Settings for Administrator

This section describes the settings in [Settings for Administrator] under [System Settings].

Introduction of Two Types of Setting Screens (Standard/Classic)

Security Pattern/Stamp

Items	Description
Detect Data Security for Copying	Specify whether to display in gray tone when scanning the original with the data security for copying in the Copy or Scanner function or storing it in the document server. Default: [Off]
Unauthorized Copy Prevention Printing: Copier Unauthorized Copy Prevention Printing: Document Server Unauthorized Copy Prevention Printing: Printer	Specify whether to use the Data Security for Copying or Unauthorized Copy Prevention for Pattern for each function when printing on the machine. [Data Security for Copying] is to cover images in the document with gray overprint when the printed document is scanned or stored in the document server using a Copier or MFP with the optional Data Security for Copying module installed. [Unauthorized Copy Prevention for Pattern] is to print a text pattern on the background of the document to prevent illegal copying. When you scan or store the printed document, the embedded text and pattern appear on the copied pages for preventing unauthorized copy. You can specify the text, font, color, size, angle, position, and pattern to embed. Default: [Off]
Compulsory Security Stamp: Copier Compulsory Security Stamp: Document Server Compulsory Security Stamp: Fax Compulsory Security Stamp: Printer	Specify whether to print the user and device information for each function when a file is output using the Copy, Document Server, Fax, or Printer function. Available stamps are Date/Time, Printout User Name, Machine ID, and Machine IP Address. You can adjust the stamp position. Default: [Off]

Items

Description

Detect Data Security for Copying

Specify whether to display in gray tone when scanning the original with the data security for copying in the Copy or Scanner function or storing it in the document server.

Default: [Off]

Unauthorized Copy Prevention Printing: Copier

Unauthorized Copy Prevention Printing: Document Server

Unauthorized Copy Prevention Printing: Printer

Specify whether to use the Data Security for Copying or Unauthorized Copy Prevention for Pattern for each function when printing on the machine.

[Data Security for Copying] is to cover images in the document with gray overprint when the printed document is scanned or stored in the document server using a Copier or MFP with the optional Data Security for Copying module installed.

[Unauthorized Copy Prevention for Pattern] is to print a text pattern on the background of the document to prevent illegal copying. When you scan or store the printed document, the embedded text and pattern appear on the copied pages for preventing unauthorized copy. You can specify the text, font, color, size, angle, position, and pattern to embed.

Default: [Off]

Compulsory Security Stamp: Copier

Compulsory Security Stamp: Document Server

Compulsory Security Stamp: Fax

Compulsory Security Stamp: Printer

Specify whether to print the user and device information for each function when a file is output using the Copy, Document Server, Fax, or Printer function. Available stamps are Date/Time, Printout User Name, Machine ID, and Machine IP Address. You can adjust the stamp position.

Default: [Off]

Data Management

Items	Description
Auto Erase Memory Setting	Specify whether to erase files printed on the printer driver or image of the scanned original for each job automatically. Default: [Off] Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine
Erase All Memory	Delete all data stored in the machine.
Delete All Logs	Delete all logs stored in the machine.
Transfer Log Setting	This is a user tool to disable the log transfer settings that can be enabled on the Collect Logs server. To disable the log transfer settings, specify [Do not Forward].
Collect Logs Settings	Specify whether to activate the collection of Job Log, Access Log, and Eco-friendly Logs Default: [Inactive]
Job Execution Restrictions When Log Limit is Reached	Specify whether to display a message on the control panel and send an e-mail to the administrator when the job log storage area is almost full. The machine will not accept any new jobs until the job log storage area has sufficient space. For details, see Operating the Machine Giving Priority to Job Log Maintenance. You can use this function in the machines installed with RICOH Always Current Technology v1.2 or later. Default: [Off]
Setting for Consent to Acquisition of Data	Specify whether to allow information about operations to be acquired to improve our products. This setting item may not be displayed in your region. If it is not displayed, the following operations cannot be performed. If you select [Allow], the screen asking for your consent to the acquisition and use of information about operations is displayed. If you agree with the information displayed on the screen, select [Agree]. Doing so, allows the acquisition of information about operations. If you select [Disagree], the setting does not change. Default: [Prohibit]
Device Setting Information: Import Setting (Server) Device Setting Information: Run Import (Server) Device Setting Information: Export (Memory Storage Device) Device Setting Info: Import (Memory Strg.)	You can export the machine's device information to an external device as a device setting information file, or import the exported device setting information file to the machine to restore the previous settings.
Restore Default Control Panel Settings	You can initialize the settings of the control panel, such as the settings, home screen settings, and browser settings on the control panel.

