Xerox D95/D110/D125 Copier/Printer
Contents
1. 56 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Error Code Cause and Remedy 018 502 018 505 018 543 018 547 018 596 018 781 018 782 018 783 018 784 018 785 018 786 018 787 018 788 018 789 018 790 018 791 018 792 018 793 018 794 018 795 018 796 018 797 Cause The machine failed to transfer data using SMB of the Scan to PC service because computers allowed to login are restricted Remedy Confirm the property information for the specified user and check whether the computers allowed to login to the server are restricted Cause Failed to log into the destination computer while transferring data using SMB of the Scan to PC service Remedy Check whether the user name and password of the SMTP server registered in the machine is correct Cause The machine failed to transfer data using SMB of the Scan to PC service because one of the following problems occurred on the shared name of the SMB server when logging in to the SMB server The specified shared name does not exist on the server Invalid characters are used in the specified shared name When the server is Macintosh the specified shared name may not have an access right Remedy Confirm the specified shared name and set the name correctly Cause The machine failed to transfer data using SMB of the Scan to PC service because the number of users logging into the SMB server exceeded the limit wh2. 016 769 016 773 016 774 016 781 016 788 016 791 018 400 018 405 Cause Unable to connect to the SMTP server Remedy Consult the SMTP server administrator Cause Unable to send the e mail because the hard disk on the SMTP server is full Remedy Consult the SMTP server administrator Cause An error occurred on the SMTP server Remedy Consult the SMTP server administrator Cause Unable to send the e mail because the address is not correct Remedy Confirm the address and try sending again Cause Unable to connect to the SMTP server because the machine s mail address is incorrect Remedy Confirm the machine s mail address Cause The SMTP server does not support delivery receipts DSN Remedy Send e mail without setting delivery receipts DSN Cause The IP address of the machine is not set correctly Remedy Check the DHCP settings Or set the fixed IP address to the machine Cause Unable to process compression conversion because of insufficient hard disk space Remedy Delete unnecessary data from the hard disk to free up disk space Cause Unable to connect to the SMTP server Unable to establish a connection between the machine and the server Although the connection between the machine and the server has been established ASCII characters are not used for the host name specified on the machine Remedy Take one of the following measures Check whether the network cabl
3. Cause The received S MIME certificate has been discarded because the certificate was Cause IP address of IPv4 already exists Remedy Change the IP address of IPv4 set on the machine or the IP address of IPv4 on the network device Cause Unable to connect to the SMTP server Remedy Specify the SMTP server name correctly or specify the server by using its IP address Cause Unable to find the S MIME certificate associated with the machine s e mail address when sending e mail Remedy Import the S MIME certificate corresponding to the mail address to the machine Cause The S MIME certificate associated with the machine s email address has expired Remedy Ask the sender to issue a new S MIME certificate and import the certificate to the machine Cause The S MIME certificate associated with the machine s email address is not reliable Remedy Import a reliable S MIME certificate to the machine Cause The S MIME certificate associated with the machine s email address has been discarded Remedy Import a new S MIME certificate to the machine Cause No S MIME certificate is attached to the received e mail Remedy Ask the sender to send the e mail with an S MIME certificate Cause No S MIME certificate was obtained from the received email Remedy Import the sender s S MIME certificate to the machine or attach an S MIME certificate to S MIME signature mail sent from the sender Cause The received S
4. Data Encryption Set Authentication Authentication Security Settings gt Security gt Off Authentication gt Login Type Authentication Configuration Set Access Control Authentication Security Settings gt Security gt Off Authentication gt Access Control Authentication Configuration gt Next gt Device Access or Service Access Set Private Print Authentication Security Settings gt Off Authentication gt Charge Private Print Settings Set User Passcode Authentication Security Settings gt Security gt User Details 0 Minimum Length Authentication gt Passcode Policy gt Setup gt Minimum Minimum Passcode Length Passcode Length Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 60 Item Using Control Panel Using Xerox Default CentreWare Internet Services Set Auto Clear System Settings gt Common Service On Settings gt Machine Clock Timers gt Auto Clear Set Repot Print System Settings gt Common Service On Settings gt Reports gt Print Reports Button Set Self Test System Settings gt Common Service Settings gt Maintenance gt Power on Self Test Set Software System Settings gt f ommon Service Services gt Machine On Download Settings gt Other Settings gt Software Software gt Upgrades Download Set SMB Connectivity gt Port On Setting Set Xerox Connectivity gt
5. List of Files page for the Folder is displayed Folder Number Displays the Folder numbers If you click the number of a registered Folder the Folder List of Files page for the Folder is displayed Folder Name Displays the names of Folders If you click the name of a registered Folder the Folder List of Files page for the Folder is displayed Number of Files in this Folder Displays the number of files stored in each Folder File List If you click File List the Folder List of Files page for the selected Folder is displayed Delete If you click Delete the selected Folder is displayed Edit If you click Edit the Edit Folder page for the selected Folder is displayed Create If you click Create the Folder Setup page for the selected Folder is displayed 46 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Folder List of Files The following table shows the setting items available on the Folder List of Files page ENE Folder Number Displays the Folder number of the selected Folder Folder Name Displays the name of the selected Folder File Number Displays the file numbers of the files stored in the Folder File Name Displays the names of the files Date amp Time Displays the dates on which the files were stored Compression Format Displays the compression formats of the files Page Count Displays the
6. Place a check next to each file to be imported and click Retrieve or Print File Note To retrieve a color file as a JPEG place a check next to Retrieve Page and specify the page number Printing Job Deletion This page allows only System Administrators to delete the active print jobs Click Jobs tab on the Main Panel of the home page Select the desired job on the Active Jobs screen Click the Delete button DG dec A confirmation window appears Select OK to cancel the job completely Change User Passcode by System Administrator Using Xerox CentreWare Internet Services Note This feature is only applicable to Local Authentication mode 1 Open your Web browser enter the TCP IP address of the machine in the Address or Location field and press the lt Enter gt key Enter System Administrator s ID and the passcode if prompted Click the Properties tab Click Security Click Authentication Configuration Click Next Enter the user number in Account Number and click Edit Enter a new passcode of 9 or more characters in Passcode Sen OY i3 d p oM Enter the same passcode in Retype Passcode and click Apply Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 49 Problem Solving This section describes solutions to problems that you may come across while using the machine and Xerox CentreWare Internet Services The machine has certain built in diagnostic
7. When print or copy volume exceeds the registered number the user cannot use the function The counted number needs to be cleared by system administrator Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 31 Remote Access Operation of the machine through a network using Xerox CentreWare Internet Services is called Remote Access The functions restricted by Remote Access are as follows Print Printing is limited to the print jobs sent from a computer To use the Accounting feature use the print driver to set account information such as user ID and passcode If verification using account information fails for a print job the print data will be either saved in the machine or deleted depending on the Charge Print settings Xerox CentreWare Internet Services If the Authentication feature is enabled authentication is required to access the Xerox CentreWare Internet Services home page even if you are not using the Authentication feature for any service Authentication for Folder The following explains the restricted operations on job flow sheets and Folder when the Authentication feature is enabled Note When a user account is deleted the Folder and job flow sheets associated with the account are also deleted Any files stored in the Folder will also be deleted Note Authenticated Users who are given the System Administrator privileges do not have the privileged level of access to Folder and job
8. use the IPSec protocol simultaneously You need to set the IP address of the client for SNMPv3 according to the procedures in Set IPSec Address and enter the IP Address in the Specify Destination IPv4 IPv6 Address box Since the machine cannot communicate by SNMPv1 v2 you need to uncheck SNMP status Enabled for the port setting on the client s printer driver 22 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Set S MIME Note To use E mail with this machine the E mail function needs to be enabled and configured as described in the System Administrator Guide s Scan to E mail Before making the S MIME setting you need to import an S MIME certificate according to the same procedure as that in Configuring Machine Certificates had oo So uns dE 15 16 17 18 19 Click Configuration Overview on the Properties screen Click Settings for E mail Click Configure for E mail Settings and enter the machine s E mail address in the From address box Click Apply Click Security on the Properties screen Click Certificate Management Select S MIME for Certificate Purpose Click Display the list and check a desirable certificate Click Certificate Details Click Use this certificate 11 12 13 14 Click SSL TLS Settings Check the Enabled box for S MIME Communication Click Apply Click Reboot Machine After the machin
