BE GI N CERTI FI CA TE--- -- MIIE 1jC CA 76gA wI BA gIQY 6sV 0K L3tI hB tl r4gH G8 5zANB gk qh kiG9 w0B AQ UFAD Bs … l3DT bPe 0.
Disabling the AppleT alk pro tocol IP is the on ly net work pr otocol pe rmit ted under this ev al uation. T he AppleT alk pr otoc ol must be dis abled. Using the EWS Note: For i nformat io n about a ccessin g th e EWS, se e “Using the E mbedded Web S erv er” on pag e 1 5.
3 Click Submit . Other settin gs and f unct ions Ne t wor k Tim e P rot oc ol Use Netwo rk Time Protoco l (NTP) to automatic ally sync MFP date and time setti ngs with a trust ed clock so that Kerbero s request s and audit log events w ill be accurately time ‑ stam ped.
3 Unde r Simple Ker beros Setup, f or KDC Address , t ype the IP addr ess o r host name of the KDC ( Key Dist ri bution Cen ter ) I P . 4 For K DC P ort, ty pe the num ber o f the po rt used by the Kerbero s serve r. 5 For Realm, type the realm used by the Kerberos server.
3 Type the IP addr ess o r hos t name of the R emote Sys log Se rver , and then sele ct the Ena ble Rem ote Syslo g check box. No te: Th e Enabl e R e m ot e Sy sl og check b ox is un availabl e until an IP addres s or host na me is entere d. 4 Type the Re mote Sys log P ort nu mber u sed on the de stination se rver .
9 If you wan t the MFP to a dd a digital signa ture to e-mail a lerts, then s et “Digitall y sign ex ports” to On . 10 For “Severity of events to log,” select 5 ‑ No t ice . The chosen se verity level and anythin g higher (0–4) wil l be logged.
3 Type the Prima ry SMT P Gatew ay Port num ber o f the des ti nation s erver. 4 If you are u sing a se condar y or backup SMTP serv er, then typ e the IP ad dress or host name a nd S MTP por t for that ser ver. 5 For SMT P Tim eout, type the number of seconds (5–30) the device will w ait for a r espons e from the S MTP server before timing out.
6 If you w ant t o receive res ponses to mes sages se nt f rom th e MFP (in c ase o f faile d or boun ced messa ges), t hen pr ov id e a Re ply A ddr es s . 7 Set U se SSL t o Disable d , Negotia te or Require d to specif y whether e-ma il will be sent using an encrypted link.
Setting up a fax storage location (optional) 1 Turn off t he MFP using the p ower switch. 2 Si multaneo usly pr ess an d hol d the 2 and 6 keys on the numeric keypad whi le turning th e MFP ba ck on. It takes approxi mate ly a mi nute to boo t into the Co nfigurat ion me nu.
Exam p le : Employees in the warehouse w ill be given access to black ‑ an d ‑ white print ing only, adm inistra tive office staff will be abl e to print i n black and w hite and send f axes, and emplo yees in the m arketing depa rtment w ill have acc ess to bl ack ‑ and ‑ white pr inting, c olor pri nti ng, and f axing.
5 Click Setti ngs > Security > Se curity Se tup > Int ernal A ccoun ts . 6 Click Add an Internal Acc ount , and then provide the information needed for each account: • Accoun t Name —Type the use r's account name (example : “Jack S mith”).
• Mail Attrib ute —Type the mail attribute. • Full Name At t ribute —Type the full name attribute. • Search Base —Specify the no de in the LDA P serve r where u ser acc ounts reside. Mu ltiple sear ch base s can be en tered, sepa rat ed by s emicolon s.
• Full Name At t ribute —Type the full name attribute. • Search Base —Specify the no de in the LDA P serve r where u ser acc ounts reside. Mu ltiple sear ch base s can be en tered, sepa rat ed by s emicolon s.
Configu ring Common A ccess Card access A se t of Pu b l ic Ke y Inf ras tr uc tu re (PK I) em bedded a pplicat ions comes i nst alled on the M FP. T hese ap plicat ions prov ide for addi tio nal func tionali ty, i ncluding the use of Smar t Card s suc h as the Depa rtment of Defens e Common A ccess Card (CAC).
• Domain —This is t he car d dom ain that should be mappe d to the spe cifi ed real m. T his is the pr incipal name us ed on t he card an d sho uld be li sted by it self, fo llowe d by a comm a, a peri od, and t hen the pri nci pal name again. This value is case ‑ sensi tive and usu ally app ears i n lowe rcase.
Creat ing s ecuri ty t empla tes us ing the EW S A securit y templat e is assigned to e ach devic e function to control w hich us ers are perm itted to access that funct ion. At a minimum, you must crea te two sec urity templates: one for "Admini strator_O nly" and one for "Authenticated_Users.
Notes: • Clicking Delete Li st from the Manage Security T emplates s creen w ill delete all s ecurity t emplates o n the MFP, regardless of wh ich one is s elected. To delete a n individual sec urity template, select it from t he list, a nd then cli ck Delete E ntry .
• V eri f y J o b Ex pi r at io n —T his can be set to Off , Same as Confident ial Prin t , or one of four inter vals rang ing fro m one hour to one week. • Repeat J ob Expirat ion — This ca n be set to Of f , S ame as C onfident ial Print , or one of fo ur interv als ranging fro m one hour to one week.
Acc ess control Leve l o f pr otec tion Network/Ports Menu at the Device Administr ator ac c ess only Network/Ports Menu R emotely Administr ator ac cess only Manage Shortcuts at the D evice Authentic.
Acc ess control L evel of prot ectio n Use Profiles Authenticated users onl y Change Language from Home Screen Authenticated users onl y Cancel Jobs at the Device Administrator access only PictBridge .
