Ricoh Pro C720s User manual
Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information
in "About This Machine" before using the machine.
8
Getting Started
Authentication and its Application
Ensuring Information Security
Managing Access to the Machine
Enhanced Network Security
Specifying the Extended Security Functions
Troubleshooting
Appendix
1
2
3
4
5
6
7
Security Reference
Operating Instructions
Pro C720s
Introduction
This manual contains detailed instructions and notes on the operation and use of this machine. For your safety and
benefit, read this manual carefully before using the machine. Keep this manual in a handy place for quick reference.
Important
Contents of this manual are subject to change without prior notice. In no event will the company be liable for direct,
indirect, special, incidental, or consequential damages as a result of handling or operating the machine.
Do not copy or print any item for which reproduction is prohibited by law.
Copying or printing the following items is generally prohibited by local law:
bank notes, revenue stamps, bonds, stock certificates, bank drafts, checks, passports, driver's licenses.
The preceding list is meant as a guide only and is not inclusive. We assume no responsibility for its completeness or
accuracy. If you have any questions concerning the legality of copying or printing certain items, consult with your
legal advisor.
Notes:
Some illustrations in this manual might be slightly different from the machine.
Certain options might not be available in some countries. For details, please contact your local dealer.
Depending on which country you are in, certain units may be optional. For details, please contact your local dealer.
Caution:
Use of controls or adjustments or performance of procedures other than those specified in this manual might result
in hazardous radiation exposure.
Manuals for This Machine
Refer to the manuals that are relevant to what you want to do with the machine.
• Media differ according to manual.
• The printed and electronic versions of a manual have the same contents.
• Adobe Acrobat Reader/Adobe Reader must be installed in order to view the manuals as PDF files.
• A Web browser must be installed in order to view the html manuals.
• For enhanced security, we recommend that you first make the following settings. For details, see
“Setting Up the Machine”, Security Reference.
• Install the Device Certificate.
• Enable SSL (Secure Sockets Layer) Encryption.
• Change the user name and password of the administrator using Web Image Monitor.
About This Machine
Be sure to read the Safety Information in this manual before using the machine.
This manual provides an introduction to the functions of the machine. It also explains the control panel,
preparation procedures for using the machine, how to enter text, and how to install the CD-ROMs
provided.
Troubleshooting
Provides a guide to solving common problems, and explains how to replace paper, toner, staples,
and other consumables.
Copy/Document Server Reference
Explains Copier and Document Server functions and operations. Also refer to this manual for
explanations on how to place originals.
Scanner Reference
Explains Scanner functions and operations.
Network Guide
Explains how to configure and operate the machine in a network environment.
General Settings Guide
Explains User Tools settings, and Address Book procedures such as registering user codes. Also refer
to this manual for explanations on how to connect the machine.
Security Reference
This manual is for administrators of the machine. It explains security functions that you can use to
prevent unauthorized use of the machine, data tampering, or information leakage. Be sure to read
this manual when setting the enhanced security functions, or user and administrator authentication.
1
Information
Contains general notes on the machine, and information about the trademarks of product names used
in the manuals.
• In addition to the above, manuals are also provided for the Printer function.