9. Administrator must follow the instructions below Passcode Entry from Control Panel Set to Enabled The System Administrator Passcode Change the default passcode 1111 to another passcode of 9 or more characters Maximum Login Attempts Default 5 Times Service Rep Restricted Operation Set to On and enter a passcode of 9 or more characters Overwrite Hard Disk Default 3 Overwrites Data Encryption Default On Scheduled Image Overwrite Set to Enabled Authentication Set to Login to Local Accounts or Login to Remote Accounts Access Control Set to Locked for Device Access and Service Access Private Print Set to Save as Private Charge Print User Passcode Minimum Length Set to 9 characters Auto Clear Default Enabled Report Print Set to Disable Self Test Set to Enabled Software Download Set to Disabled SMB Set to Disabled for NetBEUI Xerox FreeFlow Set to Disabled Receive E mail Default Disabled WebDAV Set to Disabled IPP Default Enabled SSL TLS Set to Enabled IPSec Set to Enabled SNMPv1 v2c Set to Disabled SNMPv3 Set to Enabled S MIME Set to Enabled Audit Log Set to Enabled Browser Refresh Set to Disabled Job Deletion Set to Administrator Only Important The security will not be effective if you do no
10. Certificate Management Click Upload Signed Certificate Enter a file name for the file you want to import or select the file to be imported by clicking Browse Enter a password in Password and then retype the password in Retype Password for confirmation Click Import Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Set IPSec Note Before setting Digital Signature for IKE Authentication Method you need to import an IPSec certificate according to the same procedure as that in Configuring Machine Certificates 1 Click Security on the Properties screen 2 Click IPSec 3 Checkthe Enabled box for Protocol For the Pre Shared Key setting proceed to steps 4 and 5 For the Digital Signature setting proceed to steps 6 through 11 4 Select Pre Shared Key for IKE Authentication Method This is used to ensure confidentiality of communications between the machine and a client computer or the machine and a server 5 Enter a Pre Shared Key in the Shared Key box and the Verify Shared Key box Next proceed to set the IPSec address Click Certificate Management in Security Select IPSec for Certificate Purpose Click Display the list and check a desirable certificate Click Certificate Details O Click Use this certificate 1 On the IPSec screen select Digital Signature for IKE Authentication Method 2 2 90 M m Next proceed to set the
11. Settings Procedures Using Control Panel 9 Authentication for Entering the System Administration Mode ss 9 Use Passcode Entry from Control POmel eccsssssescsssssssssssssseescsssssesssssssseccesssseesesssseceessnecsesssees 9 Change the System Administrator s Passcode eset 10 Set Maximum Login Attempts esesccssssscsssescssssccsssesesssesessssecesssecessseccsssscessssecessnesessueeessneesees 10 Set Service Representative Restricted Operation 10 S t Overwite DE A A 11 Set Scheduled Image Overwrite csecssssssssccsssssccsssseesssssssesesssssesessssssescessssesssssseesessssneseessssees 11 Set Data Encryption eeccsssesssssssscssssscsssescsssescssssesssssecssssesesssssessssecesssecessuesessasccesssccessesessnesssseeeees 11 SU EI iss ere 12 Set Access T ORIUFOLLa ausu Rr Ram b Ra AIR RERO ADIRE 12 Set Private Print cnica 13 Set User Passcode Minimum Length nu sssscsssssssscsssssessessssecsssssssecsscsssecessssseesesssseecsessneeessessees 13 SEE Uil 14 SeEReDOETEPEUE OA 14 o rn lio 14 SEE Software DOW MOG a 15 Initial Settings Procedures Using Xerox CentreWare Internet A m RITTER 17 Preparations for Settings on the Xerox CentreWare Internet Services 17 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide i Set Xerox FreeFlow cc cnn 18 Set WebDAV A ee 18 SS A ee re nee 18 ST Sa wm o e A 1
12. address of the machine in the Address or Location field and press the Enter key Enter the Administrator ID and the password when prompted Click the Properties tab Click Audit Log Click Export as text file Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Self Testing This section describes the Self Test function and its setting procedure from the Control Panel The machine can execute a Self Test function to verify the integrity of executable code and setting data The machine verifies the area of NVRAM and SEEPROM including setting data at initiation and displays an error on the control panel at error occurrence Also when Self Test function is set at initiation the machine calculates the checksum of Controller ROM to confirm if it matches the specified value and displays an error on the control panel at error occurrence Set Self Test Select System Settings on the Tools screen Select Common Service Settings Select Maintenance Select Power on Self Test Select On Select Save To exit the Maintenance screen select Close Qo An d y MP cs To exit the Tools screen select Close in the upper right corner of the screen Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 27 Authentication for the Secure Operation The machine has a unique Authentication feature that restricts the authority to use functions This section
13. contains information for System Administrators and general users on the features used to change the settings and on the setting procedures Overview of Authentication Users Controlled by Authentication The following explains the different user types that are controlled by the Authentication feature Users are classified into the following four types The Authentication feature restricts operations according to the user type e Machine Administrator e Authenticated Users with System Administrator Privileges e Authenticated Users with no System Administrator Privileges e Unauthenticated Users Machine Administrator The Machine Administrator uses a special user ID default ID admin Only the Machine Administrator is able to change the Machine Administrator ID default ID admin and the Machine Administrator Passcode default passcode 1111 The Machine Administrator is a user who can enter the System Administration mode and change the machine settings that are related to security features and services that are restricted To enter the System Administration mode enter the Machine Administrator ID into the user ID entry field on the authentication screen Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 29 Authenticated Users with System Administrator Privileges These are users to whom the System Administrator privileges are granted When a restricted service is used this
14. delete files in the Folder after they are printed out or retrieved or after they are transferred and printed out through a job flow sheet Delete Expired Files Specifies whether to delete files in the Folder after the preset time or period elapses Send from Folder This section describes the Folder features that allow you to check print or delete files in the private Folder that is displayed on the Send from Folder screen However some Folders may require you to enter a passcode depending on the operation you attempt Private Folders created by other users are inactive and inaccessible to you 1 Press the lt Services Home gt button on the control panel 2 Select Send from Folder on the touch screen 3 Select the Folder name to be displayed on the screen 4 Select the Folder to be opened Then the files stored in the Folder appear File Name Date amp Time Sorts the files by their names or by the dates they were stored You can change the sorting order of the list by selecting the same option again The order is indicated with an upward ascending order or downward descending order triangle shown to the right of the name of the option selected Refresh Updates the list of files in the Folder Select All Selects all the files in the Folder so that you can print or delete them all at once Print Prints the selected file s Delete Deletes the selected file s 40 Xerox D95 D110 D125 Copier Printer
15. flow sheets Types of Folder The following three types of Folder can be used with the machine Machine Administrator Shared Folder The Machine Administrator Shared Folder is a Folder created by a Machine Administrator When the Authentication feature is enabled all Authenticated Users can share this Folder Only the Machine Administrator can change the settings To create a Machine Administrator Shared Folder operate the machine as a Machine Administrator Personal Folder This is a Folder created by an Authenticated User by using the Authentication feature Only the Authenticated User who created the Folder can use it Operations available for Folder The following table shows whether each operation on each Folder is available for each user type when the Authentication feature is enabled 32 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Folder Operation System Administrator and Authenticated Users Machine Administrator Personal Folder Personal Folder other Shared Folder owner Create Display Delete Change Settings Display File Delete File Store File 1 Print File 1 Display Link Auto Run Manual Run Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 33 Folder Operation Machine Administrator Machine Administrator Personal Folder Shared Folder Create Y Display Y Delete Y Change Settings Y Di
16. gt On FreeFlow Protocol Set WebDAV System Settings gt Connectivity amp Network Connectivity gt Port On Setup gt Port Setting Setting Set Receive E mail Connectivity amp Network Setup gt Port Connectivity gt Port Off Setting Setting Set IPP System Settings gt Connectivity amp Network Connectivity gt Port On Setup gt Port Setting Setting Set LDAP Connectivity gt Protocol gt LDAP gt LDAP Server Set Kerberos Security gt Remote Authentication Servers gt Kerberos Server Set SSL TSL System Settings gt Connectivity amp Security gt SSL TLS Off Network Setup gt Security Settings gt Settings SSL TLS Settings Configuring Security gt Machine Machine Digital Certificate Certificates Management gt Upload Signed Certificate Set IPSec System Settings gt Connectivity amp Security gt IPSec Off Network Setup gt Security Settings gt IPSec Settings Set SNMPv3 Connectivity gt Off Protocols gt SNMP Configuration Set S MIME System Settings gt Connectivity amp Security gt SSL TLS Off Network Setup gt Security Settings gt Settings gt S MIME S MIME Settings Communication Set Browser Refresh General Setup gt On Internet Services Settings gt Auto Refresh Interval Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 61 Item Set Job Deletion Set Aud
17. lock directory LCK exists in the forwarding destination delete it manually then try executing the job again Check if the specified folder name can be used in the save location Check if the same folder name exists in the save location Check if enough space is available in the save location 016 584 Cause The machine failed to transfer data using FTP of the Scan to PC feature because folder creation was not successful on the FTP server after connection Remedy Take one of the following actions Check if the specified folder name can be used in the save location Check if the same folder name exists in the save location Check if enough space is available in the save location 016 585 Cause The machine failed to transfer data using FTP of the Scan to PC feature because file deletion was not successful on the FTP server after connection Remedy Check the access privilege to the FTP server 54 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Error Code Cause and Remedy 016 586 016 587 016 588 016 589 016 593 016 594 016 595 016 596 016 703 016 704 016 705 016 706 016 711 016 713 016 714 Cause The machine failed to transfer data using FTP of the Scan to PC feature because lock folder deletion was not successful on the FTP server after connection Remedy Take one of the following actions Check the access privilege to the FTP ser
