Ricoh Aficio mp w3601 User manual

Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety

Information in "About This Machine" before using the machine.

Getting Started

Configuring Administrator Authentication

Configuring User Authentication

Protecting Data from Information Leaks

Securing Information Sent over the Network or Stored on Hard Disk

Managing Access to the Machine

Enhanced Network Security

Specifying the Extended Security Functions

Troubleshooting

Appendix

Security Reference

Operating Instructions

TABLE OF CONTENTS

Manuals for This Machine.................................................................................................................................7

Notice..................................................................................................................................................................9

Important.........................................................................................................................................................9

How to Read This Manual...............................................................................................................................10

Symbols........................................................................................................................................................10

IP Address.....................................................................................................................................................10

Notes............................................................................................................................................................10

1. Getting Started

Before Using the Security Functions................................................................................................................11

Setting up the Machine....................................................................................................................................12

Enhanced Security............................................................................................................................................15

Glossary............................................................................................................................................................16

Security Measures Provided by this Machine................................................................................................18

Using Authentication and Managing Users...............................................................................................18

Ensuring Information Security.....................................................................................................................18

Limiting and Controlling Access..................................................................................................................20

Enhancing Network Security......................................................................................................................20

2. Configuring Administrator Authentication

Administrators...................................................................................................................................................23

User Administrator.......................................................................................................................................23

Machine Administrator................................................................................................................................24

Network Administrator................................................................................................................................24

File Administrator.........................................................................................................................................24

Supervisor.....................................................................................................................................................24

About Administrator Authentication................................................................................................................25

Enabling Administrator Authentication...........................................................................................................27

Specifying Administrator Privileges............................................................................................................27

Registering the Administrator......................................................................................................................30

Logging in Using Administrator Authentication.........................................................................................33

Logging out Using Administrator Authentication.......................................................................................34

Changing the Administrator........................................................................................................................34

Using Web Image Monitor to Configure Administrator Authentication..................................................35

Specifying Administrative Settings Using Web Printing Tool....................................................................35

3. Configuring User Authentication

Users..................................................................................................................................................................37

About User Authentication...............................................................................................................................38

Configuring User Authentication.....................................................................................................................39

Enabling User Authentication..........................................................................................................................40

User Code Authentication...............................................................................................................................41

Specifying User Code Authentication........................................................................................................41

Basic Authentication.........................................................................................................................................45

Specifying Basic Authentication..................................................................................................................45

Authentication Information Stored in the Address Book...........................................................................47

Specifying Login User Names and Passwords..........................................................................................48

Specifying Login Details..............................................................................................................................50

Windows Authentication.................................................................................................................................52

Specifying Windows Authentication..........................................................................................................53

Installing Internet Information Services (IIS) and Certificate Services......................................................61

Creating the Server Certificate...................................................................................................................62

Installing the Device Certificate (Issued by a Certificate Authority).........................................................62

LDAP Authentication.........................................................................................................................................64

Specifying LDAP Authentication.................................................................................................................65

Integration Server Authentication....................................................................................................................72

Specifying Integration Server Authentication............................................................................................72

Printer Job Authentication................................................................................................................................79

If User Authentication is Specified..................................................................................................................81

If User Code Authentication is Specified....................................................................................................81

If Basic, Windows, LDAP or Integration Server Authentication is Specified...........................................82

Logging in Using Web Image Monitor......................................................................................................83

Logging out Using Web Image Monitor....................................................................................................83

User Lockout Function..................................................................................................................................83

Auto Logout..................................................................................................................................................86

Authentication Using an External Device.......................................................................................................88

4. Protecting Data from Information Leaks

Printing a Confidential Document...................................................................................................................89

Specifying Locked Print File.........................................................................................................................89

Printing a Locked Print File...........................................................................................................................90

Deleting Locked Print Files...........................................................................................................................91

Changing the Password of a Locked Print File...........................................................................................92

Unlocking a Locked Print File......................................................................................................................93

