LEXMARK READINESS OVERVIEW

This document covers the printer pre-requisites to deploy Sentry Print Services to a Lexmark integrated printer. The list of supported Lexmark integrated printer models can be found on the Pharos website:  https://www.pharos.com/partners/lexmark/#supported-devices

Reset Factory Defaults

While this procedure is considered optional for most situations, it is highly recommended for printers that have been previously managed under alternate MPS solutions.  The reset procedure will remove any 3rd party software and custom configuration settings, returning the printer to a known good, clean state.

1. Select Settings > Device > Restore Factory Defaults.

2. Choose the “ Restore App Settings” option.

3. Click the “ Start” button.

4. Click the “ Start” button in the confirmation popup.

Update Device Firmware

While not required, it is good to ensure that the device’s firmware is at the most current version. Updated firmware can enable advanced security features (like TLS 1.2) or normalize previous issues in software that will ensure correct operations going forward. Instructions for checking, downloading, and installing new firmware for Lexmark devices is found on the Lexmark Support website.  

Enabling Authentication on Etask 5 and ETask6

1. Go to Settings > Security.

2. Under Local Accounts, click on Add user > User Name/Password.

3. Enter user information as shown below.

4. Check admin permission under Permission Groups as shown below.

5. Save changes. 

Minimum Public Access (required)

1. Go to Settings > Security > Manage Permissions.

2. Enable access for copy scan and other functions as shown below.                                                                                    

Enabling Authentication on Etask 3 and Etask 4

1. Navigate to the device's EWS page on your browser as shown below:

2. Click on the Settings option under menu.

3. Click on “Security” link on the Settings page.

4. Click on “Security” link on the Settings page.

5. On the “Security Setup” page: Select “UserId and Password” from the Authentication type dropdown.

6. Enter your UserId and password and click “Apply Basic Security Setup” button.

Configure TCP/IP

Setting the IP Address

The device can be set up for either manual or automatic (DHCP) IP addressing.

1. Go to Settings > Network/Ports > Ethernet.

2. Go to the “IPv4” section.

3. Either tick the box for “Enable DHCP” or click the link to “Set Static IP Address”.

4. Save the changes.

NOTE: If you use DHCP, either reserve the IP address configuration for the device or enable Device Scout for more aggressive discovery intervals to ensure that the correct IP address is available for the device in Beacon.

Setting Up DNS

Once it is secured, the Lexmark device talks to the Beacon components by fully-qualified DNS name. This means that the device must be configured properly for DNS.

1. Go to Settings > Network/Ports > TCP/IP.

2. Scroll to the “DNS Server Address” property and either enter or confirm that the proper primary DNS server is configured. If there are additional DNS servers that can be used to resolve network names, these can be stored in the “Backup DNS Server” properties.

3. Press the “Save” button to set the configuration.

Configure Date and Time

Correct dates and times are necessary when securing the device against Beacon, particularly if using “Active Directory” or “OpenID” authentication types. This ensures that the user can successfully authenticate and either print secured jobs or perform other device functions.

1. Go to Settings > Device > Preferences.

2. Click the “Date and Time” link.

3. If manually setting the date and time, click the button to set the current date and time. If you are using a time server, skip this step.

4. Choose the appropriate Date and Time formats and set the correct Time Zone for the printer.

5. If using a time server, tick the box to “Enable NTP.”

6. Enter an appropriate time server. If none are available for your network, the “ time.nist.gov ” server is publicly available.

7. Enable authentication, if needed, and supply the MD5 key information.

8. Save the configuration.

Configure the Web Proxy

In some networks, access to web services (even local instances) may require a web proxy. A web proxy is an intermediate service that intercepts HTTP requests by the client and processes them on their behalf. Proxies are typically used to secure intranets and limit the traffic sent to the Internet.

1. Go to Settings > Network/Ports > HTTP/FTP Settings.

2. In the “HTTP Proxy IP Address” field, type the IP address of the proxy server.

3. Any domains (usually local domains) that can be excluded from the proxy’s control can be put in the “Local Domains” text field.

4. Click the “Save” button.

Configuring TLS Settings

The device communicates with the Beacon components over HTTPS. HTTPS transmissions are controlled by ciphers. Ciphers are protocols that both encrypt and decrypt the communications between nodes on the network. Over time, some ciphers (and versions) have become vulnerable to hacking and so are no longer used. It is important that your devices are configured for the highest cipher available on the server (and, in converse, that the server be configured to accept the cipher supported by the device).

1. Go to Settings > Network/Ports > TCP/IP.

2. Scroll to near the bottom of the configuration page until you see options to enable TLS.

3. Enable the highest TLS version available on the device, disabling the others.

4. Depending on server configuration, it may be necessary to remove or add items to the “SSL Cipher List”.

5. Click the Save button.

How to Secure/Unsecure Lexmark devices: Pharos recommends that all Lexmark devices be deployed using Lexmark's DDU (Device Deployment Utility. However, it is required for Etask 3 and 4 models. Note: To be able to secure/unsecure devices using the Lexmark-DDU, the user needs to set the admin credentials on the device.

1. If you had an older version of the DDU, please delete it.

2. Create new folder named " ddu-installer" under "C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer" 

3. Download the latest version of the DDU from here:  Lexmark DDU.

4. Extract the folder and place it in the newly created folder( ddu-installer):  "C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer\ ddu-installer "                                             

   Note: Make sure the extracted files are directly under the \ddu-installer folder, there are no subfolders. Examples of how the file structure should look like:                                                                         

   C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer\ddu-installer\bin
   C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer\ddu-installer\config
   C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer\ddu-installer\docs
   C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer\ddu-installer\EULA

5. You can now secure devices from the Beacon UI.

Note: If you are only deploying to Etask 5 and 6, you may use the beacon UI alone. Simply adjust the Site service setting here:

1. Go to C:\Program Files (x86)\PharosSystems\Sentry Print Service\lexmark-installer

2. Edit the ProvisionerType setting in the  DeploymentSettings.xml file to  EWSProvisioner and restart the Site service.