18. on the user information managed on the server User information cannot be registered on the machine 30 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Functions Controlled by Authentication The following explains the functions that are restricted by the Authentication feature The restriction depends on which method is selected from the following e Local Access e Remote Access For more information on the restrictions on the operations on Folder and job flow sheets using the Authentication feature refer to Authentication for Job Flow Sheets and Folder Local Access Direct operation of the machine from the control panel is called Local Access The functions restricted by Local Access are as follows Device Access e All Services Pathway verifies users when users access a service screen e Job Status Pathway verifies users when users access the Job Status screen e Machine Status Pathway verifies users when users access the Machine Status screen Service Access e Copy e Scan to Folder e E mail e Network Scanning e Scanto PC e Send from Folder e Print e Job Flow Sheets Feature Access e Print File from Folder e Retrieve File from Folder Service Access control per user e Service access and print amp copy quota can be controlled per user The system administrator can limit print amp copy quota per user via the control panel and Xerox CentreWare Internet Services
19. page counts of the files Type Displays the job types of the files Retrieve Retrieve Page Selects whether or not to retrieve one page of the selected file Page Number Enters the page number of the page to be retrieved Retrieving Format Specifies the file format to be used when retrieving the page Print File Paper Supply Selects the paper tray to be used to print the selected file Output Destination Selects the output tray Quantity Selects the number of copies to print 2 Sided Printing Selects whether to print only on one side or both sides of paper Delete Deletes the selected files in the folder Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 47 Edit Folder The following table shows the setting items available on the Edit Folder page Folder Link Job Flow Sheet to this Folder Folder Number Folder Name Folder Passcode Retype Passcode Check Folder Passcode Owner Delete Files after Print or Retrieve Delete Expired Files Number of Files in this Folder Sheet Order Displays the number of the selected Folder To change the Folder name enter a new Folder name To change the passcode enter a new passcode with up to 20 characters Leave the text box blank if you do not set a passcode Re type the passcode for verification Allows you to select whether and when the passcode for the Folder is required Displays the owner of the Folder If the Folder is a
20. password select Registered User or System Administrator when remote authentication is used Only the Machine Administrator s ID default admin is pre registered in the machine but other user IDs are not In aremote authentication server on the other hand the Machine Administrator s ID is not pre registered Although admin can be registered as a user ID it cannot be registered as the Machine Administrator s ID in the machine Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 35 Create View User Accounts This feature allows you to register user account information such as User IDs user names and passcodes and to restrict the numbers of copied printed and scanned pages for each user Up to 1 000 users can be registered On the Tools screen 1 Select Create View User Accounts under Authentication 2 Select a User ID number 3 Press Create Delete 4 When a new user account is to be created a keyboard screen is displayed Enter a user ID and then select Save ga Configure the required settings 6 Select Close User ID Allows you to enter a User ID using the screen keyboard You can enter up to 32 alphanumeric characters including spaces as a User ID User Name Allows you to enter a user name using the screen keyboard You can enter up to 32 alphanumeric characters including spaces as a user name Passcode Allows you to enter a passcode using the
21. screen keyboard You can enter 4 to 12 alphanumeric characters Note The Passcode button appears when you have chosen the use of a passcode and you have enabled Local Accounts in Authentication Security Settings E mail Address Allows you to enter the E mail address The specified address that is displayed on the E mail screen is set as the sender s address of the machine You can enter up to 128 characters Note The E mail Address button appears when you have enabled Local Accounts in Authentication Security Settings Account Limit Displays the Account No XXX Account Limit screen Select Copy Service Scan Service or Print Service to specify feature access permissions and account limits for that service Feature Access Displays the Account No xxx Feature Access screen Select the access permissions for each service for that account Change Account Limit Displays the Account No xxx Service Limit screen Enter an account limit for Color and Black to specify the maximum number of pages allowed to be processed by that account The maximum number of pages that can be entered is 9 999 999 36 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide User Role Allows you to select the privileges that are given to the user Select from User or System Administrator Note The User Role button appears when you have enabled Local Accounts in Authentication Security
22. the machine is used for needs to follow the instructions below e The manager needs to assign appropriate people as system and machine administrators and manage and train them properly e The manager and system administrators need to train users about the security policies and procedures of their organization e The machine needs to be placed in a secure or monitored area where the machine is protected from unmanaged physical access e Ifthe network where the machine is installed is to be connected to external networks configure the network properly to block any unauthorized external access e The users must set a user ID and a passcode on Accounting Configuration of printer driver e Users and administrators need to set passcodes and an encryption key according to the following rules for the client PC login and the machine s setup Do not use easily guessed character strings for passcodes A passcode needs to contain both numeric and alphabetic characters e Users and administrators need to manage and operate the machine so that their user IDs and passcodes may not be disclosed to another person e Administrators need to set the account policy in the remote authentication server as follows Set password policy to 9 or more characters Set account lockout policy to 5 times e For secure operation all of the remote trusted IT products that communicate with the machine shall implement the communication protocol in
23. x Select Authentication Security Settings on the Tools screen Select Authentication Select Passcode Policy On the Passcode Policy screen select Minimum Passcode Length Select Change Settings On the Minimum Passcode Length screen select Set Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 13 7 8 9 With a and V set 9 Select Save To exit the Passcode Policy screen select Close Set Auto Clear I E E c Select System Settings on the Tools screen Select Common Service Settings Select Machine Clock Timers Select Auto Clear Select Change Settings Select On Select Save To exit the Machine Clock Timers screen select Close Set Report Print a Oy u we NA t Select System Settings on the Tools screen Select Common Service Settings Select Reports Select Print Reports Button Select Disabled Select Save To exit the Reports screen select Close Set Self Test Go OY SUE GB Ne Select System Settings on the Tools screen Select Common Service Settings Select Maintenance Select Power on Self Test Select On Select Save To exit the Maintenance screen select Close Select Reboot now on the confirmation screen Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Set Software Download Select System Settings on the Tools screen S
24. 8 SELDAR SENE O RR RO 19 Oe ps A 19 suben A yA RR 20 Contigua Machine Ceniceros 20 OO 21 Set IPSec Address A 21 o ass nere 22 SEI SUB na 23 Set Browser Relief nenne 23 Set Job Det ee 24 Regular REVIEW by Audit LOG sinne 25 BEL Audi LOG ana 25 Import theAudit Log Klerus 26 SON El marsen RS 27 BGI Sel DE 27 Authentication for the Secure Operation sss 29 A EVER XH nenene Epe R E REEERE ETENEE E 29 Users Controlled by Authentication esee ttttttnnnnnnnnces 29 Machine Administrator nssssssneeoooeonmmnnnnssssssssssennsenenennnnnnnnssssssssssenneneneennnnnnnnenr 29 Authenticated Users with System Administrator Privileges 30 Authenticated Users with No System Administrator Privileges 30 Unauthenticated Users 30 Local Machine Authentication Login to Local Accounts essen 30 Remote Authentication Login to Remote Accounts e 30 Functions Controlled by Authentication e ettttnnnntttttnnnnnnnncas 31 Authentication for FOREN aaa 32 Types Or Eee 32 Operation Using Control Panel ae 39 A PP 35 Ereate View USErRACCOUNIS near 36 Change User Passcode Dy Genel m ln 37 Job Deletion by System Administ aora aci 38 F lder Stored File SetLINGS eek 38 Folder Service A adco ofa dud bdidxa a NR 38 Xerox D95 D110 D125 Copier Printer Security Func
25. Authentication Select Passcode Policy On the Passcode Policy screen select Passcode Entry from Control Panel Select Change Settings On the Passcode Entry from Control Panel screen select On Select Save Qo na a Ge dU nn To exit the Passcode Policy screen select Close Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Change the System Administrators Passcode NE MEL MEME MO 00 ll OY Select Authentication Security Settings on the Tools screen Select System Administrator Settings Select System Administrator s Passcode Select New Passcode Enter a new passcode of 9 or more characters using the keyboard displayed and then select Save Select Retype Passcode Enter the same passcode and then select Save Select Save A confirmation window appears Select Yes to confirm your entry Set Maximum Login Attempts Qo E d a Select Authentication Security Settings on the Tools screen Select Authentication Select Maximum Login Attempts By System Administrator On the Maximum Login Attempts screen select Limit Attempts With A and V set 5 Select Save Set Service Representative Restricted Operation 1O oo N 0 de gt Select System Settings on the Tools screen Select Common Service Settings Select Other Settings On the Other Settings screen select Service Rep Restricted Operation Select
