HP CM8060 User Manual

							
3.If you selected  Custom Access Control  or Maximum Access Control  on the Device Access
tab, you can allow access to a controlled device function by selecting the check box in each heading
area.
For example, select  Copy Application to allow members of this permission set to make copies at
the device.
NOTE: For Copy, you must select the check box in th e main heading area in order to select any
of the sub-items beneath it.
4. If you want to restrict some options within a fe ature, clear the appropriate check boxes under the
main heading.
For example, if you want to allow members of this  permission set to make black & white copies but
not color copies, clear the check boxes next to  Make a Color Copy and Make a Copy with
Professional Color Quality .
NOTE:To restrict color features, you must first open the  Restrict Color/Limits page from the
menu on the left side of the screen. Select  Custom for the Color Access Control Level .
5.Click  OK.
TIP: If you plan to restrict color use for some users,  set up different permission sets for color users
and for non-color users.
TIP: A permission sets checkbox is not available (graye d out) if the function was not set to require
signing in on the  Define Custom page for setting up access control, or if the function is a color setting
and the option for co ntrolling color on the  Restrict Color page has not been set to  Custom.
NOTE: To assign permission sets to users or groups of users, use the  Users/Groups tab. See Create
user and group accounts on page 68.
ENWW Control access to the device 67
 
						

							
Create user and group accounts
You can use the embedded Web server to access users or groups already defined on the network. You
can also set up device user accounts, which are assigned an access code and are stored on the device
hard disk.
The simplest way to set up access for all users in  your organization is to configure the Device User
permission set to meet the needs of the majority of the users. Then, assign all users to the Device User
permission set. For those individuals who need acce ss that is different than the Device User permission
set, create custom permission sets.
Assign users and groups  to permission sets
1.Open the embedded Web server. See Open the embedded Web server on page 40.
2. Select the  Settings tab.
3. Select  Device Sign In  from the menu on the left side of the screen.
4. Click the  Users/Groups  tab.
5. Configure the permission sets according to the  type of Sign In method you are using. See 
Sign-in
methods on page 71.
● Windows Users and Groups
● LDAP Users and Groups
● Novell NDS Users and Groups
● Device User Accounts (Local
 Device sign-in method. Netw ork sign-in is not required.)
Add new Windows or LDAP users or groups and assign permission sets The procedure is the same for Wi ndows or LDAP users and groups.
1. In either the  Windows Users and Groups  area or the LDAP Users and Groups  area, click
New .
2. Next to  User or Group , select either User or Group .
3. Next to  Network User or Group Name , type the name for the user or group.
NOTE:The mapping name must match the user or gr oup name that is already defined on the
network. Use the full domain\user or domain\group path.
4. Next to  Permission Set , select the permission set to assign to this user or group.
5. Click  OK to add the new user or group.
Edit permission-set assignments for existing Windows or LDAP users or groups The procedure is the same for Wi ndows or LDAP users and groups.
1. In either the  Windows Users and Groups  area or the LDAP Users and Groups  area, select a
user or group, and click  Edit. The  Edit Mapping  page opens.
2. Next to  User or Group , select either User or Group .
3. Next to  Network User or Group Name , type the name for the user or group.
68 Chapter 5   Secure the device ENWW
 
						

