Thank you for your feedback



How to Administer Security Settings to a Fleet of Devices Using MVP 11.2

Document ID:HO3491
 
  Properties  

Problem

Cannot apply security settingss; Configuration rules are not found in user's guide

Environment

How to configure building blocks; How to perform 3-step process; How to configure security templates; How to configure access control; How to configure security settings; How to configure authentication settings; How to administer group security policies; MVP fleet security settings; MarkVision Professional 11.2

Solution

Purpose

This article presents: 

  • -Prerequisites for implementing mass fleet security settings.  

  • -The order of required and administered policies, to include:      
     


    • - Building Blocks

    • - Security Templates

    • - Access Control
       

  • -Example procedure   

  • -Additional information    

  • -The removal of the security templates  

Before you begin

The following prerequisites and concepts help ensure successful security configuration: 

  • mDNS needs to enabled on the MFP or printer for security configurations to work properly. Click here for screen shot.
     
    NOTE: You will have to reset access controls to "no security", restart the device, delete, and rediscover the device in MVP, if either of the following occurs:



    •  - If the MFP or printer's mDNS protocol is turned off and back on again, or

    •  - There is a discrepancy from expected results.

Other concepts
  • - Dependent security settings and configurations must be the same among the ALL devices.
  • - Security settings must match from device to device.

Configuration order is critical to success

You must follow the configuration order: Building blocks > Template > Access Control. 

 Why?
  • - Security configuration (Building Blocks for authentication) on a device is a prerequisite to the creation and application of the security template.
  • - You will create one policy for any print server/device and create/configure its security configuration 
  • - A security template is a prerequisite to the creation and implementation of an access control policy.
  • - This policy security template will be available to all devices via access control
  • - Security-related building blocks cannot be deleted if they are part of a security template.

 

Procedure: Security configuration example 

This example should be referenced in concert with concepts covered in the MVP 11.2 User's Guide.
To emphasize the correct order, the policy names that are given in the example will be as follows: 

  • - Step#1building blocks 

  • - Step#2Template

  • - Step#3Access Control  

NOTE: These names directly coincide with the order that should be followed. However, these naming conventions do not need to be followed in practice.
 

Stage 1: Security Building Block(s) creation

In this stage you will perform the following:
  • - Create the building block profiles. This example will produce an NTLM and Kerberos building block.
       NOTE: NTLM is not described in Step/Action table below. 
  • - Name the individual building blocks by function or other unique identifier.   
  • Edit or Add the building block security settings depending on whether you are performing this function for first time, or whether you are changing existing security parameters.  
  • - This will become your security configuration. 

  
Step Action
 1Under Configure/Setup Devices, click on Device Policies - Create/Manage.
 2
There are two option to create the necessary Print Server* building block device policy:

  • - Click on New if creating a new building block, or

  • - Click on an already-created building block if you are editing parameters to create a new security building block.

Security configuration = building blocks = security device policy.
* - "print server " device policies need to be created for security authentication or authorization requirements. 
 3Provide a Name to the building block policy as required for this procedure; e.g., Step#1 building blocks.
 4In the right-hand window pane, scroll down the list of Print Server policies, and click the plus sign (+) next to Security
 5Next, click the (+) located next to Advanced Security, which is required for creation of Building Blocks that involve Kerberos.
 6Next, click the (+) located next to Building Blocks.
 7
Select and configure (edit) the desired or necessary level of device authentication or authorization. 
These types include any of the following, and more than one may be required for different device functions:

  • -Password

  • -PIN

  • -Internal Account

  • -Kerberos (5)

  • -NTLM

  • -LDAP

  • -LDAP + GSSAPI
 8
LDAP + GSSAPI is configured in this example so, click the (+) next to Simple Kerberos Setup, and place a checkmark next to LDAP + GSSAPI
 9Click EDIT or ADD to create a new building block, or update an existing policy to act as a building block.   Fill in the required fields. See User's Guide  for a detailed explanation of these settings.  
 10Click Ok after completion.
 11Click Apply.

Observe the following messaging in the lower MVP pane:

  • -Date/Time: Applying Policy Changes: Step#1 building blocks (building block name provided)

  • -Date/Time: Finished Applying Policy Changes: Step#1 building blocks
 12Repeat this process for other required building blocks that will be needed in order to access certain functions on the MFP.
 13
Building blocks configured in the above steps can now be used to configure the "Security Template".

Click here for illustration of this procedure.  

Stage 2: Security Template Creation

You will create one policy for a Security Template.
Step Action
 1
The two options create the necessary Print Serversecurity template device policy:

  • -Click on New if creating a new security template, or

  • -Click on an already-created security template policy in order to edit parameters.