26. Change Settings Select On Select Maintenance Passcode Select New Passcode Enter a new passcode of 9 or more characters by using the keyboard displayed and then select Save 10 Select Save 10 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 11 Select Retype Password Passcode 12 Enter the same passcode by using the keyboard displayed and then select Save 13 Select Save 14 Select Yes to apply the change 15 Aconfirmation window appears Select Yes to confirm your entry 16 To exit the Other Settings screen select Close Set Overwrite Hard Disk Select Authentication Security Settings on the Tools screen Select Overwrite Hard Disk 1 2 3 Select Number of Overwrites 4 Onthe Number of Overwrites screen select 1 Overwrite or 3 Overwrites 5 Select Save Set Scheduled Image Overwrite Select Authentication Security Settings on the Tools screen Select Overwrite Hard Disk Select Scheduled Image Overwrite On the Scheduled Image Overwrite screen select Daily Weekly or Monthly Set Day Hour and Minutes Sv E t m Select Save Set Data Encryption Select System Settings on the Tools screen Select Common Service Settings Select Other Settings On the Other Settings screen select Data Encryption 1 2 3 4 5 Select Change Settings 6 Select On 7 Select Ne
27. IPSec address Set IPSec Address 1 Enter the IP Address in the Specify Destination IPv4 Address box on the IPSec screen 2 Enter the IP Address in the Specify Destination Ipv6 Address box 3 Select Enabled or Disabled from the Communicate with Non IPSec Device dropdown list 4 Click Apply 5 Click Reboot Machine Note When you select Enabled from the Communicate with Non IPSec Device dropdown list the machine allows communications with non IPSec devices other than the devices that are specified in Specify Destination IPv4 Address or Specify Destination IPv6 Address Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 21 Set SNMPv3 oN aw de we N c so 10 11 12 13 Click Connectivity on the Properties screen Click Protocols Click SNMP Configuration Check the Enable SNMPv3 Protocol box Uncheck the Enable SNMPv1 v2c Protocols box Click Apply Click Edit SNMPv3 Properties and check Account Enabled for Administrator Account Enter a new Authentication Password minimum 8 characters Enter the new Authentication Password again to confirm it Enter a new Privacy Password minimum 8 characters Enter the new Privacy Password again to confirm it Check Account Enabled for Print Drivers Remote Clients Account Click Apply Note Be sure to change Authentication Password and Privacy Password from the default password In using SNMPv3
28. MIME certificate has expired or is an unreliable certificate Remedy Ask the sender to send the e mail with a valid S MIME certificate Cause The received e mail has been discarded because it might be altered on its transmission route Remedy Tell the sender about it and ask to send the e mail again Cause The received e mail has been discarded because the address in its From field was not the same as the mail address in the S MIME signature mail Remedy Tell the sender that the mail addresses are not identical and ask to send the e mail again not been set to use on the machine Remedy Import the sender s S MIME certificate to the machine or change settings to use the S MIME certificate on the machine when the S MIME certificate has already been registered unreliable Remedy Ask the sender to send the e mail with a reliable S MIME certificate Cause Unable to obtain SMTP server address for e mail transmissions from the DNS server Remedy Check whether the DNS server is set correctly 58 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Security Xerox For the latest information on security and operation concerning your device see the Xerox Security Information website located at www xerox com security Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 59 Appendix List of Operation Procedures Item Check the Clock Use Passcode E
29. Machine Status Pathway Select Save Select Service Access On the Service Access screen select an item and then select Change Settings Select Locked Select Save Perform steps 8 and 10 for each item Select Close Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 12 13 14 15 16 Select Feature Access On the Feature Access screen select an item by Change Settings Select Locked Select Save Perform steps 13 and 15 for each item To exit the Access Control screen select Close Set Private Print UL a po de aS Select Authentication Security Settings on the Tools screen Select Authentication Select Charge Private Print Settings On the Charge Private Print Settings screen select Received Control Select Change Settings When Login to Local Accounts is selected 1 Onthe Receive Control screen select According to Print Auditron 2 Select Save As Private Charge Print Job for Job Login Success 3 Select Delete Job for Job Login Failure 4 Select Delete Job for Job without User ID When Login to Remote Accounts is selected 1 Onthe Receive Control screen select Save As Private Charge Print Job Select Save To exit the Charge Private Print Settings screen select Close Set User Passcode Minimum Length Note This feature is only available in Local Authentication mode Sv Yi de u
30. P3 server when sending e mail Remedy Check on Xerox CentreWare Internet Services if the user name and password used in the POP3 server are correct Cause An error occurred in connecting to the SMTP server Remedy The SMTP server or network may be overloaded Wait for a while and then execute the operation again Cause LDAP server SSL authentication error Unable to acquire an SSL client certificate Remedy The LDAP server is requesting an SSL client certificate Set an SSL client certificate on the machine Cause LDAP server SSL authentication error The server certificate data is incorrect Remedy The machine cannot trust the SSL certificate of the LDAP server Register the root certificate for the LDAP server s SSL certificate to the machine Cause LDAP server SSL authentication error The server certificate will expire soon Remedy Change the SSL certificate of the LDAP server to a valid one You can clear this error by selecting Disabled for LDAP SSL TLS Communication under SSL TLS Settings on the machine however note that selecting this option does not ensure the validity of the LDAP server Cause LDAP server SSL authentication error The server certificate has expired Remedy Change the SSL certificate of the LDAP server to a valid one You can clear this error by selecting Disabled for LDAP SSL TLS Communication under SSL TLS Settings on the machine however note that selecting this option d
31. Request the sender to send to an available folder If the error still is not resolved contact our Customer Support Center Cause The folder is full and hard disk capacity is insufficient Remedy Delete unnecessary files from the folder and save the file Cause Secure print documents cannot be registered because of hard disk malfunction Remedy Contact the Customer Support Center Refer to Secure Print Cause The hard disk space is insufficient because the number of Secure Print users exceeded the maximum limit Remedy Delete unnecessary files from the machine and delete unnecessary Secure Print users Cause The upper limit for the e mail size has been exceeded Remedy Take one of the following measures and then try sending the mail again Reduce the number of pages of the document Lower the resolution with Resolution Reduce the magnification with Reduce Enlarge Ask your system administrator to increase the value set for Maximum Total Data Size For color scanning set MRC High Compression to On under File Format Cause The passcode entered does not match the passcode set on the folder Remedy Enter the correct passcode Cause The specified folder does not exist Remedy Create a new folder or specify an existing folder Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 55 Error Code Cause and Remedy 016 764 016 765 016 766 016 767 016 768
32. Security Function Supplementary Guide Private Charge Print The Private Charge Print feature temporarily stores files per user ID until a user logs in and manually prints them from the machine s control panel This feature only displays files of a logged in user and thus provides security and privacy of files stored in the machine 1 Press the lt Job Status gt button on the control panel 2 Select Private Charge Print on the Secure Print Jobs amp More screen Note If you enter the screen with System Administrator s ID a list of authentication user IDs is displayed Select a user ID from the list or enter the displayed number in Go to and select Job List Then the files stored for the selected user ID are displayed 3 Select a file to be printed or deleted 4 Select the required option Refresh Refreshes the displayed information Select All Selects all the files in the list Delete Deletes a file selected in the list Print Prints a file selected in the list After being printed the file is deleted Note The displayed jobs are sent from a PC via the print driver For more information refer to Print Driver Online Help Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 41 Operation Using Xerox CentreWare Internet Services This section describes the operation using Xerox CentreWare Internet Services to use security features for System Administrator and authentic
33. Settings Reset Total Impressions Deletes all the data tracked for the selected account Reset Account Clears all settings and data for the selected account Change User Passcode by General User This feature allows Authenticated Users users who are authenticated by the procedure described in User Authentication to change the registered passcode Note This feature is only applicable to Local Authentication mode Select User Details Setup Select Change Passcode Enter the current passcode and select Next On the Change Passcode screen select Keyboard Enter a new passcode of 9 or more characters in New Passcode and select Next In Retype Passcodel select Keyboard so qur ge Ub ONS Enter the same passcode and select Save twice Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 34 Job Deletion by System Administrator This feature allows only system administrators to delete the active jobs Deleting the Copy Scan job 1 Press the red Stop button on the control panel 2 Onthe touch screen touch Resume to continue the job or touch Cancel to cancel the job completely Deleting the printing Job 1 Onthe control panel press Job Status button The Active Jobs tab displays 2 Touch the desired job then press the Delete from the pop up menu 3 Aconfirmation window appears Select Delete job to cancel the job completely Deleting the sending Scan Jo
