Administrator Tools (System Settings)

This section describes the settings in the [Administrator Tools] under [System Settings].

Items	Description
Address Book: Change Order	Change the order of destinations and users registered in the Address Book. You can rearrange the order of destinations and names on the same title, but they cannot be moved across different titles. For example, you cannot move the user "Planning division" registered on the title "Regular Use" to the title "P".
Address Book: Edit Title	You can edit the title text in the Address Book.
Address Book: Switch Title	Specify the type of the titles displayed in the Address Book You can select [Title 1], [Title 2], or [Title 3]. Default: [Title 1]
Auto Delete User in Address Book	This is a user tool to register the user, who is logged in to the machine with the Windows Authentication or LDAP Authentication, in the Address Book automatically. You can specify whether to delete the oldest account and register a new account automatically when the maximum registerable limit in the Address Book has been reached. Default: [Off]
Delete All Data in Address Book	Delete all data in the Address Book.
Conditions to Search Address Book/LDAP	Specify the default settings for conditions of a search word when you search the name or destination in the Address Book or LDAP Server. You can select [Beginning Word], [End Word], [Exact Match], [Include one Word], [Exclude Words], or [Fuzzy Search] (LDAP Server only). Default: [Include one Word]
Display/Clear/Print Counter per User	View and print the function counter per user. You can clear the counter value. Confirming the Counter for Each User
Machine action when limit is reached	Specify whether to continue printing when Print Volume Use reaches the limit. Default: [Allow continue use] Specifying Maximum Print Volume Use of Each User
Print Volume Use Limitation: Unit Count Setting	Specify the function and count to limit the print volume use.
Enhanced Print Volume Use Limitation	This is a user tool to limit the maximum print volume use using the SDK application. You can specify the following two items: Whether to notify the tracking information from the machine to the SDK application Whether to stop printing using the SDK application Default: [Off]
Print Volum. Use Limit.: Default Limit Value	Specify the limit value of the Print Volume Use. Specifying Maximum Print Volume Use of Each User
Media Slot Use	Specify the USB slot on the side of the control panel disabled. Preventing Information Leaks from the Media Slot
User Authentication Management	Specify the authentication method to authenticate the user. When you specify the authentication, you can limit the functions to use or the access to the Address Book or stored files. You can select [User Code Authentication], [Basic Authentication], [Windows Authentication], or [LDAP Authentication]. Default: [Off] Verifying Users to Operate the Machine (User Authentication)
Administrator Authentication Management Program/Change Administrator	Specify whether an Administrator manages the settings of the machine. Register the user name and password of the Administrator to prevent the settings changed by the user other than the Administrator. You can manage four categories; user administration, machine administration, network administration, and file administration. Registering the Administrator Before Using the Machine
Extended Security	Specify to encrypt transmitted data of the machine and data in the Address Book. For details, see "Specifying the Extended Security Functions" on this page.
Program/Change/Delete LDAP Server	You can register up to five settings for the LDAP Server. Programming the LDAP Server
Service Test Call	Make a test call to the RICOH @Remote center server (RICOH Gateway). This function is available when the RICOH @Remote is used.
Sleep Mode Entry by Sleep Mode Timer	Specify whether or not to use Sleep Mode. Default: [Enable]
Notify Machine Status	Send notification of the machine's status to the RICOH @Remote center server (RICOH Gateway). This function is available when the RICOH @Remote is used.
Firmware Version	Display the version of the software installed in the machine.
Erase All Memory	Delete all data stored in the machine.
Delete All Logs	Delete all logs stored in the machine.
Transfer Log Setting	This is a user tool to disable the log transfer settings that can be enabled on the Collect Logs server. To disable the log transfer settings, specify [Do not Forward]. Collecting Logs
Fixed USB Port	This is a user tool to specify when you use the same machines as this machine. When you use the machine as a printer using the USB connection, you do not need to re-install the printer driver. To use this function, specify [Level 1]. Default: [Off]
Program/Change/Delete Realm	Program the realm to be used for Kerberos authentication. Be sure to specify both the "Realm Name" and "KDC Server Name" when programming a realm. Programming the Realm
Machine Data Encryption Settings	Specify whether to encrypt the Address Book, Authentication Information, and Store Files stored in the machine. Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine
Stop Key to Suspend Print Job	Specify the job range to stop when you press [Stop]. All Print Jobs When you press [Stop], the dialog is displayed to stop all job. While the dialog is displayed, newly received jobs are not yet printed, making it possible to stop printing jobs just after being sent from the computer. Only Job Being Operated Stop the jobs for the functions displayed on the control panel Default: [All Jobs]
Collect Logs	Specify whether to activate the collection of Job Log, Access Log, and Eco-friendly Logs Default: [Inactive] Collecting Logs
Shift to Power Off When Ntwrk. Disconnctd.	When the machine is disconnected from a network, the main power is turned Off. Default: [On]
Display IP Address	Specify whether to display the IPv4 Address and Host Name of the machine on the system bar. Default: [Do not Display]
Allow Logout during Scanning	Specify whether to permit logout on the control panel during scanning the original in Copy function. Default: [Prohibit]
Notify Machine Status to Data Server	Notify the machine's information to Machine Management System "PaaS-PF".
Allow Log Collection	Specify whether to allow log collection by RICOH @Remote. Default: [Prohibit]
Display Paper Size Confirmation Screen	Specify whether a confirmation screen for the paper size is displayed when the tray paper size and the size of the fed paper do not match. Default: [On]