Configuring Access Permissions for Stored Files............................................................................................95

Specifying User and Access Permissions for Stored Files.........................................................................96

Changing the Owner of a Document.........................................................................................................99

Specifying Access Permissions for Files Stored Using the Scanner Function..........................................99

Specifying User and Access Permissions for Files Stored by a Particular User....................................103

Specifying Passwords for Stored Files.....................................................................................................104

Unlocking Files...........................................................................................................................................105

5. Securing Information Sent over the Network or Stored on Hard Disk

Preventing Information Leakage Due to Unauthorized Transmission........................................................107

Restricting Destinations..............................................................................................................................107

Using S/MIME to Protect E-mail Transmission............................................................................................109

E-mail Encryption.......................................................................................................................................109

Attaching an Electronic Signature............................................................................................................111

Protecting the Address Book.........................................................................................................................117

Configuring Address Book Access Permissions......................................................................................117

Encrypting Data in the Address Book......................................................................................................118

Encrypting Data on the Hard Disk................................................................................................................121

Enabling the Encryption Settings..............................................................................................................121

Printing the Encryption Key.......................................................................................................................123

Updating the Encryption Key....................................................................................................................124

Canceling Data Encryption......................................................................................................................126

Deleting Data on the Hard Disk....................................................................................................................127

Conditions for Use.....................................................................................................................................127

Auto Erase Memory..................................................................................................................................128

Erase All Memory......................................................................................................................................132

6. Managing Access to the Machine

Preventing Changes to Machine Settings....................................................................................................137

Menu Protect..................................................................................................................................................139

Enabling Menu Protect..............................................................................................................................139

Disabling Menu Protect.............................................................................................................................139

Specifying Menu Protect...........................................................................................................................139

Limiting Available Functions..........................................................................................................................143

Specifying Which Functions are Available.............................................................................................143

Managing Log Files.......................................................................................................................................145

Using the Control Panel to Specify Log File Settings..............................................................................145

Using Remote Communication Gate S to Manage Log Files................................................................147

Using Web Image Monitor to Manage Log Files...................................................................................147

Logs That Can Be Managed Using Web Image Monitor......................................................................155

7. Enhanced Network Security

Preventing Unauthorized Access..................................................................................................................171

Access Control...........................................................................................................................................171

Enabling and Disabling Protocols............................................................................................................172

Specifying Network Security Level..........................................................................................................179

Encrypting Transmitted Passwords...............................................................................................................183

Specifying a Driver Encryption Key.........................................................................................................183

Specifying an IPP Authentication Password............................................................................................184

Protection Using Encryption..........................................................................................................................186

SSL (Secure Sockets Layer) Encryption....................................................................................................186

User Settings for SSL (Secure Sockets Layer)..........................................................................................191

Setting the SSL/TLS Encryption Mode.....................................................................................................191

SNMPv3 Encryption.................................................................................................................................193

Transmission Using IPsec...............................................................................................................................195

Encryption and Authentication by IPsec..................................................................................................195

Encryption Key Auto Exchange Settings and Encryption Key Manual Settings...................................196

IPsec Settings.............................................................................................................................................197

Encryption Key Auto Exchange Settings Configuration Flow................................................................205

Encryption Key Manual Settings Configuration Flow.............................................................................210

telnet Setting Commands..........................................................................................................................211

Authentication by telnet.................................................................................................................................219

"authfree" Command.................................................................................................................................219

Authentication by IEEE802.1X.....................................................................................................................220

8. Specifying the Extended Security Functions

Specifying the Extended Security Functions................................................................................................221

Changing the Extended Security Functions.............................................................................................221

Extended Security Settings........................................................................................................................222

Other Security Functions...............................................................................................................................226

Scanner Function.......................................................................................................................................226

System Status.............................................................................................................................................226

Limiting Machine Operations to Customers Only.......................................................................................227

Settings.......................................................................................................................................................227

Additional Information for Enhanced Security............................................................................................230

Settings You Can Configure Using the Control Panel............................................................................230