File Management

Items	Description
Machine Data Encryption Settings	Specify whether to encrypt the Address Book, Authentication Information, and Store Files stored in the machine. Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine
Auto Delete File in Document Server	Specify whether to delete the files stored the Document Server automatically. To delete the stored files automatically, specify a number of days and hours to delete after they are stored. Default: [Specify Days]: [3 day(s)] Changing the Storage Period of Document Server or Specifying an Indefinite Period
Delete All Files in Document Server	Delete all files stored in the Document Server. Files stored with passwords are also deleted.
Capture: Delete All Unsent Files	Although the ScanRouter delivery software is required to use this setting, the ScanRouter delivery software is no longer available and supported.
Document Server Function	Specify whether to use the Document Server function. When you specify [Off], you cannot store files sent from the printer driver. Default: [On]
Default Privilege for Stored File	Specify the default settings of the access privileges for the files stored in the document server Default: [Read-only] Configuring the Default Access Privilege for Documents Saved in Document Server
Capture Function	Although the ScanRouter delivery software is required to use this setting, the ScanRouter delivery software is no longer available and supported.
PDF File Type: PDF/A Fixed	Specify the PDF file format to PDF/A only that can be stored for a long time. Default: [Off]
Capture Server IPv4 Address	Although the ScanRouter delivery software is required to use this setting, the ScanRouter delivery software is no longer available and supported.

Security

Items	Description
Extended Security Settings	Specify to encrypt transmitted data of the machine and data in the Address Book. For details, see "Specifying the Extended Security Functions" on this section.
Network Security Level	Specify the level of the Network Security and adjust the security level. You can select [Level 0], [Level 1], [Level 2], or [FIPS140]. Access Control
Access Control Function	Specify whether to enable the function to permit the communication within the specified range of the IP addresses (Access Control). Default: [Inactive] Access Control
Register/Delete Device Certificate	Program or delete a device certificate. Encrypting Network Communication
Service Mode Lock	Specify whether to lock the machine changing to Service Mode when a customer engineer performs maintenance and repair. Default: [Do not Prohibit] Restricting Operations of the Customer Engineer without the Supervision of the Machine Administrator
HDD Authentication Code	For details about this function, see "Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine".
CCC: Save Standard Values CCC: Apply Standard Values	Store or reflect the Device Settings (reference value) for the International Evaluation Regulations for Information Security (CC Authentication) in the hard disk of the machine. When you change the settings for maintenance of the machine, backup and restore the settings before and after maintenance, and the device settings to satisfy the CC Authentication standards can be kept.
Credential Storage	Trusted Credentials Display the contents of certificates installed in the system and certificates installed from an SD card. Specify whether to use these certificates. Install from SD Card Install certificates from an SD card to the control panel. Clear Credentials You can delete all data stored in the control panel. The password is also reset.
Server Settings	Specify whether to enable the server function for operating the Web application. You can install a server certificate for SSL communication. Default: [Active]
Install Settings	Specify whether to allow installation of the application with the SHA-1 signature. Default: [ON]

Specifying the Extended Security Functions

This section describes settings displayed in [Extended Security Settings]. You can encrypt transmitted data and data in the Address Book. An administrator who can changes the settings depends on the user tool.