							
NOTE:The mapping name must match the user or gr oup name that is already defined on the
network. Use the full domain\user or domain\group path.
4. Next to  Permission Set , select the permission set to assign to this user or group depending on
the type of mapping being created.
5. Click  OK to save the changes.
Remove permission-set assignments for exi sting Windows or LDAP users or groups
The procedure is the same for Wi ndows or LDAP users and groups.
1. In either the  Windows Users and Groups  area or the LDAP Users and Groups  area, select a
user or group, and click  Delete.
2. A message appears that warns you that you are  about to delete the user or group. Click OK to
delete the user or group, or click  Cancel to return to the previous screen without deleting the user
or group.
Add new device user accounts and assign permission sets 1.On the  Users/Groups  tab, in the Device User Accounts  area, click New.
2. An auto-generated access code appears. If you change the access code, it must be unique and
be five digits.
3. Type the users full name and e- mail address (the e-mail address  is optional). The name must be
unique.
4. Type the users network name (optional). This  name is used for access to device features that
require a network account. The name must be unique, and it must match the full account name,
including the domain. For example: DOMAIN/username.
5. Select which permission set to assign to the user. See 
Permission sets on page 64.
6. To add another user account, click  Save and Add Another Account, or click OK if you are finished
adding users.
Edit existing device user accounts 1.On the  Users/Groups  tab, in the Device User Accounts  area, select a user account, and click
Edit .
2. You can change the access code, the users name, e-mail address, the network name, and the
permission-set assignment for the user.
3. Click  OK to save the changes.
Delete existing device user accounts 1.On the  Users/Groups  tab, in the Device User Accounts  area, select a user account, and click
Delete .
2. A message appears that warns you that yo u are about to delete the user. Click OK to delete the
user, or click  Cancel to return to the previous sc reen without deleting the user.
ENWW Control access to the device 69
 
						

							
View a list of all device-user accounts1.On the  Users/Groups  tab, in the Device User Accounts  area, click List.
2. A new page opens that summarizes all the inform ation for the existing device-user accounts.
TIP:An easy way to provide each user with the necessary information for signing in, copy the
information from this page and paste it into an e-mail to each user.
3. Click  Back to return to the previous page.
Add new Novell NDS users an d assign permission sets
1.In the  Novell NDS Users and Groups  area, click New.
2. Next to  NDS Tree , type the name of the NDS tree.
3. Next to  NDS Context , type a name for the NDS context.
4. Next to  Username , type the user name.
5. Next to  Permission Set , select the permission set to assign to this user.
6. Click  OK to add the new user.
Edit permission-set assignm ents for Novell NDS users
1.In the  Novell NDS Users and Groups area , select a user, and click Edit. This opens the  Edit
Mapping  page.
2. Next to  NDS Tree , type the name of the NDS tree.
3. Next to  NDS Context , type the name for the NDS context.
4. Next to  Username , type the user name.
5. Next to  Permission Set , select the permission set to assign to this user.
6. Click  OK to save the changes.
Remove permission-set assign ments for Novell NDS users
1.In the  Novell NDS Users and Groups area , select a user, and click Delete.
A message appears to warn you that you are about to delete the user.
2. Click  OK to delete the user.
-or-
Click  Cancel  to return to the previous screen without deleting the user.
70 Chapter 5   Secure the device ENWW
 
						

							
Sign-in methods
On the Sign In Methods  tab, you can select the authentication  method that the device uses when users
sign in to the device at the control panel. Select one of the following for the  Default Sign In Method:
● LDAP
● Local Device
● Windows
● Novell NDS
If you have installed any third-party sign-in solutions, th ey also appear in this list. See the documentation
that came with the solution for informat ion about setting up the sign-in method.
NOTE:Each of these sign-in methods can be enabled for the device, but only one can be the default
sign-in method. If you enable more than one  method, users can access a non-default method by
touching  Advanced  after they touch the  Sign In button on the control panel.
If you select  Local Device , you need to set up individual user accounts. See Add new device user
accounts and assign permission sets on page 69.
If you select either the  Windows or LDAP  sign-in method, you can use user s or groups that are already
defined for the network. The following sections  describe how to set up these sign-in methods.
Windows sign-in setup
1.To enable the Windows sign-in method, select the  Enable Windows Negotiated Sign In check
box.
2. For each Windows domain that you want the device to recognize, below the box for  Trusted
Domains , click Add.
3. Type the domain to add, and click  OK.
4. By default, the device uses the Windows Active Directory account name to verify the user names.
If you want to change this sett ing, type the name of a different attribute in the box next to  Match
the name entered with this attribute .
5. The device uses the Windows mail attribute to retr ieve the users e-mail addresses. Change this
setting only if you need to.
6. The device uses the Windows homeDirectory attrib ute to retrieve the users home folder. If you
want to change this setting, type the name  of a different attribute in the box next to Retrieve the
device users home folder using this attribute .
7. Select which Windows domain to use as the default.
8. To verify that the sign-in meth od is working correctly, click Test Windows Sign In.
9. Select a domain, and then enter a username and password.
10. Click  OK to test the Windows sign in.
11. Click  Cancel  to return to the  Sign In Methods  tab.
12. At the bottom of the page, click  Apply to save the settings.
ENWW Control access to the device 71
 
