Settings for Administrator

This section describes the settings in [Settings for Administrator] under [System Settings].

Data Management

Setting Items	Description
Auto Erase Memory Setting	Specify whether to automatically erase files for each job after it has been printed from the printer driver. Default: [Off] Specifying Auto Erase Memory
Erase All Memory	Delete all data stored in the machine. Initializing the Machine with the Erase All Memory Function
Delete All Logs	Delete all logs stored in the machine. Deleting All Logs
Transfer Log Setting	This is a setting item to disable the log transfer settings that can be enabled on the Collect Logs server. To disable the log transfer settings, specify [Do not Forward]. Disabling Log Transfer to the Log Collection Server
Collect Logs Settings	Specify whether to activate the collection of Job Log, Access Log, and Eco-friendly Logs. Default Job Log: [Inactive] Access Log: [Inactive] Eco-friendly Logs: [Inactive] Specifying Logs to Collect
Device Setting Information: Export (Memory Storage Device) Device Setting Information: Import (Memory Storage Device) Device Setting Information: Import Setting (Server) Device Setting Information: Run Import (Server)	You can export the machine's device information to an external device as a device setting information file, or import the exported device setting information file to the machine to restore the previous settings.
Restore Default Control Panel Settings	You can initialize the settings of the control panel, such as the settings, Home screen settings, and browser settings on the control panel.

File Management

Setting Items	Description
Machine Data Encryption Settings	Specify whether to encrypt the Address Book, authentication information, and Stored Files stored in the machine. Encrypting Data on the Hard Disk

Setting Items

Description

Machine Data Encryption Settings

Specify whether to encrypt the Address Book, authentication information, and Stored Files stored in the machine.

Encrypting Data on the Hard Disk

Security

Setting Items	Description
Extended Security Settings	Specify to encrypt transmitted data of the machine and data in the Address Book. For details, see "Specifying the Extended Security Functions" in this section.
Network Security Level	Specify the level of the Network Security and adjust the security level. Specifying the Security Level Using the Control Panel
Access Control Function	Specify whether to enable the function to allow only the communication within the specified range of the IP addresses (access control). Default: [Inactive] Limiting the IP Addresses from which Devices Can Access the Machine
Register/Delete Device Certificate	Register or delete a device certificate. Installing a Self-signed Certificate/Certificate Issued by a Certificate Authority
Service Mode Lock	Specify whether to lock the machine changing to Service Mode when a customer engineer performs maintenance and repair. Default: [Off] Restricting Operations of the Customer Engineer without the Supervision of the Machine Administrator
Credential Storage	System (certificate system installed) Displays the contents of certificates installed in the system. Specify whether to use these certificates. User (certificate installed from SD card) Install certificates from an SD card. You can install up to 10 certificates. Delete All Certificates Deletes all contents of the installed certificates.
Server Settings	Specify whether to enable the server function for operating the Web application. You can install a server certificate for SSL communication. Default Server Function: [Active] Setting Server Certificate: [The setting has not been made]
Install Settings	Specify whether to allow installation of the application with the SHA-1 signature. Default: [ON]

Specifying the Extended Security Functions

This section describes settings displayed in [Extended Security Settings]. You can encrypt transmitted data and data in the Address Book. An administrator who can changes the settings depends on the setting item.