Items	Description
Driver Encryption Key (Permissions: Network Administrator)	Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON. Register the encryption key specified using the machine in the driver.
Driver Encryption Key: Encryption Strength (Permissions: Network Administrator)	Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it. All jobs that are verified by [Simple Encryption] or user authentication are accepted. [DES] Jobs encrypted with DES or AES are accepted. [AES] Jobs encrypted with AES are accepted. When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help. Default: [Simple Encryption]
Restrict Display of User Information (Permissions: Machine Administrator)	Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "*******". Default: [Off*]
Enhance File Protection (Permissions: File Administrator)	Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords. If the Enhance File Protection function is specified, the icon () appears at the bottom left of the screen. When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required. Default: [Off]
Restrict Use of Destinations (Fax) Restrict Use of Destinations (Scanner) (Permissions: User Administrator)	Specify whether to limit the available fax and scanner destinations to the destinations registered in the Address Book and searched with the LDAP Search function. When you specify the setting to receive e-mails via SMTP using the Fax function, you cannot use this function. Default: [Off]
Restrict Adding of User Destinations (Fax) Restrict Adding of User Destinations (Scanner) (Permissions: User Administrator)	These are the settings when you do not use "Restrict Use of Destinations". Specify whether to restrict adding of user destinations entered directly in the Address Book. You can send e-mail to the destination entered directly. Default: [Off]
Transfer to Fax Receiver (Permissions: Machine Administrator)	Specify whether to prohibit the use of forwarding or transferring function of the Fax function. Default: [Do not Prohibit] Transferring Received Fax Documents to Another Fax Destination
Authenticate Current Job (Permissions: Machine Administrator)	This is a user tool when Basic Authentication, Windows Authentication, or LDAP Authentication is used. Specify whether authentication is required for operations such as interrupting jobs under the Copy function or canceling jobs under Printer functions. When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job. When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job. Default: [Off]
@Remote Service (Permissions: Machine Administrator)	Specify how to use the @Remote Service. If it is specified to [Prohibit Some Services], it becomes impossible to change settings via a remote connection from the center, providing optimally secure operation. Default: [Do not Prohibit]
Update Firmware (Permissions: Machine Administrator)	Specify whether to prohibit firmware updates on the machine by a service representative or via the network. Default: [Do not Prohibit]
Change Firmware Structure (Permissions: Machine Administrator)	Specify whether to prevent changes in the machine's firmware structure without confirmation by a machine administrator. When you specify [Prohibit] and the machine detects the structure change, the machine starts after authenticated by a machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not. Default: [Do not Prohibit]
Password Policy (Permissions: User Administrator)	Specify whether to limit the text and the number of characters for the user password when using Basic Authentication. Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below. Upper-case letters, lower-case letters, decimal numbers, and symbols such as # You can specify passwords that meet the conditions specified in complexity and minimum character number. Default: [Off] (no minimum character number)
Settings by SNMPv1, v2 (Permissions: Network Administrator)	Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator. Default: [Do not Prohibit]
Security Setting for Access Violation (Permissions: Machine Administrator)	Specify whether to prevent the incorrect lockout caused by the network environment. When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts. When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds). Default: [Off]
Password Entry Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected. Default Max. Allowed No. of Access: [30] Measurement Time: [5 second(s)] If you receive violation detection e-mails frequently, check the content and review the setting values.
Device Access Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor. You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected. Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit). Default Max. Allowed No. of Access: [100] Measurement Time: [10 second(s)] Authentication Delay Time: [3 second(s)] Simultns. Access Host Limit: [200] If you receive violation detection e-mails frequently, check the content and review the setting values.

Items

Description

Driver Encryption Key

(Permissions: Network Administrator)

Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON.

Driver Encryption Key: Encryption Strength

(Permissions: Network Administrator)

Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it.