Settings You Can Configure Using Web Image Monitor.......................................................................232

Settings You Can Configure When IPsec Is Available/Unavailable....................................................234

9. Troubleshooting

If Authentication Fails.....................................................................................................................................237

If a Message is Displayed........................................................................................................................237

If an Error Code is Displayed...................................................................................................................239

If the Machine Cannot Be Operated.......................................................................................................255

10. Appendix

Supervisor Operations..................................................................................................................................261

Logging in as the Supervisor....................................................................................................................261

Logging out as the Supervisor..................................................................................................................262

Changing the Supervisor..........................................................................................................................262

Resetting the Administrator's Password....................................................................................................263

User Administrator Settings...........................................................................................................................265

System Settings..........................................................................................................................................265

Extended Feature Settings........................................................................................................................266

Settings via Web Image Monitor.............................................................................................................266

Machine Administrator Settings....................................................................................................................267

System Settings..........................................................................................................................................267

Copier / Document Server Features.......................................................................................................269

Printer Features..........................................................................................................................................269

Scanner Features.......................................................................................................................................270

Extended Feature Settings........................................................................................................................271

Settings via Web Image Monitor.............................................................................................................271

Network Administrator Settings....................................................................................................................275

System Settings..........................................................................................................................................275

Scanner Features.......................................................................................................................................276

Extended Feature Settings........................................................................................................................276

Settings via Web Image Monitor.............................................................................................................276

File Administrator Settings.............................................................................................................................279

System Settings..........................................................................................................................................279

Printer Features..........................................................................................................................................279

Extended Feature Settings........................................................................................................................280

Settings via Web Image Monitor.............................................................................................................280

Document Server File Permissions................................................................................................................281

The Privilege for User Account Settings in the Address Book.....................................................................283

User Settings - Control Panel Settings..........................................................................................................286

System Settings...............................................................................................................................................287

Copier / Document Server Features............................................................................................................294

Printer Functions.............................................................................................................................................298

Printer Features...............................................................................................................................................299

Scanner Features...........................................................................................................................................302

User Settings - Web Image Monitor Settings..............................................................................................304

Device Settings...............................................................................................................................................305

Printer..............................................................................................................................................................311

Scanner...........................................................................................................................................................314

Interface..........................................................................................................................................................316

Network..........................................................................................................................................................318

Webpage.......................................................................................................................................................322

Trademarks.....................................................................................................................................................323

INDEX...........................................................................................................................................................325

Manuals for This Machine

Read this manual carefully before you use this machine.

Refer to the manuals that are relevant to what you want to do with the machine.

• Media differ according to manual.

• The printed and electronic versions of a manual have the same contents.

•Adobe Acrobat Reader/Adobe Reader must be installed in order to view the manuals as PDF files.

• A Web browser must be installed in order to view the html manuals.

• For enhanced security, we recommend that you first make the following settings. For details, see

"Setting up the Machine".

• Install the Device Certificate.

• Enable SSL (Secure Sockets Layer) Encryption.

• Change the user name and password of the administrator using Web Image Monitor.

About This Machine

Before using the machine, be sure to read the section of this manual entitled Safety Information.

This manual introduces the machine's various functions. It also explains the control panel, preparation

procedures for using the machine, how to enter text, how to install the CD-ROMs provided, and how

to replace paper, toner, and other consumables.

Troubleshooting

Provides a guide for resolving common usage-related problems.

Copy and Document Server Reference

Explains Copier and Document Server functions and operations. Also refer to this manual for

explanations on how to place originals.

Printer Reference

Explains Printer functions and operations.

Scanner Reference

Explains Scanner functions and operations.

Network and System Settings Reference

Explains how to connect the machine to a network, configure and operate the machine in a network

environment, and use the software provided. Also explains how to change User Tools settings and

how to register information in the Address Book.

Security Reference

This manual is for administrators of the machine. It explains security functions that you can use to

prevent unauthorized use of the machine, data tampering, or information leakage. Be sure to read

this manual when setting the enhanced security functions, or user and administrator authentication.