34. System Administrator s Login ID and the passcode if prompted default ID admin default passcode 1111 Select Enter on the touch screen Press the lt Machine Status gt button on the control panel Select Tools on the touch screen Select System Settings Select Common Service Settings Select Machine Clock Timers 9 nn Mw You can check the time and the date of the internal clock If you need to change the time and the date refer to the following procedures 9 Select the required option 10 Select Change Settings 11 Change the required setting Use the scroll bars to switch between screens 12 Select Save Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Initial Settings Procedures Using Control Panel This section describes the initial settings related to Security Features and how to set them on the machine s control panel Authentication for Entering the System Administration Mode Press the lt Log In Out gt button on the control panel Enter admin with the keyboard displayed This is the factory default ID Select Next on the touch screen Enter 1111 from the keyboard when passcode is required Select Enter on the touch screen Press the lt Machine Status gt button on the control panel Soy um eo NS Select Tools Use Passcode Entry from Control Panel Select Authentication Security Settings on the Tools screen Select
35. accordance with industry standard practice with respect to RFC other standard compliance SSL TLS IPSec SNMPv3 S MIME and shall work as advertised Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 5 The settings described below are required for both the machine s configuration and the client s configuration 1 SSL TLS For the SSL client Web browser and the SSL server that communicate with the machine select a data encryption suite from the following SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS RSA WITH AES 256 CBC SHA The recommended browser is Microsoft Internet Explorer 6 7 8 2 S MIME For the machine and E mail clients select an Encryption Method Message Digest Algorithm from the following RC2 128bit SHA1 3Key Triple DES 168bit SHA1 3 IPSec For the IPSec host that communicates with the machine select an Encryption Method Message Digest Algorithm from the following AES 128bit SHA1 3Key Triple DES 168bit SHA1 4 SNMPv3 The encryption method of SNMPv3 is fixed to DES Set Message Digest Algorithm to SHA1 Important A A E For secure operation while you are using the Xerox CentreWare Internet Services do not access other web sites For secure operation when you change Authentication Type initialize the hard disk by resetting Data Encryption and changing encryption key For prev
36. and prevent future breaches The important events of the machine such as device failure configuration change and user operation are traced and recorded based on when and who operated what function Auditable events are stored with time stamps into NVRAM When the number of stored events reaches 50 the 50 logs on NVRAM are stored into one file audit log file within the internal HDD Up to 15 000 events can be stored When the number of recorded events exceeds 15 000 the oldest audit log file is overwritten and a new audit event is stored There is no deletion function Set Audit Log 1 Open your Web browser enter the TCP IP address of the machine in the Address or Location field and press the lt Enter gt key Enter the Administrator ID and the password when prompted Click the Properties tab Click Security Click Audit Log Check the Enabled box for Audit Log Click Apply on um Er CEU NS Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 25 Import the Audit Log File The following describes methods for importing the Audit Log The audit logs are only available to system administrators and can be downloaded via Xerox CentreWare Internet Services for viewing and analyzing The logged data cannot be viewed from the local UI In addition SSL TLS communication must be enabled in order to access to the logged data 1 ae co 9 26 Open your Web browser enter the TCP IP
37. ated users The Xerox CentreWare Internet Services program uses the embedded Web User Interface which enables communication between a networked computer and the machine via HTTP Xerox CentreWare Internet Services can be used to check each job and the machine status or to change the network settings Note This service must be installed and set up by the System Administrator prior to use For more information on the installation and setups of the Xerox CentreWare Internet Services feature refer to the System Administration Guide Some of the Xerox CentreWare Internet Services features have restricted access Contact a System Administrator for further assistance Accessing Xerox CentreWare Internet Services Follow the steps below to access Xerox CentreWare Internet Services On a client computer on the network launch an internet browser In the URL field enter http followed by the IP address or the Internet address of the machine Then press the Enter key on the keyboard For example if the Internet address URL is vvv xxx yyy zzz enter it in the URL field as shown below http vvv xxx yyy zzz The IP address can be entered in either IPv4 or IPv6 format Enclose the IPv6 address in square brackets IPv4 http xxx xxx XXX XXX IPv6 http DOGOX XXXX2000 XXXX2000 XXXX2000 Xxxx Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 43 If a port number is set append it to the IP add
38. b 1 Onthe control panel press Job Status button The Active Jobs tab displays 2 Touch the desired job then press Delete from the pop up menu Folder Stored File Settings This section describes the features that allow a System Administrator to configure various settings for Folder that is created for saving confidential scanned files Folder Service Settings This feature allows you to specify whether to discard files once received from a client 1 Select Folder Service Settings under System Settings 2 Change the required settings 3 Select Close Files Retrieved By Client Specifies when and how to delete files in Folder after they are retrieved Print amp Delete Confirmation Screen Specifies whether to display a confirmation message screen when deleting a file Quality File Size for Retrieval Specifies the Quality File Size level 38 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Stored File Settings This feature allows you to select whether the files stored in a Folder are automatically deleted You can set how long files are kept and when they are deleted You can also select whether to delete individual files 1 Select Stored File Settings under System Settings 2 Change the required settings 3 Select Close Expiration Date for Files in Folder Specifies whether to delete files from Folder when the specified period of time elapses Enter the number of day
39. capabilities to help you identify problems and faults and displays error messages on the control panel and web browser whenever problems or conflicts occur Fault Clearance Procedure If a fault or a problem occurs there are several ways in which you can identify the type of the fault Once a fault or a problem is identified specify the probable cause and then apply the appropriate solution e Ifa fault occurs first refer to the screen messages and animated graphics to clear the fault according to the specified order e Also refer to the fault codes displayed on the touch screen in the Machine Status mode Refer to the Fault Codes table below for an explanation of some fault codes and corresponding corrective actions e When you have problems in fixing the fault contact a System Administrator for assistance e Insome cases the machine may need to be turned off and then on CAUTION If you do not leave at least 20 seconds between a power off and a power on the hard disk in the machine may be damaged e You should call for service representative if the problem persists or a message indicates so Note Even when the power of the machine fails all the queued jobs will be saved because the machine is equipped with the hard disk drive The machine will resume processing the queued jobs when the power of the machine is turned back on Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 51 Fault Codes This
40. col error Remedy An error occurred in the software Contact our Customer Support Center Cause The machine failed to transfer data using FTP of the Scan to PC feature because the host or server name of the FTP server could not be resolved Remedy Check the connection to the DNS server Check if the FTP server name is registered correctly on the DNS server Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 53 Error Code Cause and Remedy 016 575 Cause The machine failed to transfer data using FTP of the Scan to PC feature because the DNS server address was not registered Remedy Specify the correct DNS server address Or specify the destination FTP server using its IP address 016 576 Cause The machine failed to transfer data using FTP of the Scan to PC feature because it could not connect to the FTP server Remedy Ensure that both the destination FTP server and the machine are available for network communications by checking the following The IP address of the server is set correctly The network cables are plugged in securely 016 577 Cause Unable to connect to the FTP service of the destination server Remedy Take one of the following actions Check if the FTP service of the server is activated Check if the FTP port number of the server is correctly registered on the machine 016 578 Cause The machine failed to transfer data using FTP of the Scan to PC feature d
41. collate printouts or not 2 Sided Printing Allows you to select from 1 sided prints or 2 sided prints head to head or head to toe Output Color Allows you to set whether to print in color or in monochrome Output Destination Allows you to select output trays from the drop down menu Paper Paper Supply Allows you to select the paper tray from the drop down menu Paper Size Allows you to select the output paper size Paper Type Allows you to select the type of the paper to be used Delivery Immediate Print In the case of user authentication mode regardless of these settings print data will be stored to the authenticated user s private Sample Set charge print Delayed Print Secure Print File Name Allows you to specify the file to be printed If you click the Browse button next to the File Name edit box the Choose File dialog box opens and you can select the file to be printed You can print only files with the following extensions pdf tif jpg and xps Submit Job Click this button to print the file Scan Folder Operation This section describes how to configure Folder Follow the steps below to select the features available on the Scan tab 1 Click Scan on the Main Panel of the home page 2 Select Folder on the Scan screen 3 The Folder page is displayed Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 45 Folder icons If you click the icon of a registered Folder the Folder