2
TABLE OF CONTENTS
Manuals for This Machine.................................................................................................................................1
How to Read This Manual.................................................................................................................................8
Symbols...........................................................................................................................................................8
IP Address.......................................................................................................................................................8
1. Getting Started
Before Using the Security Functions..................................................................................................................9
Setting Up the Machine...................................................................................................................................10
Enhanced Security............................................................................................................................................12
Glossary............................................................................................................................................................13
Security Measures Provided by this Machine................................................................................................14
Using Authentication and Managing Users...............................................................................................14
Ensuring Information Security.....................................................................................................................14
Limiting and Controlling Access..................................................................................................................15
Enhanced Network Security.......................................................................................................................16
2. Authentication and its Application
Administrators and Users.................................................................................................................................17
Administrators...............................................................................................................................................17
User...............................................................................................................................................................18
The Management Function..............................................................................................................................20
About Administrator Authentication............................................................................................................20
About User Authentication..........................................................................................................................21
Enabling Authentication...................................................................................................................................23
Authentication Setting Procedure...............................................................................................................23
Administrator Authentication...........................................................................................................................25
Specifying Administrator Privileges............................................................................................................25
Registering the Administrator......................................................................................................................28
Logging on Using Administrator Authentication........................................................................................33
Logging off Using Administrator Authentication........................................................................................35
Changing the Administrator........................................................................................................................36
Using Web Image Monitor.........................................................................................................................38
User Authentication..........................................................................................................................................40
User Code Authentication...............................................................................................................................41
Specifying User Code Authentication........................................................................................................41
3
Basic Authentication.........................................................................................................................................44
Specifying Basic Authentication..................................................................................................................44
Authentication Information Stored in the Address Book...........................................................................46
Windows Authentication.................................................................................................................................53
Specifying Windows Authentication..........................................................................................................54
LDAP Authentication.........................................................................................................................................61
Specifying LDAP Authentication.................................................................................................................62
Integration Server Authentication....................................................................................................................67
Specifying Integration Server Authentication............................................................................................67
If User Authentication is Specified..................................................................................................................74
User Code Authentication (Using the Control Panel)................................................................................74
Login (Using the Control Panel)..................................................................................................................75
Log Off (Using the Control Panel)..............................................................................................................76
Login (Using Web Image Monitor)............................................................................................................77
Log Off (Using Web Image Monitor).........................................................................................................77
Auto Logout..................................................................................................................................................77
Authentication Using an External Device.......................................................................................................81
3. Ensuring Information Security
Specifying Access Permission for Stored Files...............................................................................................83
Assigning Users and Access Permission for Stored Files..........................................................................84
Specifying Access Privileges for Files Stored using the Scanner Function..............................................86
Assigning the User and the Access Permission for the User's Stored Files..............................................90
Specifying Passwords for Stored Files........................................................................................................93
Unlocking Files.............................................................................................................................................95
Preventing Data Leaks Due to Unauthorized Transmission...........................................................................98
Restrictions on Destinations.........................................................................................................................98
Using S/MIME to Protect E-mail Transmission............................................................................................101
E-mail Encryption.......................................................................................................................................101
Attaching an Electronic Signature............................................................................................................103
Protecting the Address Book.........................................................................................................................109
Address Book Access Permission.............................................................................................................109
Encrypting Data in the Address Book......................................................................................................112
Deleting Data on the Hard Disk....................................................................................................................116
4
Auto Erase Memory .................................................................................................................................116
Erase All Memory......................................................................................................................................120
4. Managing Access to the Machine
Preventing Modification of Machine Settings..............................................................................................125
Menu Protect..................................................................................................................................................127
Menu Protect..............................................................................................................................................127
Limiting Available Functions..........................................................................................................................130
Specifying Which Functions are Available.............................................................................................130
5. Enhanced Network Security
Preventing Unauthorized Access..................................................................................................................133
Access Control...........................................................................................................................................133
Enabling/Disabling Protocols..................................................................................................................134
Specifying Network Security Level..........................................................................................................140
Encrypting Transmitted Passwords...............................................................................................................144
Driver Encryption Key...............................................................................................................................144
Protection Using Encryption..........................................................................................................................147