Setting Items	Description
Driver Encryption Key (Permissions: Network Administrator)	Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON. Register the encryption key specified using the machine in the driver.
Driver Encryption Key: Encryption Strength (Permissions: Network Administrator)	Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it. Simple Encryption All jobs that are verified by user authentication are accepted. DES Jobs encrypted with DES or AES are accepted. AES Jobs encrypted with AES are accepted. When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help. Default: [Simple Encryption]
Restrict Display of User Information (Permissions: Machine Administrator)	Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "*******". Default: [Off*]
Enhance File Protection (Permissions: File Administrator)	Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords. If the Enhance File Protection function is specified, the icon () appears at the bottom left of the screen. When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required. Default: [Off]
Authenticate Current Job (Permissions: Machine Administrator)	This is a setting item to specify when Basic authentication, Windows authentication, or LDAP authentication is activated. Specify whether authentication is required for operations such as canceling jobs under the Printer function. When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job. When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job. Default: [Off]
@Remote Service (Permissions: Machine Administrator)	Specify how to use the @Remote Service. Default: [Do not Prohibit]
Update Firmware (Permissions: Machine Administrator)	Specify whether to prohibit firmware updates on the machine by a service representative or via the network. Default: [Do not Prohibit]
Change Firmware Structure (Permissions: Machine Administrator)	Specify whether to prevent changes in the machine's firmware structure without confirmation by a machine administrator. When you specify [Prohibit] and the machine detects the structure change, the machine starts after authenticated by a machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not. Default: [Do not Prohibit]
Password Policy (Permissions: User Administrator)	Specify whether to limit the text and the number of characters for the user password when using Basic Authentication. Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below. Upper-case letters, lower-case letters, decimal numbers, and symbols such as # You can specify passwords that meet the conditions specified in complexity and minimum character number. Default Complexity Setting: [Off] Minimum Number of Characters: [0] characters
Settings by SNMPv1, v2 (Permissions: Network Administrator)	Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator. Default: [Do not Prohibit]
Password Entry Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected. If you receive violation detection e-mails frequently, check the content and review the setting values. Default Maximum Allowed Number of Access: [30] time(s) Measurement Time: [5] second(s)
Device Access Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor. You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected. Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit). If you receive violation detection e-mails frequently, check the content and review the setting values. Default Maximum Allowed Number of Access: [100] time(s) Measurement Time: [10] second(s) Authentication Delay Time: [3] second(s) Simultaneous Access Host Limit: [200]
Security Setting for Access Violation (Permissions: Machine Administrator)	Specify whether to prevent the incorrect lockout caused by the network environment. When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts. When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds). Default: [Off]

Setting Items

Description

Driver Encryption Key

(Permissions: Network Administrator)

Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON.

Driver Encryption Key: Encryption Strength

(Permissions: Network Administrator)

Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it.

Simple Encryption
All jobs that are verified by user authentication are accepted.
DES
Jobs encrypted with DES or AES are accepted.
AES
Jobs encrypted with AES are accepted.

When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help.

Default: [Simple Encryption]

Restrict Display of User Information

(Permissions: Machine Administrator)

Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "********".

Default: [Off]

Enhance File Protection

(Permissions: File Administrator)

Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords.

If the Enhance File Protection function is specified, the icon ( Operation panel screen illustration ) appears at the bottom left of the screen.

When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required.

Default: [Off]

Authenticate Current Job

(Permissions: Machine Administrator)

This is a setting item to specify when Basic authentication, Windows authentication, or LDAP authentication is activated. Specify whether authentication is required for operations such as canceling jobs under the Printer function.

When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job.

When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job.

Default: [Off]

@Remote Service

(Permissions: Machine Administrator)

Specify how to use the @Remote Service.

Default: [Do not Prohibit]

Update Firmware

(Permissions: Machine Administrator)

Specify whether to prohibit firmware updates on the machine by a service representative or via the network.

Default: [Do not Prohibit]

Change Firmware Structure

(Permissions: Machine Administrator)

Specify whether to prevent changes in the machine's firmware structure without confirmation by a machine administrator.

When you specify [Prohibit] and the machine detects the structure change, the machine starts after authenticated by a machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not.

Default: [Do not Prohibit]

Password Policy

(Permissions: User Administrator)

Specify whether to limit the text and the number of characters for the user password when using Basic Authentication.

Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below.

Upper-case letters, lower-case letters, decimal numbers, and symbols such as #

You can specify passwords that meet the conditions specified in complexity and minimum character number.