All jobs that are verified by [Simple Encryption] or user authentication are accepted.
[DES]
Jobs encrypted with DES or AES are accepted.
[AES]
Jobs encrypted with AES are accepted.

When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help.

Default: [Simple Encryption]

Restrict Display of User Information

(Permissions: Machine Administrator)

Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "********".

Default: [Off]

Enhance File Protection

(Permissions: File Administrator)

Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords.

If the Enhance File Protection function is specified, the icon ( Operation panel screen illustration ) appears at the bottom left of the screen.

When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required.

Default: [Off]

Restrict Use of Destinations (Fax)

Restrict Use of Destinations (Scanner)

(Permissions: User Administrator)

Specify whether to limit the available fax and scanner destinations to the destinations registered in the Address Book and searched with the LDAP Search function.

When you specify the setting to receive e-mails via SMTP using the Fax function, you cannot use this function.

Default: [Off]

Restrict Adding of User Destinations (Fax)

Restrict Adding of User Destinations (Scanner)

(Permissions: User Administrator)

These are the settings when you do not use "Restrict Use of Destinations". Specify whether to restrict adding of user destinations entered directly in the Address Book. You can send e-mail to the destination entered directly.

Default: [Off]

Transfer to Fax Receiver

(Permissions: Machine Administrator)

Specify whether to prohibit the use of forwarding or transferring function of the Fax function.

Default: [Do not Prohibit]

Transferring Received Fax Documents to Another Fax Destination

Authenticate Current Job

(Permissions: Machine Administrator)

This is a user tool when Basic Authentication, Windows Authentication, or LDAP Authentication is used. Specify whether authentication is required for operations such as interrupting jobs under the Copy function or canceling jobs under Printer functions.

When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job.

When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job.

Default: [Off]

@Remote Service

(Permissions: Machine Administrator)

Specify how to use the @Remote Service.

If it is specified to [Prohibit Some Services], it becomes impossible to change settings via a remote connection from the center, providing optimally secure operation.

Default: [Do not Prohibit]

Update Firmware

(Permissions: Machine Administrator)

Specify whether to prohibit firmware updates on the machine by a service representative or via the network.

Default: [Do not Prohibit]

Change Firmware Structure

(Permissions: Machine Administrator)

Specify whether to prevent changes in the machine's firmware structure without confirmation by a machine administrator.

When you specify [Prohibit] and the machine detects the structure change, the machine starts after authenticated by a machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not.

Default: [Do not Prohibit]

Password Policy

(Permissions: User Administrator)

Specify whether to limit the text and the number of characters for the user password when using Basic Authentication.

Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below.

Upper-case letters, lower-case letters, decimal numbers, and symbols such as #

You can specify passwords that meet the conditions specified in complexity and minimum character number.

Default: [Off] (no minimum character number)

Settings by SNMPv1, v2

(Permissions: Network Administrator)

Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator.

Default: [Do not Prohibit]

Security Setting for Access Violation

(Permissions: Machine Administrator)

Specify whether to prevent the incorrect lockout caused by the network environment.

When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts.

When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds).

Default: [Off]

Password Entry Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail.

You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected.

Default
- Max. Allowed No. of Access: [30]
- Measurement Time: [5 second(s)]

If you receive violation detection e-mails frequently, check the content and review the setting values.

Device Access Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor.

You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected.

Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit).

Default
- Max. Allowed No. of Access: [100]
- Measurement Time: [10 second(s)]
- Authentication Delay Time: [3 second(s)]
- Simultns. Access Host Limit: [200]

If you receive violation detection e-mails frequently, check the content and review the setting values.

Remote Panel Operation

Items	Description
Remote Operation/Monitoring	Specify the password required for receiving remote support on the machine, the time-out duration, and other settings.