SSL (Secure Sockets Layer) Encryption....................................................................................................147
User Settings for SSL (Secure Sockets Layer)..........................................................................................152
Setting the SSL / TLS Encryption Mode...................................................................................................152
SNMPv3 Encryption.................................................................................................................................154
Transmission Using IPsec...............................................................................................................................157
Encryption and Authentication by IPsec..................................................................................................157
Encryption Key Auto Exchange Settings and Encryption Key Manual Settings...................................158
IPsec Settings.............................................................................................................................................159
Encryption Key Auto Exchange Settings Configuration Flow................................................................167
Encryption Key Manual Settings Configuration Flow.............................................................................172
telnet Setting Commands..........................................................................................................................173
6. Specifying the Extended Security Functions
Specifying the Extended Security Functions................................................................................................181
Changing the Extended Security Functions.............................................................................................181
Procedure for Changing the Extended Security Functions.....................................................................181
Settings.......................................................................................................................................................183
Other Security Functions...............................................................................................................................187
5
Scanner Function.......................................................................................................................................187
Weekly Timer Code..................................................................................................................................187
Limiting Machine Operation to Customers Only.........................................................................................192
Settings.......................................................................................................................................................192
Specifying Service Mode Lock Preparation............................................................................................192
Canceling Service Mode Lock.................................................................................................................194
7. Troubleshooting
Authentication Does Not Work Properly.....................................................................................................197
A Message Appears.................................................................................................................................197
An Error Code Appears............................................................................................................................199
Machine Cannot Be Operated................................................................................................................213
8. Appendix
Supervisor Operations..................................................................................................................................217
Logging on as the Supervisor...................................................................................................................217
Logging off as the Supervisor...................................................................................................................219
Changing the Supervisor..........................................................................................................................219
Resetting an Administrator's Password....................................................................................................222
Machine Administrator Settings....................................................................................................................224
System Settings..........................................................................................................................................224
Copier / Document Server Features.......................................................................................................226
Scanner Features.......................................................................................................................................227
Settings via Web Image Monitor.............................................................................................................227
Network Administrator Settings....................................................................................................................231
System Settings..........................................................................................................................................231
Scanner Features.......................................................................................................................................232
Settings via Web Image Monitor.............................................................................................................232
File Administrator Settings.............................................................................................................................235
System Settings..........................................................................................................................................235
Settings via Web Image Monitor.............................................................................................................235
User Administrator Settings...........................................................................................................................237
System Settings..........................................................................................................................................237
Settings via Web Image Monitor.............................................................................................................238
Document Server File Permissions................................................................................................................239
6
The Privilege for User Account Settings in the Address Book.....................................................................241
User Settings - Control Panel Settings..........................................................................................................244
Copier / Document Server Features............................................................................................................245
Scanner Features...........................................................................................................................................251
System Settings...............................................................................................................................................253
User Settings - Web Image Monitor Settings..............................................................................................259
Device Settings...............................................................................................................................................260
Scanner...........................................................................................................................................................270
Interface..........................................................................................................................................................272
Network..........................................................................................................................................................273
Webpage.......................................................................................................................................................276
Functions That Require Options....................................................................................................................277
INDEX...........................................................................................................................................................279
7
How to Read This Manual
Symbols
This manual uses the following symbols:
Indicates points to pay attention to when using the machine, and explanations of likely causes of paper
misfeeds, damage to originals, or loss of data. Be sure to read these explanations.
Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.
This symbol is located at the end of sections. It indicates where you can find further relevant information.
[ ]
Indicates the names of keys that appear on the machine's display panel.
[ ]
Indicates the names of keys on the machine's control panel.
IP Address
In this manual, “IP address” covers both IPv4 and IPv6 environments. Read the instructions that are relevant
to the environment you are using.
8
1. Getting Started
This chapter describes the machine's security features and how to specify initial security settings.
Before Using the Security Functions
• If security settings are not made, there is a risk of damage resulting from malicious activity. For this
reason, be sure to make the security settings shown in this manual.
1. To prevent this machine being stolen or willfully damaged, etc., install it in a secure location.
2. Purchasers of this machine must make sure that people who use it do so appropriately, in accordance
with operations determined by the machine administrator. If the administrator does not make the
required security settings, there is a risk of security breaches by users.
3. Before setting this machine's security features and to ensure appropriate operation by users,
administrators must read the Security Reference completely and thoroughly, paying particular
attention to the section entitled “Before Using the Security Functions”.
4. Administrators must inform users regarding proper usage of the security functions.
5. Administrators should routinely examine the machine's logs to check for irregular and unusual events.
6. If this machine is connected to a network, its environment must be protected by a firewall or similar.
7. For protection of data during the communication stage, apply the machine's communication security
functions and connect it to devices that support security functions such as encrypted communication.
9
1
Setting Up the Machine
This section explains how to enable encryption of transmitted data and configure the administrator account.
If you want higher security, make the following setting before using the machine:
1. Turn the machine on.
2. Press the [User Tools] key.
BJK001S
3. Press [System Settings].
4. Press [Interface Settings].
5. Specify IPv4 Address.
For details on how to specify the IPv4 address, see “Interface Settings”, General Settings Guide.