Default
- Complexity Setting: [Off]
- Minimum Number of Characters: [0] characters

Settings by SNMPv1, v2

(Permissions: Network Administrator)

Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator.

Default: [Do not Prohibit]

Password Entry Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail.

You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected.

If you receive violation detection e-mails frequently, check the content and review the setting values.

Default
- Maximum Allowed Number of Access: [30] time(s)
- Measurement Time: [5] second(s)

Device Access Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor.

You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected.

Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit).

If you receive violation detection e-mails frequently, check the content and review the setting values.

Default
- Maximum Allowed Number of Access: [100] time(s)
- Measurement Time: [10] second(s)
- Authentication Delay Time: [3] second(s)
- Simultaneous Access Host Limit: [200]

Security Setting for Access Violation

(Permissions: Machine Administrator)

Specify whether to prevent the incorrect lockout caused by the network environment.

When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts.

When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds).

Default: [Off]

Remote Panel Operation

Setting Items	Description
Remote Operation/Monitoring	Specify the password required for receiving remote support on the machine, the time-out duration, and other settings.

Function Restriction

Setting Items	Description
Menu Protect	Specify the level of access privilege to allow changing the settings for the Printer function, which can be changed by non-administrative users. Specifying Menu Protect

Setting Items

Description

Menu Protect

Specify the level of access privilege to allow changing the settings for the Printer function, which can be changed by non-administrative users.

Specifying Menu Protect

Authentication/Charge

Administrator Authentication/User Authentication/App Auth.

Setting Items	Description
Administrator Authentication Management Register/Change Administrator	Specify whether an Administrator manages the settings of the machine. Register the user name and password of the administrator to prevent the settings changed by the user other than the administrator. You can manage four categories; user management, machine management, network management, and file management. Activating Administrator Authentication Adding Administrators or Changing the Privileges
User Authentication Management	Specify the authentication method to authenticate the user. When you specify the authentication, you can limit the functions that can be used. Default: [Off] Verifying Users to Operate the Machine (User Authentication)
Setting for Entering Authentication Password	Specify whether to allow double-byte characters to be used for passwords. Default: [Only 1 Byte Characters]
Application Authentication Management	This is a setting item to specify when the authentication is activated by [User Authentication Management]. Specify functions to allow users to use without logging in to the machine. Specifying Application Authentication Management
Application Authentication Settings	Specify privileges to use applications for all users or for each user. For example, you can specify to inhibit the use of all applications related to the Printer function or to use only a part of application related to the Printer function. Specifying Application Authentication Settings
User's Own Customization	Specify whether to store the layout of Home screen or Application screen and the displayed language for each login user. Default: [Prohibit]
Register/Change/Delete Realm	Register the realm to be used for Kerberos authentication. Be sure to specify both Realm Name and KDC Server Name when registering a realm. Registering the Realm
Register/Change/Delete LDAP Server	You can register up to five settings for the LDAP Server. Registering the LDAP Server

Print Volume Use Limitation

Setting Items	Description
Enhanced Print Volume Use Limitation	This is the setting item to limit the maximum print volume use using the SDK application. You can specify the following item: Tracking Permission: Whether to notify the tracking information from the machine to the SDK application Default: [Off]

External Charge Unit Management

Setting Items	Description
External Charge Unit Management	Specify whether to limit the user for each function with the key card.
Enhanced External Charge Unit Management	Specify the external charge unit used with the SDK application.

Auto Firmware Update

Setting Items	Description
Auto Firmware Update Settings	Specify whether to update the firmware automatically. Default: [Active] When [Auto Firmware Update Settings] is set to [Active], you can set the timers to prohibit updates as well.
Last Update Information	Information about the previous auto firmware update is displayed.

Setting Items

Description

Auto Firmware Update Settings

Specify whether to update the firmware automatically.

Default: [Active]

When [Auto Firmware Update Settings] is set to [Active], you can set the timers to prohibit updates as well.

Last Update Information

Information about the previous auto firmware update is displayed.