HP CM8060 User Manual
Have a look at the manual HP CM8060 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
5 Secure the device This chapter contains information about the following topics: ● Security standards ● Set the device administrator password ● Lock the Administrator Tools section of the startup menu ● Disable printing through a direct connection ● Disable printing from the embedded Web server ● Restrict users from sending e-mail to accounts other than their own ● Control access to the device ● Restrict color use ● Manage certificates ● Example security configurations ENWW 57
Security standards The device supports security standards and recommended protocols that help you keep the device secure, protect critical information on your network, and simplify the way you monitor and maintain the device. The device comes with an embedded HP Jetdirect print server that features IP Security (IPsec). For in-depth information about HPs secure imaging and printing solutions, visit www.hp.com/go/ secureprinting . The site provides links to white papers and FAQ documents about security features. IP Security IPsec is a set of protocols that control IP-based ne twork traffic to and from the device. IPsec provides host-to-host authentication, data integrity, and encryption of network communications. You can configure IPsec by using the Networking tab in the embedded Web server. 58 Chapter 5 Secure the device ENWW
Set the device administrator password To prevent unauthorized access to the device settings, use the embedded Web server to set a device administrator password. This password grants acce ss to the administrative features of the embedded Web server. Until the password is set, all of the tabs are availalble to all users. When users try to access the embedded Web server after setting the administrator password, the only tab that is available without signing in is the Information tab. Access to all other tabs requires the device administrator password. This prevents unauthoriz ed users from changing global settings or from changing access restrictions that you have established. This password is also th e access code that users who are part of the Device Administrator permission set must provide at the device control panel to open features that are for administrators only. At the device control panel, touch Sign In, touch Advanced , and then select Local Device. From the drop-down list, select Administrator Access Code . Use the EWS to set the administrator password 1.Open the embedded Web server. See Open the embedded Web server on page 40. 2. Select the Settings tab, and then select General Security from the menu on the left side of the screen. 3. In the Set Password area, type the new password in the boxes labeled New Password and Verify Password . If you have already set up a pass word, type the old password in the Old Password box. 4. Click Apply . NOTE: If you forget the device administrator password, you can use the Cold Reset function in the device startup menu to reset it to a blank value. To prevent unauthorized users from changing the device administrator password, HP recommends that you protect the Administrator Tools area of the startup menu by creating a password for it. See Lock the Administrator Tools section of the startup menu on page 60. If you have forgotten both of these passwo rds, an HP-authorized service representative must reset them. ENWW Set the device administrator password 59
Lock the Administrator Tools section of the startup menu While the device is initializing, you can open a sp ecial startup menu. HP-authorized service personnel use this menu for advanced troubleshooting proced ures. One section of this menu provides system administrators with additional device-managemen t features that are not available through the Administration menu on the control panel. To prevent unauthorized access to this menu, you can create a password for the Administrator Tools portion of the startup menu. NOTE: The following procedure requires that you are at the device. You can set the Administrator Tools password only from within the startup menu. The names of the options in the startup menu are in English only. 1. Do one of the following. ● If the device is on: press the on/off button on the device control panel. Select Restart to start the device initialization process. ● If the device is off: press the on/off button on the device control panel to turn the device on. 2. While the device is in itializing, watch the control-panel disp lay. When the white HP logo appears on the black background, press the Stop button. 3. Press 8 to move the highlight to Administrator Tools. Press 5 to select it. 4. Press 8 to move the highlight to Change Administrator Password . Press 5 to select it. 5. A prompt to enter a new password appears. Use the numeric keypad to type the password. A second prompt appears so you can conf irm the password. Type the password again. 6. Press Start to save the pass word. The message Administrator password changed successfully appears. 7. Press Start to continue. NOTE: To clear a password that has already been set, enter a blank password. After you have set an administrator password, you must sign in to the startup menu before you can open the Administrator Tools . 1. After opening the startup menu, press 8 to move the highlight to Sign In. Press 5 to select it. 2. A prompt to enter the password appears. Use the numeric keypad to type the password. 3. Press Start to enter the password. The Administrator Tools option should now be available. 4. Press 8 to move the highlight to Administrator Tools. Press 5 to select it. 60 Chapter 5 Secure the device ENWW
Disable printing through a direct connection If you want to allow printing only from users who are connected to the device through a network connection, you can disable printing through a direct port. 1. Open the embedded Web server. See Open the embedded Web server on page 40. 2. Select the Settings tab, and then select General Security from the menu on the left side of the screen. 3. In the area for Direct Ports, select Disable Direct Ports . 4. Click Apply . The device automatically turns off and then on. Disable printing from the embedded Web server The Print page on the embedded Web server Information tab provides a way for users to print a document directly from the embedded Web server. Yo u can disable this feature to prevent users from printing through this Web connection. 1. Open the embedded Web server. See Open the embedded Web server on page 40. 2. Select the Settings tab, and then select General Security from the menu on the left side of the screen. 3. In the area for Set Options, clear the check box next to Display Print Page on Information Tab . ENWW Disable printing through a direct connection 61
Restrict users from sending e-mail to accounts other than their own You can configure the E-mail option so that us ers can send e-mail only to their own accounts. 1. Open the embedded Web server. See Open the embedded Web server on page 40. 2. Select the Digital Sending tab, and then select E-mail Setup from the menu on the left side of the screen. 3. In the area for Default Message Settings , select Restrict users from editing all address fields . Configure the E-mail feature so that users must sign in to use it. See Control access to the device on page 63. 4. Click Apply . 62 Chapter 5 Secure the device ENWW