						

							
LDAP sign-in setup
1.To enable the LDAP sign-in method, select the  Enable LDAP Sign In check box.
2. Next to  LDAP Server Address , type the network address of the LDAP server. The address can
be a fully-qualified DNS name or an IPv4  address in dotted-decimal notation.
3. Type the  Bind Prefix , the Bind and Search Root , and the Port in the appropriate boxes.
4. You can change the default attributes that the device  uses to verify the user if you need to. However,
HP recommends that you use  these default attributes.
5. To verify that the sign-in method is working correctly, click  Test LDAP Authentication.
6. Enter a username and password.
7. Click  OK to test the Windows sign in.
8. Click  Cancel  to return to the  Sign In Methods  tab.
9. At the bottom of the page, click  Apply to save the settings.
Novell NDS sign-in setup
1.To enable the Novell NDS sign-in method, select the  Enable Novell NDS Sign In check box.
2. For each tree domain that you wa nt the device to recognize, click Add below the box for  Trees.
3. Type the tree to add and click  OK.
4. Next to  Novell Server Address , type the network address of the Novell server. The address can
be a fully-qualified DNS name or an IPv4  address in dotted-decimal notation.
5. Type the  Context, the Bind Prefix , and the Bind and Search Root  in the appropriate boxes.
6. Select the Novell tree to use as the default.
7. Click  Test Novell NDS Sign In  to verify that the sign-in method is working correctly.
8. Select an NDS tree, and then enter an  NDS context, a username, and a password.
9. Click  OK to test the Novell sign in.
10. Click  Cancel  to return to the  Sign In Methods  tab.
11. At the bottom of the page, click  Apply to save the settings.
72 Chapter 5   Secure the device ENWW
 
						

							
Restrict color use
You can use the embedded Web server to enable, disable, or set limits on color printing and copying
for the device for all users, or you can enable, disable, or set limits on color use for members of certain
permission sets.
TIP: If you want to restrict color pr inting for most users, you can use the Installer Customization Wizard
for Windows to pre-configure the prin ter driver to restrict color. See 
Installer Customization Wizard for
Windows on page 28.
1. Open the embedded Web server. See Open the embedded Web server on page 40.
2. Select the  Settings tab.
3. Select  Restrict Color/Limits  from the menu on the left side of the screen.
4. On the  Restrict Color  tab for Color Access Control Level , select one of the following:
● On
: Color is available to all users.
● Off
: Color is not available to any users.
● Custom Access Control
: Color is available to some users, based on their permission sets.
See 
Permission sets on page 64 .
5. On the  Usage Limits  tab, select the check box at the top of the page to enable total page and color
page printing limits.
NOTE: A color page limit can not be set greater than the total page limit.
6.Select the frequency at which the Limit Exceeded Repo rt is printed. It can be printed the first time
the user exceeds the limit or every time the user  tries to print after the limit is exceeded. You can
also choose not to print a Limit Exceeded report. Click  Apply at the bottom of the page for the
changes to take effect.
7. You can configure usage tracking and temporary ov errides to automatically reset on the first day
of each week or month, and they can be manually reset. Select  Month or Week  from the drop
down menu next to  Reset usage tracking and temporary overrides on the first day of each: .
Click  Apply  at the bottom of the page to se t the automatic reset interval. Click  Reset Usage
Tracking  to manually reset the usage tracking an d remove the temporary overrides. Click  Apply
at the bottom of the page for  the changes to take effect.
8. If you want no page limit, in the  Usage Limits for Permission Sets  section, select a permission
set, click  Edit, and set the  Total Page Limit  and the Color Page Limit  to No Page Limit .
-or-
9. If you want page limits, select  Page Limit from the drop down menu, enter the  Total Page Limit
and the  Color Page Limit  for each user assigned to the  permission set, and then click OK.
NOTE: Page limits for the device administrator permission can not be changed. The device
administrator page limits are always set to  No Page Limit.
NOTE:A color page limit can not be set greater than the total page limit.
TIP:You also might wish to add, edit,  or delete temporary user overrides.
ENWW Restrict color use 73
 