Troubleshooting Lo gin is sues “Unsupported USB Device” error message M AKE SU RE A S UPPORTED S MART C AR D RE AD ER IS ATTAC HED Only the Om niKey read er t hat ca me with the printe r is su pport ed. Remove t he un suppo rted r eader an d att ach the Omni Key reader.
“The KDC and MF P clocks are differe nt bey ond an accept able range; c heck the MFP's date and time” e rror messa ge This er ror indicates that the p rinter clo ck is more than five m inutes out of s ync with th e domain co ntro ller clock.
“The Doma in Controller I ssu ing Certi ficate ha s not b een inst alled” error mes sag e M AKE SU RE THAT THE CORRECT CERTIFIC ATE HA S BEE N IN STA LLE D ON TH E PRINT ER For info rmatio n on inst alling, view ing, or modi fying ce rtif icates, see “Creating an d mod ifying di gital certific ates” on page 15 .
“Realm on t he card w as not found in t he Kerberos C onfigurati on Fi le” error me ssag e This err or oc curs during Smart Card lo gin. U PLOAD A K ERB ERO S CONFI G URATION FI LE AND MAKE SU RE THE RE AL M HA S BEE N ADDED TO THE FILE The PKI Authent icati on sett ings do not support multiple Ke rberos R ealm entries .
LDAP issues LDAP look ups ta ke a long ti me an d the n fail This iss ue c an occu r during lo gin (at “Ge tting Us er Info”) or durin g addres s book sear ches.
Held Jobs/ Pr int Re lea se L ite is sues “You are not authori zed to us e th is feature ” Held Jobs e rror mess age A DD TH E USER TO THE APPROPRIA TE A CTI VE D IREC TOR Y GR OUP If user autho r.
Jobs are pri ntin g out imme dia tely Try one o r more of th e foll owi ng : M AKE SU RE PKI H ELD J OBS IS IN STA LLED AND RUN NING 1 From t he Embe dded Web S erver, c lick Settings > Devic e Solu tions > So l u ti o ns (e S F) .
Appendix A: Using the touch screen Understa nding th e home screen The screen located on the front of the MFP is touch ‑ sensitiv e an d can be us ed t o access devic e func tions and navig ate setti ngs and configur ation m enus. The ho me sc reen l ooks simil ar to t his (yours may c ontai n addi tional ic on s): @ Status/ Supplies Ready .
To ty pe a sin gle upperc ase or s hift char acter, touc h Shif t , and the n to uch th e letter or numbe r you ne ed to upper case. To t urn on C aps Lock, t ouch Cap s , and then continue typing . Caps Lock will remain engaged unt il you touch Cap s ag ain .
Appendix B: Acro nyms Acronyms used in this guide CA C ert i f ica te A u th or it y CAC C omm on A cc ess C ard D C Domai n Co ntro ller DHCP Dynamic Host Configuration Protocol DN S Do m a in N am e.
Appendix C: Description o f acce ss controls Acces s contr ols Depend ing on t he devic e type and inst alled options , som e access co ntrols (ref erred t o on s ome devi ces a s Function Access C ontro ls) may no t be availabl e for your print er.
Func tion acc ess contr ol What i t does Settings Menu Rem otely T his protects access to the General and Pr int Settings secti ons of the Setti ngs menu from the Embedded W eb S erver. Supplies Menu at the Device This protec ts access to the S upplies menu from th e printer contr ol panel.
Func tion acc ess contr ol What i t does Create Profiles This contr ols the abi lity to c reate new profiles. E ‑ mail Function This contr ols access to the Scan to E ‑ mail fun cti on. Fax Function This controls access to the Scan to Fax function.
Appendix D : Using Common Acces s Cards Using a Common Access Card to acc ess the printer 1 Insert you r Common Acces s Card int o the card re a der attach ed to the p rinter. 2 Whe n prompt ed, enter your P IN usin g the keyp ad t hat appea rs o n the touc h scree n, and t hen touc h Next .
Notices LEXMARK SOFTWARE LICENSE A GREEMENT PLEAS E READ CAR EFULL Y BEFO RE IN STAL LING AN D/OR U SIN G THI S SOFTW ARE : This Softw are License Ag reement ("License Agreement") is a legal agreement between you (either an individual or a single entity) and Lexmar k Inter national, In c.
c Res ervat ion of Rig hts. The S oftware Pro gram, i ncluding all fonts, is c opyri ghted and owned b y Lexmark I nternationa l, Inc . and/or i ts suppl iers. Lexmark r eserv es all right s not express ly granted to you in t his Lice nse Agreement. d Free ware.
all copies of the Sof twar e Progra m t ogethe r with all m odif icati ons, docu mentat ion, and mer ged port ions i n any for m. 11 TAXES. You agree that you are respo nsible for paymen t of any taxe.
Index A access c ontrols list of 47 setting a t the device 1 2 us i n g th e EW S to s e t 34 acrony ms 46 AppleTa lk disabling 18 assumpt ion s 6 au dit lo gg ing configu ring 20 auth enticati on tok.
securi ty a udit log configu ring 20 secu rity cer tificates creating and modi fying 15 secu rit y obj ectives 6 secu ri ty re set jum pe r enabling 25 secu ri ty sl ot finding 7 secur i ty templates .
www.l e xmar k.com *3065326* PN 3065326 Rev . 001.
デバイスLexmark 47B1001の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Lexmark 47B1001をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはLexmark 47B1001の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Lexmark 47B1001の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Lexmark 47B1001で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Lexmark 47B1001を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はLexmark 47B1001の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Lexmark 47B1001に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちLexmark 47B1001デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。