Control access to the device You can use the embedded Web server to control which device features require users to sign in before being able to access those features. You can also create permission sets that grant varying levels of access to individual users or groups of users. 1. Open the embedded Web server. See Open the embedded Web server on page 40. 2. Select the Settings tab. 3. Select Device Sign In from the menu on the left side of the screen. Access-control level for device features On the Device Access tab, specify the level of control you want. Table 5-1 Access-control levels LevelDescription Maximum Access ControlAll users must sign in before using any featur es on the device control panel. Users have access only to the features that are allowed by their permission sets. If you select this option, you must configure and assign permission sets. See Permission sets on page 64. Minimum Access ControlNo users must sign in before using any features on the device control panel. If you select this option, you do not need to configure and assign permission sets. Custom Access ControlUsers must sign in only for the device features that you specify. 1.Select Custom Access Control , and then click Define Custom . 2. Select the features that you want to restrict. 3. Select the default method for signing in for each feature. This step is optional. TIP: Use the default settings and change them only if you need to. 4. Click OK to save the settings. If you select this option, you must configure and assign permission sets. See Permission setson page 64. ENWW Control access to the device 63
Permission sets If you selected either Maximum Access Control or Custom Access Control for the access-control level, you must configure permission sets. You can al so create new permission sets to meet access- control needs. You can assign permission sets to user accounts that are stored on the device or to network users and groups. The device has the following preconfigured permission sets: ● Device User : This permission set is editable, and it can be assigned to individual users and groups. The default settings for this permission set allow the device user to access only to the Information menu in the administration application, but you can change them as needed. ● Device Administrator : This permission set is for system administrators. It is not editable, but you can assign it to users and groups in addition to yourself. NOTE: This permission set provides access to feat ures at the device control panel that are reserved for administrators, but it does not prov ide access to the administrator functions in the embedded Web server or the Service function on the device control panel. The following table summarizes the device functions that are available for access-control by configuring permission sets. Table 5-2 Permission-set options Main featureSub-optionsDescription Administration applicationInformation menu Default Job Options menu Time/Scheduling menu Management menu Initial Setup menu Device Behavior menu Troubleshooting menu Resets menuPermits access to the Administration menu on the device control panel. Clear the check boxes nex t to any of the sub- menus that you do not want members of this permission set to use. If you want to restrict access to all of the Administration sub-menus, clear the check box next to Administration application. Copy application Make a Color Copy Make a Copy with Professional Color Quality Permits access to the Copy feature on the device control panel. Clear the check box next to Make a Color Copy to restrict all color copying. Clear the check box next to Copy application to restrict making copies. If you select the check box next to Make a Color Copy but clear the check box next to Make a Copy with Professional Color Quality , members of this permission set can make only General Office color-quality copies. 64 Chapter 5 Secure the device ENWW
Main featureSub-optionsDescription Fax applicationAbility to edit a Speed DialPermits access to the Fax feature on the device control panel. Clear the check box next to Ability to edit a Speed Dial to restrict members of this permission set from changing any speed-dial information. Job StatusDetails or Cancel any users job Ability to Promote any users jobPermits access to the Job Status feature on the device control panel. If you clear the check box next to Details or Cancel any users job , members of this permission set cannot see the details for any jobs that are in the queue, and they cannot cancel any jobs other than their own. If you clear the check box next to Ability to Promote any users job , members of this permission set cannot promote any jobs in the queue. Job Storage application Permits access to the Job Storage feature on the device control panel. If you clear this check box, members of this permission set cannot store or retrieve jobs at the device control panel. E-mail application Permits access to the E-mail digital send feature on the device control panel. Network Folder applicationAbility to edit the network folder pathPermits access to edit the Network Folder path on the device control panel. If you clear this check box, members of this permission set cannot edit the network folder path. Service Assist application Permits access to basic Service functions that are available only when working with an HP-authorized service representative. Table 5-2 Permission-set options (continued) ENWW Control access to the device 65
Main featureSub-optionsDescription Supply Status application Permits access to the Supplies Status feature on the device control panel. If you clear this check box, members of this permission set cannot view supplies status and they cannot configure the paper size or type settings for the trays. Printing Print with Professional Color Quality Print with General Office Color Quality Select a Printing option to allow members of this permission set to print with the desired color quality. If you clear the check box next to Print with Professional Color Quality , members of this permission set can print only with General Office quality color. If you clear both check boxes next to Print with Professional Color Quality and Print with General Office Color Quality , members of this permission set can print only in black & white. Edit an existing permission set 1.In the area for Permission Sets , select the name of the permissi on set that you want to edit, and click Edit. NOTE: You cannot edit the Device Administrator permission set. 2.If you selected Custom Access Control or Maximum Access Control on the Device Access tab, you can allow access to a controlled device function by selecting the check box in each heading area. NOTE: For Copy, you must select the check box in the main heading area in order to select any of the sub-items beneath it. For example, select Copy application to allow members of this permission set to make copies at the device. 3. If you want to restrict some options within a f eature, clear the appropriate check boxes under the main heading. For example, if you want to allow members of this permission set to make black & white copies but not color copies, clear the check box next to Make a Color Copy. NOTE:To restrict color features, you must first open the Restrict Color/Limits page from the menu on the left side of the screen. Select Custom Access Control for the Color Access Control Level . 4.Click OK. Create a new permission set 1.In the area for Permission Sets , click New to create a new permission set. 2. Type a unique name for the permission set, and then specify the features that members of this permission set are allowed to use. Table 5-2 Permission-set options (continued) 66 Chapter 5 Secure the device ENWW