Specifying the Extended Security Functions

This section describes settings displayed in [Administrator Tools][Extended Security]. You can encrypt transmitted data and data in the Address Book. An administrator who can changes the settings depends on the user tool.

Items	Description
Driver Encryption Key (Permissions: Network Administrator)	Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON. Register the encryption key specified using the machine in the driver.
Driver Encryption Key:Encryption Strength (Permissions: Network Administrator)	Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it. All jobs that are verified by [Simple Encryption] or user authentication are accepted. [DES] Jobs encrypted with DES or AES are accepted. [AES] Jobs encrypted with AES are accepted. When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help. Default: [Simple Encryption]
Restrict Display of User Information (Permissions: Machine Administrator)	Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "*******". Default: [Off*]
Restrict Use of Destinations (Fax) Restrict Use of Destinations (Scanner) (Permissions: User Administrator)	Specify whether to limit the available fax and scanner destinations to the destinations registered in the Address Book and searched with the LDAP Search function. When you specify the setting to receive e-mails via SMTP using the Fax function, you cannot use this function. Default: [Off]
Restrict Adding of User Destinations (Fax) Restrict Adding of User Destinations (Scanner) (Permissions: User Administrator)	These are the settings when you do not use "Restrict Use of Destinations". Specify whether to restrict adding of user destinations entered directly in the Address Book. You can send e-mail to the destination entered directly. Default: [Off]
Transfer to Fax Receiver (Permissions: Machine Administrator)	Specify whether to prohibit the use of forwarding or transferring function of the Fax function. Default: [Do not Prohibit] Transferring Received Fax Documents to Another Fax Destination
Authenticate Current Job (Permissions: Machine Administrator)	This is a user tool when Basic Authentication, Windows Authentication, or LDAP Authentication is used. Specify whether authentication is required for operations such as interrupting jobs under the Copy function or canceling jobs under Printer functions. When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job. When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job. Default: [Off]
@Remote Service (Permissions: Machine Administrator)	Specify how to use the @Remote Service. If it is specified to [Prohibit Some Services], it becomes impossible to change settings via a remote connection from the center, providing optimally secure operation. Default: [Do not Prohibit]
Update Firmware (Permissions: Machine Administrator)	Specify whether to prohibit firmware updates on the machine by a service representative or via the network. Default: [Do not Prohibit]
Password Policy (Permissions: User Administrator)	Specify whether to limit the text and the number of characters for the password. Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below. Upper-case letters, lower-case letters, decimal numbers, and symbols such as # You can specify passwords that meet the conditions specified in complexity and minimum character number. Default: [Off] (no minimum character number)
Settings by SNMPv1, v2 (Permissions: Network Administrator)	Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator. Default: [Do not Prohibit]
Security Setting for Access Violation (Permissions: Machine Administrator)	Specify whether to prevent the incorrect lockout caused by the network environment. When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts. When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds). Default: [Off]
Password Entry Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected. Default Max. Allowed No. of Access: [30] Measurement Time: [5 second(s)] If you receive violation detection e-mails frequently, check the content and review the setting values.
Device Access Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor. You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected. Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit). Default Max. Allowed No. of Access: [100] Measurement Time: [10 second(s)] Authentication Delay Time: [3 second(s)] Simultns. Access Host Limit: [200] If you receive violation detection e-mails frequently, check the content and review the setting values.