1. Getting Started
10
1
6. Connect the machine to the network.
7. Start Web Image Monitor, and then log on to the machine as the administrator.
For details about logging on to Web Image Monitor as an administrator, see “Using Web Image
Monitor”.
8. Install the device certificate.
For information on how to install the device certificate, see “Protection Using Encryption”.
9. Enable secure sockets layer (SSL).
For details about enabling SSL, see “Protection Using Encryption”.
10. Enter the administrator's user name and password.
For details about specifying the administrator user name and password, see “Registering the
Administrator”.
The administrator's default account (user name: “admin”; password: blank) is unencrypted between
steps 6 to 9. If acquired during this time, this account information could be used to gain unauthorized
access to the machine over the network.
If you consider this risky, we recommend that you specify a temporary administrator password for
accessing Web Image Monitor for the first time, before connecting to the network in step 6.
• p.38 "Using Web Image Monitor"
• p.147 "Protection Using Encryption"
• p.28 "Registering the Administrator"
Setting Up the Machine
11
1
Enhanced Security
This machine's security functions can be enhanced by managing the machine and its users using the
improved authentication functions.
By specifying access limits for the machine's functions and the documents and data stored in the machine,
information leaks and unauthorized access can be prevented.
Data encryption also prevents unauthorized data access and tampering via the network.
The machine also automatically checks the configuration and supplier of the firmware each time the main
power is switched on and whenever firmware is installed.
Authentication and Access Limits
Using authentication, administrators manage the machine and its users. To enable authentication,
information about both administrators and users must be registered in order to authenticate users via
their login user names and passwords.
Four types of administrators manage specific areas of machine usage, such as settings and user
registration.
Access limits for each user are specified by the administrator responsible for user access to machine
functions and data stored in the machine.
For details about the administrator and user roles, see “Administrators and Users”.
Encryption Technology
This machine can establish secure communication paths by encrypting transmitted data and
passwords.
• p.17 "Administrators and Users"
1. Getting Started
12
1
Glossary
Administrator
There are four types of administrators according to administrative function: machine administrator,
network administrator, file administrator, and user administrator. We recommend that only one person
takes each administrator role.
In this way, you can spread the workload and limit unauthorized operation by a single administrator.
Basically, administrators make machine settings and manage the machine; but they cannot perform
normal operations.
User
A user performs normal operations on the machine.
File Creator (Owner)
This is a user who can store files in the machine and authorize other users to view, edit, or delete those
files.
Registered User
Users with personal information registered in the address book who have a login password and user
name.
Administrator Authentication
Administrators are authenticated by their login user name and login password, supplied by the
administrator, when specifying the machine's settings or accessing the machine over the network.
User Authentication
Users are authenticated by a login user name and login password, supplied by the user, when
specifying the machine's settings or accessing the machine over the network.
The user's login user name and password are stored in the machine's address book. The personal
information can be obtained from the Windows domain controller (Windows authentication), LDAP
Server (LDAP authentication), or Integration Server (Integration Server authentication) connected to
the machine via the network. The “Integration Server” is the computer on which Authentication
Manager is installed.
Login
This action is required for administrator authentication and user authentication. Enter your login user
name and login password on the machine's control panel. You might have to enter your login user
name and password when accessing the machine over a network or using utilities such as Web Image
Monitor.
Logout
This action is required with administrator and user authentication. This action is required when you
have finished using the machine or changing the settings.
Glossary
13
1
Security Measures Provided by this Machine
Using Authentication and Managing Users
Enabling Authentication
To control administrators' and users' access to the machine, perform administrator authentication and
user authentication using login user names and login passwords. To perform authentication, the
authentication function must be enabled. For details about authentication settings, see “Enabling
Authentication”.
Specifying Authentication Information to Log on
Users are managed using the personal information managed in the machine's Address Book. By
enabling user authentication, you can allow only people registered in the Address Book to use the
machine. Users can be managed in the Address Book by the user administrator. For information on
specifying information to log on, see “Basic Authentication”.
Specifying Which Functions are Available
This can be specified by the user administrator. Specify the functions available to registered users. By
making this setting, you can limit the functions available to users. For information on how to specify
which functions are available, see “Limiting Available Functions”.