* Again, this should be a "print server " device policy to properly administer authentication or authorization requirements.
 2Provide a Name to the security template policy as required for this procedure; e.g., Step#2Template.
 3Again, in the right-hand window pane, scroll down the list of Print Server policies, and click the plus sign (+) located next to Security
 4Next, click the (+) located next to Advanced Security.
 5Place a checkmark next to Security Template.
 6Click Edit.
 7Click Add to add new building block(s), or click on an existing template in order to highlight it, and then click on Edit to change parameters of an existing template.
 8
The template must include the template name as well as ALL the included building blocks that were created in Stage 1 above.
For this example, the configuration went as follows:
Security template fieldsKerberosNTLMSecurity Template
NamekerberosNTLMtesttemplate
Authentication Setupkerberos_building_blockNTLM_building_blockDEMO
Authorization Setupnot applicablenot applicablenot applicable
Groupsnot applicablenot applicablenot applicable

Click OK after filling out these Name -  Authentication/authorization Setup - Groups fields.  
 9Click Apply
 10
Observe the following messaging in the lower MVP pane:

  • -Date/Time: Applying Policy Changes: Step#2Templates

  • -Date/Time: Finished Applying Policy Changes: Step#2 Templates

Click here for illustration.

Stage 3: Access Control

You now have the required Security Template. This security template will be required to configure the Access Control policy. 
Before you begin this step, please be aware of specific implementation rules regarding the "Access Control's" Security Menu at the Device and Security Menu Remotely features, and dependency on Advanced Credentials. Click here for more information.     
Step Action
 1
To create the necessary Access Control policy:

  • -Click on New if creating a new security template, or

  • -Click on an already-created access control to edit function access parameters.  

* Again, this should be a "print server " device policy in order to properly administer authentication or authorization requirements.
 2Provide a Name to the access control policy as required for this procedure; e.g., Step#3Accesscontrol.
 3Again, in the right-hand window pane, scroll down the list of Print Server policies, and click the plus sign (+) located next to Security.
 4Next, click the (+) located next to Advanced Security.
 5Next, click the (+) located next to Access Control. 
 6Place a checkmark next to the function that requires security.
 7
In this example, the following was selected:
FunctionSecurity
Copytesttemplate
E-mailNTLM
Create Profile (e.g., the ability to create scan profiles or shortcuts)kerberos
 
 8Click Apply.
 9Click Yes to the confirmation.
 10
Observe the following messaging in the lower MVP pane:

  • -Date/Time:  Applying Policy Changes: Step#3Accesscontrol. 

Click here for illustration.

Apply the Policies

Now apply the policies one after another in the same sequence used to create Building Blocks, Security Templates and Access Control.
Step Action
 1 From All Tasks, select Home, and then select Device Policies - Apply.
 2Select Step#1 building blocks, and make sure the printer(s) are selected in the far left-hand folder/printers contents pane. 
 3Click on Apply Policy.
 4Click Yes to the confirmation. 
 5Repeat this procedure for Step#2templates and access control
 6
Observe the following messaging in the lower MVP pane:

  • -Started Applying Policy: Step#1 building blocks (building block name provided)

  • -Applied Policy Step#1 building blocks - IP address(es)

  • -Finished Applying Policy: Step#1 building blocks

This messaging will repeat for each of the applied policies.

Click here for illustration.

Additional Information

Verification of success
StepAction
  1Click on Settings > Security > Advanced Security > Building Blocks > LDAP + GSSAPI.
  2Verify the Name of the Building Block; e.g., DEMO.
  3Click on Settings > Security > Advanced Security > Security Templates.
  4Verify that all of the Security Template Names are present.
  5Click on Settings > Security > Advanced Security > Access Control.
  6Verify that all of the functions have the proper Security Template names assigned to them.

Click here for illustration.

Order Summary: Creation(Edit) to Activation(Apply) to Deactivation(Deletion)

Create or Edit new policies:

Step Action
  1Create/Edit Building Block (security configuration)
  2Create/Edit Security Template
  3Create/Edit Access Control

Apply policies in order of creation: 

Step Action
  4Apply Building Block (security configuration) policy
  5Apply Security Template Policy
  6Apply Access Control Policies

Deletion of security configuration:
To remove a security configuration, you must follow the exact reverse order from which they were configured and implemented. 
To do this:
  • -Undo/Reset Access Control* settings, or
  • -Delete Access Control settings.
  • -Delete Security Templates.
  • -Delete Building Blocks.

*IMPORTANT! If you do not set Access Control back to No Security for each function, individual deletion of security templates and building blocks will not be allowed.  
Click here for illustration.  

Contacting Lexmark

If you need additional assistance, please contact Lexmark Technical Support. NOTE: When calling for support, you will be asked for your machine/model type and serial number (SN).
Please call from near the computer and printer in case the technician on the phone asks you to perform a task involving one or all of these devices.


Link:
Please enter the email address you would like to send a copy of this page to.