VM Card Extended Feature Settings Device Reference

Explains how to set up the extended features settings with the machine.

VM Card Extended Feature Settings Web Reference

Explains how to set up the extended features settings using Web Image Monitor.

Other manuals

• Unix Supplement

• Quick Reference Copy Guide

• Quick Reference Printer Guide

• Quick Reference Scanner Guide

• Manuals provided are specific to machine types.

• For "UNIX Supplement", please visit our Web site or consult an authorized dealer. This manual

includes descriptions of functions and settings that might not be available on this machine.

•The following software products are referred to using general names:

Product name General name

DeskTopBinder Lite and DeskTopBinder

Professional *1DeskTopBinder

ScanRouter EX Professional *1 and ScanRouter EX

Enterprise *1the ScanRouter delivery software

Remote Communication Gate S Pro for @Remote

Enterprise *1 and Remote Communication Gate S

Remote Communication Gate S

*1 Optional

Notice

Important

In no event will the company be liable for direct, indirect, special, incidental, or consequential damages

as a result of handling or operating the machine.

For good copy quality, the manufacturer recommends that you use genuine toner from the manufacturer.

The manufacturer shall not be responsible for any damage or expense that might result from the use of

parts other than genuine parts from the manufacturer with your office products.

How to Read This Manual

Symbols

This manual uses the following symbols:

Indicates points to pay attention to when using the machine, and explanations of likely causes of paper

misfeeds, damage to originals, or loss of data. Be sure to read these explanations.

Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.

This symbol is located at the end of sections. It indicates where you can find further relevant information.

[ ]

Indicates the names of keys on the machine's display or control panels.

IP Address

In this manual, "IP address" covers both IPv4 and IPv6 environments. Read the instructions that are relevant

to the environment you are using.

Notes

Contents of this manual are subject to change without prior notice.

Some illustrations in this manual might be slightly different from the machine.

Certain options might not be available in some countries. For details, please contact your local dealer.

Depending on which country you are in, certain units may be optional. For details, please contact your

local dealer.

1. Getting Started

This chapter describes the machine's security features and how to specify initial security settings.

Before Using the Security Functions

• If the security settings are not configured, the data in the machine is vulnerable to attack.

1. To prevent this machine being stolen or willfully damaged, etc., install it in a secure location.

2. Purchasers of this machine must make sure that people who use it do so appropriately, in accordance

with operations determined by the machine administrator and supervisor. If the administrator or

supervisor does not make the required security settings, there is a risk of security breaches by users.

3. Before setting this machine's security features and to ensure appropriate operation by users,

administrators must read the Security Reference completely and thoroughly, paying particular

attention to the section entitled "Before Using the Security Functions".

4. Administrators must inform users regarding proper usage of the security functions.

5. Administrators should routinely examine the machine's logs to check for irregular and unusual events.

6. If this machine is connected to a network, its environment must be protected by a firewall or similar.

7. For protection of data during the communication stage, apply the machine's communication security

functions and connect it to devices that support security functions such as encrypted communication.

Setting up the Machine

This section explains how to enable encryption of transmitted data and configure the administrator account.

If you want a high level of security, make the following setting before using the machine.

Enabling security

1. Turn the machine on.

2. Press the [User Tools/Counter] key.

CAU012S

3. Press [System Settings].

4. Press [Interface Settings].

1. Getting Started

5. Specify IPv4 Address.

For details on how to specify the IPv4 address, see "Interface Settings", Network and System

Settings Reference.

6. Be sure to connect this machine to a network that only administrators can access.

7. Start Web Image Monitor, and then log in to the machine as the administrator.

For details about logging in to Web Image Monitor as an administrator, see "Using Web Image

Monitor to Configure Administrator Authentication".

8. On the Configuration screen, click [E-mail] under "Device Setting", and then specify the

administrator address in "Administrator E-mail Address".