• p.23 "Enabling Authentication"
• p.44 "Basic Authentication"
• p.130 "Limiting Available Functions"
Ensuring Information Security
Protecting Stored Files from Unauthorized Access
You can specify who is allowed to use and access scanned files and the files in Document Server.
You can prevent activities such as the printing of stored files by unauthorized users. For details about
protecting stored files from unauthorized access, see “Specifying Access Permission for Stored Files”.
Protecting Stored Files from Theft
You can specify who is allowed to use and access scanned files and the files in Document Server.
You can prevent activities such as the sending and downloading of stored files by unauthorized users.
For details about protecting stored files from theft, see “Specifying Access Permission for Stored Files”.
1. Getting Started
14
1
Preventing Data Leaks Due to Unauthorized Transmission
You can specify in the Address Book which users are allowed to send files using the scanner function.
You can also limit the direct entry of destinations to prevent files from being sent to destinations not
registered in the Address Book. For details about preventing data leaks due to unauthorized
transmission, see “Preventing Data Leaks Due to Unauthorized Transmission”.
Using S/MIME to Protect E-mail Transmission
When sending mail from the scanner to a user registered in the Address Book, you can use S/MIME
to protect its contents from interception and alteration, and attach an electronic signature to guarantee
the sender's identity. For details about using S/MIME to protect e-mail transmission, see "Using S/
MIME to Protect Email Transmission".
Protecting Registered Information in the Address Book
You can specify who is allowed to access the data in the address book. You can prevent the data in
the address book being used by unregistered users.
To protect the data from unauthorized reading, you can also encrypt the data in the address book.
For details about protecting registered information in the address book, see “Protecting the Address
Book”.
Overwriting the Data on the Hard Disk
To prevent data leaks, you can set the machine to automatically overwrite temporary data. We
recommend that before disposing of the machine, you overwrite all the data on the hard disk.
To overwrite the hard disk data, the optional DataOverwriteSecurity Unit is required. For details about
overwriting the data on the hard disk, see “Deleting Data on the Hard Disk”.
• p.83 "Specifying Access Permission for Stored Files"
• p.98 "Preventing Data Leaks Due to Unauthorized Transmission"
• p.101 "Using S/MIME to Protect E-mail Transmission"
• p.109 "Protecting the Address Book"
• p.116 "Deleting Data on the Hard Disk"
Limiting and Controlling Access
Preventing Modification or Deletion of Stored Data
You can allow selected users to access stored scan files and files stored in Document Server.
You can permit selected users who are allowed to access stored files to modify or delete the files. For
details about limiting and controlling access, see “Specifying Access Permission for Stored Files”.
Preventing Modification of Machine Settings
The machine settings that can be modified depend on the type of administrator account.
Security Measures Provided by this Machine
15
1
Register the administrators so that users cannot change the administrator settings. For details about
preventing modification of machine settings, see “Preventing Modification of Machine Settings”.
Limiting Available Functions
To prevent unauthorized operation, you can specify who is allowed to access each of the machine's
functions. For details about limiting available functions for users and groups, see “Limiting Available
Functions”.
• p.83 "Specifying Access Permission for Stored Files"
• p.125 "Preventing Modification of Machine Settings"
• p.130 "Limiting Available Functions"
Enhanced Network Security
Preventing Unauthorized Access
You can limit IP addresses or disable ports to prevent unauthorized access over the network and
protect the address book, stored files, and default settings. For details about preventing unauthorized
access, see “Preventing Unauthorized Access”.
Safer Communication Using SSL, SNMPv3 and IPsec
You can encrypt this machine's transmissions using SSL, SNMPv3, and IPsec. By encrypting transmitted
data and safeguarding the transmission route, you can prevent sent data from being intercepted,
analyzed, and tampered with. For details about safer communication using SSL, SNMPv3 and IPsec,
see “Protection Using Encryption”.
• p.133 "Preventing Unauthorized Access"
• p.147 "Protection Using Encryption"
1. Getting Started
16
1
2. Authentication and its Application
This chapter describes how to register the administrator and specify the authentication methods. How to
log on and log off once authentication is enabled is also described here.
