In certain situations (such as an authentication server crash), an administrator may need to alter or remove a device’s security configuration so that the device can be serviced. A backup password allows an administrator to access the Security Menu for a supported device, regardless of the building block used to secure it. If, for example, the security menu for a device requires LDAP authentication to grant access, a backup password will override the requirement for LDAP authentication.
From the MarkVision Professional Home screen, select Security - Backup Password from the All Tasks list.
Select a device using the Quick Find or Folders tabs.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Select Use Backup Password.
Enter a password in the text box, and then re-enter the password in the box below it.
| Note: The indicator light changes to green when the two passwords are identical. When the passwords do not match, the indicator light remains red. |
Click Apply.
Notes:
Many organizations establish login restrictions for information assets such as workstations and servers. MVP administrators should verify that printer login restrictions also comply with organizational security policies.
From the MarkVision Professional Home screen, select Security - Miscellaneous Security from the All Tasks list.
Select a device using the Quick Find or Folders tabs.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Enter the appropriate login restrictions:
Security Reset Jumper—The Security Reset Jumper is a hardware jumper located on the motherboard of certain devices. Administrators can use MVP to specify the effect of using this jumper.
No Effect—Removes access to all security menus—use with caution
| Warning—Potential Damage: If “No Effect” is chosen and the password (or other applicable credential) is lost, you will not be able to access the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). |
Access controls = “No security”—Removes security only from function access controls
Reset factory security defaults—Returns all security settings to default values
LDAP Certificate Verification—Specify whether the device will request LDAP certificates.
Allow—The device will request a certificate. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the will proceed normally.
Demand—The device will request a certificate. If no certificate or a bad certificate is provided, the session is terminated immediately.
Never—The device will not request a certificate.
Try—The device will request a certificate. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is terminated immediately.
Minimum Pin Length—Specify the length of login PINs (Range: 4-16 numbers).
Panel Login Timeout—Specify how long a user may be logged in before being automatically logged off.
Remote Login Timeout—Specify how long a user may be logged in remotely before being automatically logged off.
Login failures—Specify the number of times a user can attempt login before being locked out.
Failure time frame—Specify the amount of time before lockout takes place.
Lockout time—Specify the duration of lockout.
Click Apply to save changes, or Reset to restore default values.
Each Access Control (or Function Access Control), can be set to require No Security (the default), or to use any of the selections available in the drop-down list for that function. For simple authorization-level security (in which individual users are not authenticated), administrators can control access to specific device functions using a password or PIN. Only one method of security can be assigned to each Access Control.
All users who enter the correct password or PIN receive the same privileges. For that reason, passwords and PINs are considered less secure than other forms of authentication.
| Note: To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. |
From the MarkVision Professional Home screen, select Security - Access Controls from the All Tasks list.
Select a device using the Quick Find or Folders tabs.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Select an available password or PIN from the drop-down lists.
| Note: For more information about creating passwords, see Creating or editing a device password (advanced). For more information about creating PINs, see Creating a PIN. |
Click Apply.
From that point on, users will have to enter the appropriate password or PIN to access the protected functions on the selected device(s).
MarkVision Professional allows administrators to use security templates to control access to various functions on devices that support advanced security. Configuring access controls using security templates is a three-step process:
MVP supports seven building blocks: Password, PIN, Internal Accounts, Kerberos, NTLM, LDAP, and LDAP + GSSAPI. Building blocks are the fundamental elements used to create security templates. The steps below describe how to create an internal account building block, but any of the other six building blocks could just as easily be used.
From the MarkVision Professional Home screen, select Security - Internal Accounts from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Click Add.
Enter the appropriate information to create the account. If no groups are listed, you will need to create at least one group to associate with the new internal account. See Creating user accounts and groups for more information on creating a new group.
Click OK.
Once configured, one or two building blocks can be combined with a unique name of up to 128 characters to create a security template. Each device can support up to 140 security templates. Though the names of security templates must be different from one another, building blocks and security templates can share a namė.
From the MarkVision Professional Home screen, select Security - Security Templates from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Click Add.
Type a name for the security template, and then choose the appropriate building block from the Authentication Setup and Authorization Setup lists.
Select groups as necessary from the Groups list.
Click OK.
The final step in is to apply the security template, which will secure access to various functions on a device.
From the MarkVision Professional Home screen, select Security - Access Controls from the All Tasks list.
Select devices using the Quick Find or Folders tabs.
Use Ctrl + click and Shift + click to select multiple devices.
| Note: When a device managed by MVP is not supported by a specific task, its name will appear with a black line through it in the Quick Find or Folders tabs. Password-protected network devices are displayed in red. Enter the device password to gain access to the device. |
Select the newly created security template from any of the available function access drop-down lists, and then click Apply.
Users will now be required to enter the appropriate credentials in order to gain access to a function controlled by the security template.
| Note: The function access drop-down lists become text fields when you apply a security template to multiple devices at the same time. In that case, you must type the name of the security template into each of the relevant function access text fields. |