42. ct the data stored on the hard disk from unauthorized retrieval you can set the overwrite conditions to apply them to the data stored on the hard disk You can select the number of overwrite passes as one or three times When 1 Overwrite is selected 0 is written to the disk area 3 Overwrites ensures higher security than 1 Overwrite The feature also overwrites temporarily saved data such as copy documents Important If the machine is powered off during the overwriting operation unfinished files may remain on the hard disk When the power is restored the overwriting operation will resume with the unfinished files remaining on the hard disk 4 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Service Representative Restricted Operation Specifies whether the Service Representative has full access to the security features of the machine including the ability to change System Administrator settings For the D95 D110 D125 Copier Printer select On and then set Maintenance Passcode to restrict the Service Representative from entering the System Administration mode Important If the System Administrator s user ID and the passcode are lost when Service Rep Restricted Operation is set to On neither you nor the Xerox representative will be able to change any setting in the System Administration mode For Optimal Performance of the Security Features The manager of the organization that
43. e is restarted refresh the browser and click the Properties tab Click Security Click S MIME Settings Uncheck the Enabled check box for Receive Untrusted E mail Select Always add signature for Digital Signature Outgoing E mail Click Apply Set Browser Refresh ee p9 c Click General Setup on the Properties screen Click Internet Services Settings Enter the O in the Auto Refresh Interval box Click Apply Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 23 Set Job Deletion 1 Click General Setup on the Properties screen 2 Click Job Management 3 Select Administrators Only for Job Deletion 4 Click Apply 5 Click the Reboot Machine button Important Allows the user to pause an active copy print scan job while it is being processed by the machine But only system administrators can cancel the paused job For secure operation please delete the job completely 24 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Regular Review by Audit Log This section describes the setting procedure and the importing method of the Audit Log feature using the System Administrator client via Xerox CentreWare Internet Services The Audit Log is regularly reviewed by the Security Administrator often with the aid of third party analyzing tools The audit log helps to assess attempted security breaches identify actual breaches
44. e or your System Administrator Guide The security features of the Xerox D95 D110 D125 Copier Printer are supported by the following ROM versions Controller PS ROM Ver 1 201 1 IOT ROM Ver 83 25 0 IIT ROM Ver 9 8 0 ADF ROM Ver 13 10 0 Important The machine has obtained IT security certification for Common Criteria EAL3 ALC_FLR 2 This certifies that the target of evaluation has been evaluated based on the certain evaluation criteria and methods and that it conforms to the security assurance requirements Note Your ROM and user documentation may not be the certified version because they may have been updated along with machine improvements For the latest information on security and operation concerning your device download the latest versions from http www support xerox com support Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 1 Security Features Xerox D95 D110 D125 Copier Printer have the following security features e Hard Disk Data Overwrite e Hard Disk Data Encryption e User Authentication e System Administrator s Security Management e Customer Engineer Operation Restriction e Security Audit Log e Internal Network data protection e Self Test e Information Flow Security 2 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Settings for the Secure Operation For the effective use of the security features the System Administrator Machine
45. elect Common Service Settings Select Other Settings On the Other Settings screen select Software Download Select Change Settings Select Disabled Select Save To exit the Common Service Settings screen select Close O Go Noy in er OM c5 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide To exit the Tools screen press the lt Services gt button on the control panel 15 Initial Settings Procedures Using Xerox CentreWare Internet Services This section describes the initial settings related to Security Features and how to set them on Xerox CentreWare Internet Services Preparations for Settings on the Xerox CentreWare Internet Services Prepare a computer supporting the TCP IP protocol to use Xerox CentreWare Internet Services Xerox CentreWare Internet Services supports the browsers that satisfy SSL TLS conditions 1 Open your Web browser enter the TCP IP address of the machine in the Address or Location field and press the Enter key 2 Enter the System Administrator s ID and the passcode if prompted 3 Display the Properties screen by clicking the Properties tab Set SMB Click Connectivity on the Properties screen Click Port Setting Uncheck the NetBEUT box for SMB Click Apply UL ska Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 17 Set Xerox FreeFlow Click Connectivity on the Pr
46. en logging in to the SMB server Remedy Take one of the following measures Confirm how many users can access the shared folder Check whether the number of login users have exceeded the limit Cause An error occurred during LDAP server authentication Remedy Execute the operation again If the error still is not resolved contact our Customer Support Center Cause An LDAP server protocol error occurred as a result of the Address Book operation Connection to the server cannot be established for the Address Book query Remedy Take one of the following measures Confirm the network cable connection If the network cable connection has no problem confirm the active status of the target server Check whether the server name has been correctly set for LDAP Server Directory Service Settings under Remote Authentication Server Directory Service Cause An LDAP server protocol error occurred as a result of the Address Book operation The server returned RFC2251 Result Message for Address Book query Remedy Have your network administrator confirm the LDAP server status Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 57 Error Code Cause and Remedy 027 452 027 500 027 706 027 707 027 708 027 709 027 710 027 711 027 712 027 713 027 714 027 715 027 716 027 717 Cause The received S MIME certificate has not been registered on the machine or has
47. enting SSL vulnerability you should set the machine address in the proxy exclusion list of browser With this setting secure communication will be ensured because the machine and the remote browser communicate directly without proxy server and thus you can prevent man in the middle attacks Do not use Backup Restore function because they have not been evaluated Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Confirm the Machine ROM Version and the System Clock Before making initial settings the System Administrator Machine Administrator needs to check the ROM version of the machine and the system clock of the machine How to Check by Control Panel 1 Press the lt Machine Status gt button on the control panel 2 Select Machine information on the touch screen 3 Select Software Version on the Machine information screen You can identify the software versions of the components of the machine on the screen How to Check by Print Report Press the Machine Status button on the control panel Select Print Reports on the Machine information screen Select Printer Reports on the touch screen Select Configuration Reports a E PN ol Press the lt Start gt button on the control panel You can identify the software versions of the components of the machine by Print Report How to Check the System Clock 1 Press the Log In Out gt button on the control panel 2 Enter the
48. er certificate set Server Certificate Verification of IEEE 802 1x Settings to Disabled on the touch screen 016 405 Cause An error occurred in the certificate stored in the machine Remedy Initialize the certificate 016 406 Cause An error occurred in the SSL client certificate Remedy Take one of the following measures Store an SSL client certificate in the machine and set it as the SSL client certificate Ifthe SSL client certificate cannot be set select an authentication method other than SSL 016 450 Cause The SMB host name already exists Remedy Change the host name 016 454 Cause Unable to retrieve the IP address from DNS Remedy Confirm the DNS configuration and IP address retrieve setting 016 503 Cause Unable to resolve the SMTP server name when sending email Remedy Check on the Xerox CentreWare Internet Services if the SMTP server settings are correct Also check the DNS server settings 016 504 Cause Unable to resolve the POP3 server name when sending email Remedy Check on Xerox CentreWare Internet Services if the POP3 server settings are correct Also check the DNS server settings are correct 52 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Error Code Cause and Remedy 016 505 016 513 016 522 016 523 016 524 016 525 016 526 016 527 016 533 016 534 016 539 016 574 Cause Unable to login to the PO
49. es are plugged in securely Enter the host name using ASCII characters in Tools gt Connectivity amp Network Setup gt Machine s E mail Address Host Name Cause Failed to retrieve a file from the Web browser Remedy Take one of the following measures and then execute the operation again Reload the browser page Restart the browser Switch off the machine power make sure that the touch screen is blank and then switch on the machine power Cause Failed to access to the destination computer or the save location for Network Scanning Remedy Check the directory configuration and files on the server the access privileges for the destination or the location and check if you are authorized to access the specified destination computer or server Cause When IPSec is enabled there is an inconsistency in IPSec settings as follows The password is not set when Authentication Method is set to Preshared Key An IPSec certificate is not set when Authentication Method is set to Digital Signature Remedy Check the IPSec settings and enable IPSec again When Authentication Method is set to Preshared Key set the password When Authentication Method is set to Digital Signature set an IPSec certificate Cause An error occurred during LDAP authentication Remedy The account is disabled in the active directory of the authentication server or the access is set to disabled Consult your network administrator
50. it Log Import the Audit LogFile Create View User Account Change Service Acces per user Change User Passcode by General User Folder Service Setting Create Folder Change User Passcode by System Administrator Stored File Setting Using Control Panel Authentication Security Settings gt Authentication gt Create View User Accounts gt Account Number User Details Setup gt Change Passcode System Settings gt Folder Service Setting System Settings gt Stored File Setting Setup Menu gt Create Folder Authentication Security Settings gt Authentication gt Create View User Accounts Using Xerox CentreWare Internet Services General Setup gt Job Management gt Job Deletion Security gt Audit Log Security gt Authentication Configuration gt Next Account Number gt Edit Scan Tab gt Folder gt Create Security gt Authentication Configuration gt Next gt Account Number gt Edit Default All User Off 62 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide
51. ntry Using Control Panel System Settings gt Common Service Settings gt Machine Clock Timers Using Xerox CentreWare Internet Services Default Authentication Security gt Off from Control Panel Authentication gt Passcode Policy gt Passcode Entry from Control Panel Change the System Authentication Security Settings gt Security gt System Administrator System Administrator Settings gt System Administrator Settings Passcode Administrator s Passcode Set Maximum Authentication Security Settings gt Security gt System 5 Login Attempts Authentication gt Maximum Login Administrator Settings Attempts By System Administrator Set Service Rep System Settings gt Common Service Security gt Service Off Restricted Settings gt Other Settings gt Service Rep Representative Operation Restricted Operation Restricted Operation Set Overwrite Hard Authentication Security Settings gt On Disk Overwrite Hard Disk Set Scheduled Authentication Security Settings gt Security gt On Demand Off Image Overwrite Overwrite Hard Disk gt Scheduled Image Overwrite gt Scheduled Overwrite Run Image Authentication Security Settings gt Security gt On Demand Overwrite Overwrite Hard Disk gt Run Image Overwrite gt Manual Overwrite Set Data System Settings gt Common Service On Encryption Settings gt Other Settings gt
52. oes not ensure the validity of the LDAP server Cause LDAP server SSL authentication error The server name does not match the certificate Remedy Set the same LDAP server address to the machine and to the SSL certificate of the LDAP server You can clear this error by selecting Disabled for LDAP SSL TLS Communication under SSL TLS Settings on the machine however note that selecting this option does not ensure the validity of the LDAP server Cause LDAP server SSL authentication error This is an SSL authentication internal error Remedy An error occurred in the software Contact our Customer Support Center Cause Kerberos server authentication protocol error Remedy The time difference between the machine and the Kerberos server exceeded the clock skew limit value set on the Kerberos server Check whether the clocks on the machine and Kerberos server are correctly set Also check whether the summer time and the time zone are correctly set on the machine and Kerberos server Cause Kerberos server authentication protocol error Remedy The domain set on the machine does not exist on the Kerberos server or the Kerberos server address set on the machine is invalid for connection Check whether the domain name and the server address have been correctly set on the machine For connection to Windows 2003 Server or Windows 2008 Server specify the domain name in uppercase Cause Kerberos server authentication proto
53. operties screen Click Protocols Click FreeFlow Uncheck the Freeflow Port Status Click Apply m Gv d N o Set WebDAV Note When Remote Authentication is used follow the procedure below to set WebDAV to Disabled Click Connectivity on the Properties screen Click Port Setting Uncheck the Enabled box for WebDAV Click Apply B e qol Set Receive E mail Click Connectivity on the Properties screen Click Port Setting Uncheck the Receive E mail box Click Apply opes CE ut Set IPP Click Connectivity on the Properties screen Click Port Setting Check the Enabled box for IPP Click Apply Eur ae c 18 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Set LDAP Server Click Connectivity on the Properties screen Click Protocols Click LDAP Select LDAP Server On each menu set the LDAP server information Click Apply SE fh o Note You can configure the settings of the administrator group on the machine so that the members of that group have the System Administrator authority to access to the machine In the System Administrator Access Group boxes enter a name for the group Entries should be in base DN format for instance cn admin cn users dc xerox dc com You can also restrict the use of the Copy Scan Print and other features by entering a name for the group in Service Access Group boxe
54. ress or the Internet address as follows In the following example the port number is 80 URL http vvv xxx yyy zzz 80 IPv4 http xxx xxx xxx xxx 80 IPv6 http XXXX2000 XXXX2000 XXXX2000 XXXx xxxx 80 The home page of Xerox CentreWare Internet Services is displayed Note When the Authentication feature is enabled you are required to enter your user ID and your password You need to enter your user ID and your password to access Xerox CentreWare Internet Services to configure and use the security functions of the machine Note When your access to Xerox CentreWare Internet Services is encrypted enter https followed by the IP address or the Internet address instead of http 44 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Print This section describes how to specify printing and paper parameters enter accounting information and select the delivery method for your print job Follow the steps below to select the features available on the Print tab 1 Click Print on the Main Panel of the home page 2 The Job Submission page is displayed 3 Job Submission allows you to print the files stored in your computer Specify the following settings and click Start to submit the job Setting items Print Quantity Enter the number of sets to print You can enter a number between 1 and 999 Collated Specify whether to
55. s Set Kerberos Server Click Security on the Properties screen Click Remote Authentication Servers Select Kerberos Server On each menu set the Kerberos server information Click Apply le A A Note When a Kerberos server is used as a remote authentication server you can configure the settings of the administrator group on the machine by setting the System Administrator Access Group on the LDAP server Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 19 Set SSL TSL O po Aa ee NS 10 11 Click Security on the Properties screen Click Machine Digital Certificate Management Click Create New Self Signed Certificate Select Self Signed Certificate and Click the Continue Set the size of the Public Key as necessary Set Issuer as necessary Click Apply Click SSL TLS Settings Select the Enabled check box for HTTP SSL TLS Communication and LDAP SSL TLS Communication Click Apply Click Reboot Machine Note For secure operation check the Enabled box for Verify Remote Server Certificate and import the CA certificate according to the same procedure as that in Configuring Machine Certificates If SMTP server has SSL TLS function and if you want to use secure e mail configure SMTP SSL TLS Communication Configuring Machine Certificates ee gt S 20 Click Security on the Properties screen Click Machine Digital
56. s to store files within the range from 1 to 14 days and enter the time when files are to be deleted using the scroll buttons or the numeric keypad Stored Job Expiration Date Specifies the retention period for a stored file Selecting On allows you to specify a retention period within the range from 4 to 23 hours in 1 hour increments Note If the machine is turned off before the specified period of time elapses the stored file will be deleted when the machine is turned back on Print Order for All Selected Files Specifies the print order for a stored file from the following menu e Date amp Time Oldest File e Date amp Time Newest File e File Name Ascending e File Name Descending Create Folder This feature allows users to create Folder for saving confidential scanned files Scanned files in Folder can be imported to computers 1 Select Create Folder on the Setup Menu screen Select a Folder number to create a new Folder Select Create Delete Select Off for Check Folder Passcode Change the required settings Select Close Qv p Es ee ONJ Note By selecting Delete Folder you can delete all files in the Folder and all job flow sheets created through the Folder Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 39 Folder Name Specifies the Folder name Enter a name up to 20 characters to be assigned to the Folder Delete Files after Retrieval Specifies whether to
57. section explains error codes If a printing job ends abnormally due to an error or a malfunction occurs in the machine an error message code is displayed Refer to error coded in the following table to rectify problems Important If an error code is displayed any print data remaining on the machine and information stored in the machine s memory are not warranted If an error code that is not listed in the following table is displayed or if an error persists after you follow the listed solution contact our Customer Support Center The contact number is printed on the label or the card attached on the machine Error Code Cause and Remedy 16 210 Cause An error occurred in the software 016 211 Remedy Switch off the machine power make sure that the touch screen is blank and 016 212 then switch on the machine power If the error still is not resolved contact our Customer 016 213 Support Center 016 214 016 215 016 402 Cause The authentication connection timed out Remedy Confirm the network connection and switch setting of the authentication device physically connected to the machine via a network and check whether it is connected to the machine correctly 016 403 Cause The root certificate did not match Remedy Confirm the authentication server and store the root certificate of the server certificate of the authentication server into the machine If you cannot acquire the root certificate of the serv
58. shared Folder Shared is displayed Allows you to set whether to automatically delete files after they are printed Note Retrieved files are not deleted Allows you to set whether to automatically delete files when they reach the specified expiration dates Displays the number of files stored in the Folder Select the display order of job flow sheets to be displayed in the Job Flow Sheet List page Folder Setup The following table shows the setting items available on the Folder Setup page Folder Folder Number Displays the number of the selected Folder Folder Name Enter the name of the Folder Folder Passcode Enter a new passcode with up to 20 characters Leave the text box blank if you do not set a passcode Retype Passcode Re type the passcode for verification Check Folder Allows you to select whether and when the passcode for Passcode the Folder is required Delete Files Allows you to set whether to automatically delete files after Print or Retrieve after they are printed Note Retrieved files are not deleted Delete Expired Allows you to set whether to automatically delete files Files when they reach the specified expiration dates 48 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Import the files The following describes methods for importing files that are stored on the machine s Folder Select Folder Number or Folder List of Files on the Folder page