9. Install the device certificate.

For information on how to install the device certificate, see "Protection Using Encryption".

The settings for device certificate creation can be configured only if an administrator e-mail

address is specified.

10. Enable secure sockets layer (SSL).

For details about enabling SSL, see "Protection Using Encryption".

11. Change the administrator's user name and password.

For details about specifying administrators' user names and passwords, see "Registering the

Administrator".

To enable higher security, proceed to step 2 in the following "Enabling enhanced security".

12. Press [OK] twice.

You will be automatically logged out.

13. Press the [User Tools/Counter] key.

Enabling enhanced security

1. Configure the security settings for the machine by following steps 1 to 11 in the previous

section, "Enabling security".

2. To use only the ports that have high security, set [Network Security Level] to [Level 2].

If [Network Security Level] is set to [Level 2], some functions will be unavailable.

For details, see "Specifying Network Security Level" and "Enabling and Disabling Protocols".

3. In Web Image Monitor, log in to the machine as the network administrator and set

[FTP], which has weak security, to [Inactive] and also set [SNMPv3 Function] to

[Inactive].

For details about the functions that will be unavailable if "FTP" and "SNMPv3" are set to [Inactive],

see "Enabling and Disabling Protocols".

4. Press the [User Tools/Counter] key on the control panel.

5. Press [System Settings].

Setting up the Machine

6. Press [Administrator Tools].

7. Press [Extended Security].

8. If you are not using [@Remote Service], set [@Remote Service] to [Prohibit].

For details about "Update Firmware", see the following "Firmware Update Cautions".

9. Press [OK].

10. Press the [User Tools/Counter] key.

11. Disconnect this machine from the administrator-only access network, and then connect

it to the general usage network environment.

Firmware Update Cautions

If IPsec is enabled, all information on the network will be encrypted. This allows you to perform

firmware updates securely.

If IPsec is not enabled, the information on the network may not be encrypted depending on the

protocol. If you want to perform a firmware update when IPsec is not enabled, be sure to do so only

if your network environment is protected against electronic eavesdropping and similar security threats.

• p.35 "Using Web Image Monitor to Configure Administrator Authentication"

• p.186 "Protection Using Encryption"

•p.30 "Registering the Administrator"

• p.179 "Specifying Network Security Level"

• p.172 "Enabling and Disabling Protocols"

1. Getting Started

Enhanced Security

This machine's security functions can be enhanced by managing the machine and its users using the

improved authentication functions.

By specifying access limits for the machine's functions and the documents and data stored in the machine,

information leaks and unauthorized access can be prevented.

Data encryption also prevents unauthorized data access and tampering via the network.

The machine also automatically checks the configuration and manufacturer of the firmware each time the

main power is switched on and whenever firmware is installed.

Authentication and Access Limits

Using authentication, administrators manage the machine and its users. To enable authentication,

information about both administrators and users must be registered in order to authenticate users via

their login user names and passwords.

Four types of administrators manage specific areas of machine usage, such as settings and user

registration.

Access limits for each user are specified by the administrator responsible for user access to machine

functions and documents and data stored in the machine.

For details about the administrator, see "Administrators".

For details about the user, see "Users".

Encryption Technology

This machine can establish secure communication paths by encrypting transmitted data and

passwords.

• p.23 "Administrators"

• p.37 "Users"

Enhanced Security

Glossary

Administrator

There are four types of administrators according to administrative function: machine administrator,

network administrator, file administrator, and user administrator. We recommend a different person

for each administrator role.

In this way, you can spread the workload and limit unauthorized operation by a single administrator.

Basically, administrators make machine settings and manage the machine; but they cannot perform

normal operations, such as copying and printing.

Supervisor

The supervisor can reset an administrator's password. This is required if an administrator's password

is lost or revealed, or if an administrator is changed.

The supervisor can neither perform normal operations nor specify default settings.

User

A user performs normal operations on the machine, such as copying and printing.

File Creator (Owner)

This is a user who can store files in the machine and authorize other users to view, edit, or delete those

files.