Items

Description

Driver Encryption Key

(Permissions: Network Administrator)

Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is specified to ON.

Driver Encryption Key:Encryption Strength

(Permissions: Network Administrator)

Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it.

All jobs that are verified by [Simple Encryption] or user authentication are accepted.
[DES]
Jobs encrypted with DES or AES are accepted.
[AES]
Jobs encrypted with AES are accepted.

When you select [AES] or [DES], specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help.

Default: [Simple Encryption]

Restrict Display of User Information

(Permissions: Machine Administrator)

Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "********".

Default: [Off]

Restrict Use of Destinations (Fax)

Restrict Use of Destinations (Scanner)

(Permissions: User Administrator)

Specify whether to limit the available fax and scanner destinations to the destinations registered in the Address Book and searched with the LDAP Search function.

When you specify the setting to receive e-mails via SMTP using the Fax function, you cannot use this function.

Default: [Off]

Restrict Adding of User Destinations (Fax)

Restrict Adding of User Destinations (Scanner)

(Permissions: User Administrator)

These are the settings when you do not use "Restrict Use of Destinations". Specify whether to restrict adding of user destinations entered directly in the Address Book. You can send e-mail to the destination entered directly.

Default: [Off]

Transfer to Fax Receiver

(Permissions: Machine Administrator)

Specify whether to prohibit the use of forwarding or transferring function of the Fax function.

Default: [Do not Prohibit]

Transferring Received Fax Documents to Another Fax Destination

Authenticate Current Job

(Permissions: Machine Administrator)

This is a user tool when Basic Authentication, Windows Authentication, or LDAP Authentication is used. Specify whether authentication is required for operations such as interrupting jobs under the Copy function or canceling jobs under Printer functions.

When you specify [Login Privilege], authorized users who have the privilege to use the current function can operate the job.

When you specify [Access Privilege], users who execute the job and the machine administrator can operate the job.

Default: [Off]

@Remote Service

(Permissions: Machine Administrator)

Specify how to use the @Remote Service.

If it is specified to [Prohibit Some Services], it becomes impossible to change settings via a remote connection from the center, providing optimally secure operation.

Default: [Do not Prohibit]

Update Firmware

(Permissions: Machine Administrator)

Specify whether to prohibit firmware updates on the machine by a service representative or via the network.

Default: [Do not Prohibit]

Password Policy

(Permissions: User Administrator)

Specify whether to limit the text and the number of characters for the password.

Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below.

Upper-case letters, lower-case letters, decimal numbers, and symbols such as #

You can specify passwords that meet the conditions specified in complexity and minimum character number.

Default: [Off] (no minimum character number)

Settings by SNMPv1, v2

(Permissions: Network Administrator)

Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator.

Default: [Do not Prohibit]

Security Setting for Access Violation

(Permissions: Machine Administrator)

Specify whether to prevent the incorrect lockout caused by the network environment.

When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, specify the setting to On, and control the lockout by period but not by counts.

When you specify [On], you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds).

Default: [Off]

Password Entry Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail.

You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected.

Default
- Max. Allowed No. of Access: [30]
- Measurement Time: [5 second(s)]

If you receive violation detection e-mails frequently, check the content and review the setting values.

Device Access Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor.

You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected.

Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit).

Default
- Max. Allowed No. of Access: [100]
- Measurement Time: [10 second(s)]
- Authentication Delay Time: [3 second(s)]
- Simultns. Access Host Limit: [200]

If you receive violation detection e-mails frequently, check the content and review the setting values.