Function Restriction

Items	Description
Menu Protect	Limits changes to the default settings by the users to prevent unintended printing.
Restrict Functions of Each Application	Specify the restriction of Copy, Document Server, Scanner, and Printer functions. You can restrict the following items: Specifying the print color to Two-color, Single Color, or Black & White Specifying the scan to Limit to Auto Color Selection Specifying the destination of the Scanner function to e-mail or folder You can specify not to use an application.

Items

Description

Menu Protect

Limits changes to the default settings by the users to prevent unintended printing.

Restrict Functions of Each Application

Specify the restriction of Copy, Document Server, Scanner, and Printer functions. You can restrict the following items:

Specifying the print color to Two-color, Single Color, or Black & White
Specifying the scan to Limit to Auto Color Selection
Specifying the destination of the Scanner function to e-mail or folder

You can specify not to use an application.

Authentication/Charge

Administrator Authentication/User Authentication/App Auth.

Items	Description
Administrator Authentication Management Register/Change Administrator	Specify whether an Administrator manages the settings of the machine. Register the user name and password of the Administrator to prevent the settings changed by the user other than the Administrator. You can manage four categories; user administration, machine administration, network administration, and file administration. Registering Administrators Before Using the Machine
User Authentication Management	Specify the authentication method to authenticate the user. When you specify the authentication, you can limit the functions to use or the access to the Address Book or stored files. You can select [User Code Auth.], [Basic Auth.], [Windows Auth.], or [LDAP Auth.]. Default: [Off] Verifying Users to Operate the Machine (User Authentication)
Setting for Entering Authentication Password	Specify whether to allow double-byte characters to be used for passwords. Default: [Only 1 Byte Characters]
Application Authentication Management	This is a user tool when the authentication is set to On under [User Authentication Management]. Specify the authentication for each application. Default: [On]
Application Authentication Settings	Specify the available application for each user. You can specify to inhibit the use of all applications related to Copy or to use only a part of application related to Copy.
User's Own Customization	Specify whether to store the layout of Home screen or Application screen and the displayed language for each login user. Default: [Prohibit]
Register/Change/Delete Realm	Program the realm to be used for Kerberos authentication. Be sure to specify both the "Realm Name" and "KDC Server Name" when programming a realm.
Register/Change/Delete LDAP Server	You can register up to five settings for the LDAP Server.
LDAP Search	Specify whether to use the LDAP server for searching destinations or users. Also, you can specify whether the LDAP search follows the referrals from the server. You can use this function in the machines installed with RICOH Always Current Technology v1.2 or later. Default LDAP Search: [Off] Follow Referrals on LDAP Server: [Inactive]

Print Volume Use Limitation

Items	Description
Machine Action When Limit is Reached	Specify whether to continue printing when Print Volume Use reaches the limit. Default: [Allow Continue Use]
Volume Use Counter: Scheduled/Specified Reset Settings	Specify whether to reset the Volume Use Counter periodically. Default: [Do not Specify]
Print Volume Use Limitation: Default Limit Value	Specify the limit value of the Print Volume Use.
Print Volume Use Limitation: Unit Count Setting	Specify the function and count to limit the print volume use.
Enhanced Print Volume Use Limitation	This is a user tool to limit the maximum print volume use using the SDK application. You can specify the following two items: Whether to notify the tracking information from the machine to the SDK application Whether to stop printing using the SDK application Default: [Off]

External Charge Unit Management

Items	Description
Key Counter Management	Specify whether to limit the user with the key counter for each function. Default: [Off]
External Charge Unit Management	Specify whether to limit the user for each function with the key card. Default: [Off]
Enhanced External Charge Unit Management	Specify the external charge unit used with the SDK application.

Switch Screen Type

Items	Description
Switch Screen Type	Select [Classic] or [Standard] for the screen layout of the "Settings" screen. "Standard" has a simple screen structure that is easy to find the functions and settings you want to use. Some of the setting items may vary depending on the screen type that is currently selected. Default: [Standard]