Registered User

Users with personal information registered in the Address Book who have a login password and user

name.

Administrator Authentication

Administrators are authenticated by their login user name and login password, supplied by the

administrator, when specifying the machine's settings or accessing the machine over the network.

User Authentication

Users are authenticated by a login user name and login password, supplied by the user, when

specifying the machine's settings or accessing the machine over the network.

The user's login user name and password, as well as such personal information items as e-mail

address, are stored in the machine's address book. The personal information can be obtained from

the Windows domain controller (Windows authentication), LDAP Server (LDAP authentication), or

Integration Server (Integration Server authentication) connected to the machine via the network. The

"Integration Server" is the computer on which Authentication Manager is installed.

This action is required for administrator authentication and user authentication. Enter your login user

name and login password on the machine's control panel. A login user name and login password

may also be required when accessing the machine over the network or using such utilities as Web

Image Monitor.

1. Getting Started

Logout

This action is required with administrator and user authentication. This action is required when you

have finished using the machine or changing the settings.

Glossary

Security Measures Provided by this Machine

Using Authentication and Managing Users

Enabling Authentication

To control administrators' and users' access to the machine, perform administrator authentication and

user authentication using login user names and login passwords. To perform authentication, the

authentication function must be enabled. For details about authentication settings, see "Configuring

User Authentication".

Specifying Authentication Information to Log in

Users are managed using the personal information managed in the machine's Address Book.

By enabling user authentication, you can allow only people registered in the Address Book to use the

machine. Users can be managed in the Address Book by the user administrator. For information on

specifying information to log in, see "Basic Authentication".

Specifying Which Functions are Available

This can be specified by the user administrator. Specify the functions available to registered users. By

making this setting, you can limit the functions available to users. For information on how to specify

which functions are available, see "Limiting Available Functions".

• p.39 "Configuring User Authentication"

• p.45 "Basic Authentication"

•p.143 "Limiting Available Functions"

Ensuring Information Security

Printing Confidential files

Using the printer's Locked Print, you can store files in the machine as confidential files and then print

them. You can print a file using the machine's control panel and collect it on the spot to prevent others

from seeing it. For details about printing confidential files, see "Printing a Confidential Document".

Protecting Stored Files from Unauthorized Access

You can specify who is allowed to use and access scanned files and the files in Document Server.

You can prevent activities such as the printing of stored files by unauthorized users. For details about

protecting stored files from unauthorized access, see "Configuring Access Permissions for Stored Files".

Protecting Stored Files from Theft

You can specify who is allowed to use and access scanned files and the files in Document Server.

You can prevent activities such as the sending and downloading of stored files by unauthorized users.

1. Getting Started

Table of contents

Other Ricoh All In One Printer manuals

Popular All In One Printer manuals by other brands

Canon

Canon PIXMA MX522 Getting started

Canon

Canon IMAGERUNNER ADVANCE C5051 manual 

Toshiba

Toshiba E-STUDIO2822AF quick guide

Samsung

Samsung MultiXpress 6345N Compatibility guide

Epson

Epson WF-R8590 Start here

Sharp

Sharp AR-550 Operation manual

Samsung

Samsung SCX-6545N Series Service manual

Brother

Brother MFC-L5700DN reference guide

Toshiba

Toshiba GA-1200 Administration guide

Toshiba

Toshiba e-STUDIO163 Service handbook

Pantum

Pantum M9106 Series user guide

Utax

Utax CD 1030 Instruction handbook

Xerox

Xerox 3635MFP - Phaser B/W Laser Voluntary product accessibility template

Copystar

Copystar CS 6501i quick guide

Konica Minolta

Konica Minolta BizHub C352 Specification & installation guide

Epson

Epson EcoTank ET-8500 Series user guide

Xerox

Xerox VersaLink C505 user guide

Triumph Adler

Triumph Adler P-4035i user manual

Ricoh aficio MP W3601 User manual

Popular All In One Printer manuals by other brands