I'm looking for a way to protect or disable the 'Public User' account as far as the web interface goes.
-
-
Re: Disable or Protect 'Public User' web account
in admin mode at the machine you can either disable the web interface completely, or you can also prevent user mode from being able to add / edit / manually input scan destinations. no idea what else you'd want to block them from but that's a start. -
Re: Disable or Protect 'Public User' web account
Disabling the web interface wouldn't be acceptable as that would block the admin web interface as well.
The problem we're having with public mode is that it's showing way too much information.
Anything about jobs, settings, or direct print, should NOT be accessible publicly.
We would much rather that there is no public user and the only access to the web interface was the administrative one, baring that, restricting the public user to only being able to view things like toner and paper levels would be the next best step, but there is way too much access allowed as it currently is.Comment
-
Re: Disable or Protect 'Public User' web account
Andrew, I'm thinking that you're an IT professional. Correct?
=^..^=If you'd like a serious answer to your request:
1) demonstrate that you've read the manual
2) demonstrate that you made some attempt to fix it.
3) if you're going to ask about jams include the jam code.
4) if you're going to ask about an error code include the error code.
5) You are the person onsite. Only you can make observations.
blackcat: Master Of The Obvious =^..^=Comment
-
Re: Disable or Protect 'Public User' web account
Anyone with access to your intranet has access to the pubic page. You can remove the store address tab, and use only password protected user boxes to control the page, but there is really nothing else there other than paper setting, toner levels and some really tame settings...You could firewall the ip address and restrict access..similar to many companies that block hotmail, pandora etc...Disabling the page through ADMIN works, but nw if you need to get in you have to go back to the MFP and re-enable it. EmujoIf you don't see your question answered in the forum, please don't think it's OK to PM me for a personal reply...I do not give out firmware and/or manuals.Comment
-
Re: Disable or Protect 'Public User' web account
We can't find anywhere to limit access to the Jobs page. That provides entirely too much information to be public. It shows the username and the file name of any print jobs as well as allows anyone to modify priority and delete the jobs. This is not acceptable. And again, disabling the web interface completely, or blocking it is not an option either.
And the job history section of the jobs page, is one giant security risk.
Simply put, that entire section should never be available to anyone public. And blocking access to the IP is not possible as we need it for the admin web interface.
It's inconceivable that there's no way to disable this.Comment
-
Re: Disable or Protect 'Public User' web account
What kind of info are you trying to hide? Who cares how many pages, or what print settings someone used? Is paranoia a prerequisite to becoming an IT person?Comment
-
Re: Disable or Protect 'Public User' web account
I keep saying it, let me put it in a list this time
Here is what SHOULD NOT be accessible to any sort of public login
- Listing of current jobs
- Listing of past jobs
- Name of user who sent jobs
- Name of file for sent jobs
- Ability to delete jobs
- Ability to change priority on jobs
This isn't paranoia. The options are there. We can't restrict it from our network or we disable the admin login as well. Therefore anyone on our network can do anything on that list. It's a security risk, plain and simple.
Setting that aside for a moment, I asked a technical question, I'd rather not have to explain every possible motivation for what I need to do.Comment
-
Re: Disable or Protect 'Public User' web account
Wow! And you say it isn't paranoia? lol
The answer is NO. You can't change or restrict what is seen on the user login for pagescope. Sorry.
Now go back to you bunker and put on you aluminium foil hat. lolComment
-
Re: Disable or Protect 'Public User' web account
I'm guessing you don't work somewhere where confidential documents need to be printed, well I do.
Security is a major concern, and so is not having to go to the printer and back just to add an address to the address book.Comment
-
Re: Disable or Protect 'Public User' web account
I haven't tried it in regards to your requirements, but have you tried secure printing ? it may achieve what you are after.
but then the person has to enter a password in to release their secure print jobs.
Failing that, you will need to contact your dealer and request customised firmware. There may be a cost associated with this service. Depending on your dealer they may not be interested in doing this either.Comment
-
Re: Disable or Protect 'Public User' web account
I'm pretty sure custom firmware will be the route we are going to take.
I imagine it shouldn't be too big of a cost to simply remove the ability for the user to login.
Seems the easiest way would be to just make a check if it's not the admin user logging it, just fail the login.
Though, I'm not a programmer.
Still, I'm pretty sure if there's no way to block those sections or disable the login, that will be the route we attempt to take.
Secure printing isn't a good option in this case as many of the people doing the confidential printing aren't computer savvy. They just use basic functions.Comment
-
Re: Disable or Protect 'Public User' web account
I've just found that some IT personnel can be control freaks. They want me to do the setup, but will not provide administrative rights or logins. I know a specific IT guy who doesn't even want me looking at his screen, and never ever touch a keyboard.
The funny thing about the security functions are that when they're working properly they're never convenient or simple. If it was it wouldn't be security.
Couldn't you block that specific IP address for the browser?
Have you taken into account that 99.9% of the individuals in your office have no idea that there even is a web interface, let alone how to get to it? Even when I attempt to train individuals how to use it, within a week they cannot remember a thing.
In my humble opinion the username does not tell you anything particularly interesting. So what if so-and-so printed or scanned a document? Nobody can see the document. Is the time that crucial? or # of MB?
I too think your paranoid. =^..^=Last edited by blackcat4866; 02-09-2013, 02:37 AM.If you'd like a serious answer to your request:
1) demonstrate that you've read the manual
2) demonstrate that you made some attempt to fix it.
3) if you're going to ask about jams include the jam code.
4) if you're going to ask about an error code include the error code.
5) You are the person onsite. Only you can make observations.
blackcat: Master Of The Obvious =^..^=Comment
-
Re: Disable or Protect 'Public User' web account
Some of the newer machines have the ability to set Security Settings to a higher level. At that level Job Logs are hidden. Earlier models were not as security minded.Comment
Comment