						

							
A user is allowed to complete a print job as long as at least one page remains in the set limit, even if
the job exceeds the set limit. After the limit is exceeded, the user is not able to print a job until either the
usage reset interval has passed (and the usage is  automatically reset) or the device administrator
updates or overrides the set limits.
To update a limit , the device administrator can change the permission set limit for an individual user or
for groups of network users or create a temporary override to change the total page and color page
limits for an individual user.
NOTE: It is recommend that the device be configured such that a user must sign in to be able to operate
the device from the control panel when limits are enabled. This ensures that page limits are applied to,
and usage data is correctly recorded for, in dividual users or groups of network users.
From the Limits tab, you can view or export a report that  includes usage data associated with each
user. This report can be exported as a .cvs file. If us age data for an individual user appears on a previous
report but not on the current report, it is likely that  the user has not used the device during the past two
usage tracking intervals.
If color is restricted, the device checks the username th at is associated with each job. If restrictions are
in place for that user, the device automatically prints  according to the restrictions. For example, if a user
has exceeded the color page limit but not the total page limit, the device automatically prints in black for
that user.
Restrict color printing fo r specific software programs
In addition to restricting color based on permission sets, you can use the  Print Job Color Control area
to restrict color printing for spec ific software programs. You can apply a specific color quality setting for
each program.
TIP: If you want to restrict color for most programs, set  General Office color quality as the default, and
then specify certain programs that allow  Professional color quality.
The following color-quality  settings are available:
● Remove All Color
: All documents that are sent from this program are printed in black & white.
● Allow General Offi
ce Color Quality: Color documents that are sent  from this program are printed
with General Office color  quality. This setting uses colors that are slightly less saturated than the
Professional color-quality setting. This setting is more economical.
● Allow Professional Color Quality
: Color documents that are sent from this program are printed
with Professional color quality. This setting uses the most saturated colors for the best possible
appearance.
1. For software programs that are not specifically  restricted, select the color control from the Default
for print jobs generated from unspecified computer applications  drop-down list.
2. To add a software program to the list of applications, click  Add. A new page opens.
3. Type either the program name or the name of th e executable file that starts the program. For
example, type  Microsoft Word , or type WINWORD.EXE . The name of the program is case-
sensitive. Select th e color-control level.
TIP:To find the .exe filename and determine if it is upper or lower case, open the Windows Task
Manager, and then click the Processes tab to find the correct .exe file.
4. Click  OK to return to the main  Restrict Color tab.
74 Chapter 5   Secure the device ENWW
 
						

							
5.Repeat the process for each software program that you want to restrict.
6. Click  Apply  to save the settings.
ENWW Restrict color use 75
 
						

							
Manage certificates 
The product has a built-in self-signed certificate, which allows for encryption and a reasonable level of
trust for network communications with  entities such as the LDAP server (communication that can include
user names and passwords). However, some networks  require trusted certificates. In these cases, you
might be required to install a certificat e from the network certificate authority.
The certificate manager also allows you to  load certificate revocation lists (CRL).
Load a certificate
1.Open the embedded Web server. See Open the embedded Web server on page 40.
2. On the main EWS page, click  Settings, select Certificate Management , and then select the
Certificates  tab.
NOTE:If the Certificate Management page is un available, update the device firmware.
3.Click  Browse  to locate the ce rtificate to load.
NOTE:Find certificates at the location wher e a network administrator created them.
4.Click  Import  to load the certificate. The ce rtificate will appear in the certif icates list after it is loaded.
Load a certificate revocation list (CRL)
1.Open the embedded Web server. See Open the embedded Web server on page 40.
2. On the main EWS page, click  Settings, select Certificate Management , and then select the CRL
Management  tab.
NOTE:If the Certificate Management page is un available, update the device firmware.
3.Click  Browse  to locate the CRL to load.
4. Click  Import  to load the CRL. The CRL will appear in the Certificate Revocation List box after it is
loaded.
76 Chapter 5   Secure the device ENWW