59. splay File Y Delete File Y Store File Y Print File Y JobFlow Display Y Sheet Te Auto Run Y Manual Run Y Y Operation available Operation not available Note When job flow sheets not available for operation depending on changes made to the authentication status are linked to a Folder you can still use them except for changing copying them If you remove the link the job flow sheets will no longer be displayed and will be disabled 34 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Operation Using Control Panel This section describes the operation using control panel to use security features for System Administrator and authenticated users User Authentication Before using all services and configuring settings a user must be authenticated with an ID and a passcode 1 Press the lt Log In Out gt button on the control panel 2 Enter the User ID from keypad 3 Select Next Input on the touch screen 4 Enter the Passcode from keyboard 5 Select Enter on the touch screen All features on the control panel become available Important When another user interrupts and uses the machine by using the interrupt mode the user needs to logout before canceling the interrupt mode Example User A is authenticated gt interrupt mode gt User B login gt job complete gt User B logout gt cancel the interrupt mode Note Before entering the user ID and the
60. t correctly follow the above setting instructions The Information Flow Security feature requires no special settings by System Administrator When you set Data Encryption On again enter an encryption key of 12 characters Data Restoration The enciphered data cannot be restored in the following conditions e When a problem occurs in the hard disk e Without the correct encryption key e Without the correct System Administrator ID and passcode when setting Service Rep Restricted Operation to On Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide Starting Use of the Data Encryption Feature and Changing the Settings When data encryption is started or ended or when the encryption key is changed the machine must be restarted The corresponding recording area the Hard Disk is reformatted when restarting In this case the previous data is not guaranteed The recording area stores the following data e Spooled print data e Print data including the secure print and sample print e Forms for the form overlay feature e Folder and job flow sheet settings Folder name passcode etc e Files in Folder e Address book data Important Be sure to save all necessary settings and files before starting to use the data encryption feature or changing the settings An error occurs if the connected hard disk does not match the encryption settings Use of the Overwrite Hard Disk In order to prote
61. tion Supplementary Guide Stored File Settings creiere ne ERE en en 39 Create FOGG adire REREHFEHUDORUHISHRPIDURN HUNTUTERRONNI ORWIOUEN NINGUNA 39 o cies bui MAS HUC NUES SR euere 40 Private Charge Pin zer 41 Operation Using Xerox CentreWare Internet Services 43 Accessing Xerox CentreWare Internet Services anne 43 ERR 45 Scan Folder Operation wceecceccsssssescssssseeccsssseecsssssseccssssssecesssnsccesssssesesssusecsesssueeseessnecsessneeeseessees 45 Fale MB eoHg c A 47 EC IFC Cle PN TT 48 Folder Setup ep 48 ImportitheTil S iiss 49 Printing Job Dela ee 49 Change User Passcode by System Administrator Using Xerox CentreWare Internet Serie OOO OACI OO o Un eases cea 49 PRI SO i nd i Gd rios 51 Fail Clearance Pro CS Ulead 51 FALCO aa 52 Securty O AS dc 59 BODIE Lote c EE M Mat cd EE 60 Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide iii Before Using the Security Function This section describes the certified security functions and the items to be confirmed Preface This guide is intended for the manager and system administrator of the organization where the machine is installed and describes the setup procedures related to security For general users this guide describes the operations related to security features For information on the other features available for the machine refer to your User Guid
62. type of user must enter his her user ID on the authentication screen This type of user has the same privileges as those of the Machine Administrator in operating the machine except the following e Operating Folder and job flow sheets e Changing the passcode of the Machine Administrator Authenticated Users with No System Administrator Privileges These are users who are registered on the machine or the remote server and to whom System Administrator privileges are not granted When a restricted service is used this type of user must enter his her user 1D on the authentication screen Unauthenticated Users These are users who are not registered with the machine An Unauthenticated User cannot use services that are restricted Local Machine Authentication Login to Local Accounts Local machine authentication uses the user information that is registered on the machine to manage authentication The print data that are sent from a computer can be received on the machine after a user is authenticated by the cross checking of the authentication information that is pre configured on a client s driver with the registered authentication information on the machine For more information on the configuring of a driver refer to the online help provided for the driver Remote Authentication Login to Remote Accounts Remote authentication uses a remote authentication server LDAP or Kerberos Server and authenticates users based
63. ue to unsuccessful login to the FTP server Remedy Check if the login name user name and password are correct 016 579 Cause The machine failed to transfer data using FTP of the Scan to PC feature because the scanned image could not be saved in the FTP server after connection Remedy Check if the FTP server s save location is correct 016 580 Cause The machine failed to transfer data using FTP of the Scan to PC feature because the file or folder name on the FTP server could not be retrieved after connection Remedy Check the access privilege to the FTP server 016 581 Cause The machine failed to transfer data using FTP of the Scan to PC feature because the suffix of the file or folder name exceeded the limit after connection Remedy Change the file name or change the destination folder on the FTP server Or move or delete files from the destination folder 016 582 Cause The machine failed to transfer data using FTP of the Scan to PC feature because file creation was not successful on the FTP server after connection Remedy Take one of the following actions Check if the specified file name can be used in the save location Check if enough space is available in the save location 016 583 Cause The machine failed to transfer data using FTP of the Scan to PC feature because lock folder creation was not successful on the FTP server after connection Remedy Take one of the following actions If any
64. us Xerox Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 2012 Xerox Corporation All rights reserved Xerox Xerox and Design CentreWare and FreeFlow are trademarks of Xerox Corporation in the United States and or other countries Microsoft and Windows and registered trademarks of Microsoft Corporation BR3663 Table of Contents TADE Ro cpt AMA i Before Using the Security Fund aaa 1 PIE IE O RECO Te IATER 1 Security FEOS ccsscscssszzscssszsessssscesssszesssesenssgcenststecsaetecstsietsaetetsaatetesatatenaintenaietetaaeceamatetaaetatetitanetettes 2 Settings for the Secure Operation cscsssessccssssessesssssesessssssesssssssesesssssessesssssesecssssuesessssneseesseseeses 3 Data Restonatio N erise ee 3 Starting Use of the Data Encryption Feature and Changing the Settings 4 Lise or the Overwrite Hard DIS osos ten Neb toten ates beh ee Un a b si 4 Service Representative Restricted Operation e eeeeeetttenntettes 5 For Optimal Performance of the Security Features sees 5 Confirm the Machine ROM Version and the System Clock 7 How to Check by Control Panel cccssscsssssseeccssssseesssssssssssssnsecsssssnsecssssnsecsesssseecsessneeessees 7 How to Check by Print Report sescssssssccsssssescsssssesecsssssesssssssescessasssssssssnescessssesessssnesessees 7 How to Check the System Clock e eesesstteeennttttttnnnctttnnnn 7 Initial
65. ver If any lock directory LCK exists in the forwarding destination delete it manually then retry executing the job Cause The machine failed to transfer data using FTP of the Scan to PC feature because folder deletion was not successful on the FTP server after connection Remedy Check the access privilege to the FTP server Cause The machine failed to transfer data using FTP of the Scan to PC feature because the data could not be written in the FTP server after connection Remedy Check if enough space is available in the save location Cause The machine failed to transfer data using FTP of the Scan to PC feature because the data could not be read from the FTP server after connection Remedy Check the access privilege to the FTP server Cause The machine failed to transfer data using FTP of the Scan to PC feature because an internal error occurred after connection to the FTP server Remedy Try again If the error persists contact our Customer Support Center Cause The machine failed to transfer data using FTP of the Scan to PC feature because a network error occurred Remedy Try again If the error persists contact our Customer Support Center Cause The machine received e mail which specified an invalid folder number Remedy For errors occurring during e mail reception Take one of the following measures Register the specified folder number and request the sender to send the e mail again
66. w Encryption Key 8 Enter a new encryption key of 12 characters by using the keyboard displayed and then select Save 9 Select Re enter the Encryption Key 10 Enter the same passcode and then select Save Xerox D95 D110 D125 Copier Printer Security Function Supplementary Guide 11 11 12 13 Select Save Select Yes to apply the change Select Yes to reboot Set Authentication Ee INS a pd oN o Select Authentication Security Settings on the Tools screen Select Authentication Select Login Typel On the Login Type screen select Login to Local Accounts or Login to Remote Accounts Select Save When Login to Remote Accounts is selected in step 4 proceed to steps 6 to 12 Select System Settings on the Tools screen Select Connectivity amp Network Setup Select Remote Authentication Server Setting Select Authentication System Setup Select Authentication System 11 12 13 14 Select Change Settings On the Authentication System screen select LDAP or Kerberos Select Save To exit the Remote Authentication Server Setting screen select Close Set Access Control DP Sce e cm 2g wo 11 Select Authentication Security Settings on the Tools screen Select Authentication Select Access Control Select Device Access On the Device Access screen select Locked for Service Pathway Job Status Pathway and
Download Pdf Manuals
Related Search