Administrators and Users
When controlling access using the authentication method specified by an administrator, select the machine's
administrator, enable the authentication function, and then use the machine.
The administrators manage access to the allocated functions, and users can use only the functions they are
permitted to access. When the authentication function is enabled, the login user name and login password
are required in order to use the machine.
Specify administrator authentication, and then specify user authentication.
For details about specifying a login user name and password, see “Specifying Login User Name and Login
Password”.
• If user authentication is not possible because of a problem with the hard disk or network, you can use
the machine by accessing it using administrator authentication and disabling user authentication. Do
this if, for instance, you need to use the machine urgently.
• p.47 "Specifying Login User Name and Login Password"
Administrators
There are four types of administrators: machine administrator, network administrator, file administrator,
and user administrator.
Sharing administrator tasks eases the burden on individual administrators while also limiting unauthorized
operation by administrators. You can also specify a supervisor who can change each administrator's
password. Administrators are limited to managing the machine's settings and controlling user access, so
they cannot use functions such as copying and scanning. To use these functions, the administrator must
register as a user in the Address Book and then be authenticated as the user.
User Administrator
This is the administrator who manages personal information in the address book.
A user administrator can register/delete users in the address book or change users' personal
information.
Users registered in the address book can also change and delete their own information.
17
2
If any of the users forget their password, the user administrator can delete it and create a new one,
allowing the user to access the machine again.
For instructions on registering the user administrator, see “Registering the Administrator”.
Machine Administrator
This is the administrator who mainly manages the machine's default settings. You can set the machine
so that the default for each function can only be specified by the machine administrator. By making
this setting, you can prevent unauthorized people from changing the settings and allow the machine
to be used securely by its many users.
For instructions on registering the machine administrator, see “Registering the Administrator”.
Network Administrator
This is the administrator who manages the network settings. You can set the machine so that network
settings such as the IP address and settings for sending and receiving e-mail can only be specified by
the network administrator.
By making this setting, you can prevent unauthorized users from changing the settings and disabling
the machine, and thus ensure correct network operation.
For instructions on registering the network administrator, see “Registering the Administrator”.
File Administrator
This is the administrator who manages permission to access stored files. You can specify passwords
to allow only registered users with permission to view and edit files stored in Document Server. By
making this setting, you can prevent data leaks and tampering due to unauthorized users viewing and
using the registered data.
For instructions on registering the file administrator, see “Registering the Administrator”.
Supervisor
The supervisor can delete an administrator's password and specify a new one. The supervisor cannot
specify defaults or use normal functions. However, if any of the administrators forget their password
and cannot access the machine, the supervisor can provide support.
For instructions on registering the supervisor, see “Supervisor Operations”.
• p.28 "Registering the Administrator"
• p.217 "Supervisor Operations"
User
Users are managed using the personal information in the machine's address book.
By enabling user authentication, you can allow only people registered in the address book to use the
machine. Users can be managed in the address book by the user administrator.
2. Authentication and its Application
18
2
Other manuals for Pro C720s
1
Table of contents
Other Ricoh Copier manuals
Ricoh
Ricoh FW750 User manual
Ricoh
Ricoh Aficio GS 106 User manual
Ricoh
Ricoh Aficio MP C2051 User manual
Ricoh
Ricoh A229 User manual
Ricoh
Ricoh Grand Kingfisher FT4018 User manual
Ricoh
Ricoh Gim-MF1a Quick start guide
Ricoh
Ricoh B089 User manual
Ricoh
Ricoh MP CW2201sp User manual
Ricoh
Ricoh A193 User manual
Ricoh
Ricoh D017 User manual
Ricoh
Ricoh FT4422 User manual
Ricoh
Ricoh DSc332 User manual
Ricoh
Ricoh feeder User manual
Ricoh
Ricoh A250 User manual
Ricoh
Ricoh Aficio MP 1900 User manual
Ricoh
Ricoh G-P3 User manual
Ricoh
Ricoh 7700W User manual
Ricoh
Ricoh Aficio DSm651 User manual
Ricoh
Ricoh BR-C1a Basic Manual
Ricoh
Ricoh FT5580 User manual
