Konica Minolta Copiers
- Michael MacDonald
- Dan Modini
- Kevin Murphy
Owned by Michael MacDonald
|
|
|---|
Introduction
Tufts University signed an agreement with Konica-Minolta in 2010. These new Konica-Minolta multi-function devices replaced many of the previous Toshiba E-Series multi-function copiers that were purchased under the Danka contract
Basic Information
- Default Password is "12345678"
- Please note this is the default manufacturer's password and it should be changed immediately to something more secure
Best Practices
- Change default password to prevent unauthorized access
- Note: You must be physically at the machine to change the Administrator password. This cannot be done from the remote Konica Web Connection Page Scope.
- Enable NTLMv2 Authenication
- Disable unused procotols such as AppleTalk/Bonjour/WebDAV/FTP/NetWare
- Require Departmental Code before allowing Printing/Scanning/Copying
- Use of Print Server for centralized administration
- Enable IP Filtering to limit direct IP printing and only allow authorized clients to print
- Set Copier to DHCP and assign DHCP Reservation using Proteus (This will insure that the copier always pulls the correct DNS, WINS, and gateway from DHCP server.
- Note: Configuring copiers with a Manual IP may causes issues in the future if the Tufts DNS or WINS servers change as they have in the past)
- Enable internal Hard Drive encryption or disable scanning to internal hard drive
Documentation
Drivers
- Konica Minolta Bizhub 423/363/283/223 Macintosh Drivers
- Release Notes: bizhub 223, 283, 363, 423 Mac 10.7 Driver Version 1.4.1Â
- [Konica Minolta Bizhub 423/363/283/223 Macintosh Drivers]
- Release Notes: bizhub 223, 283, 363, 423 Mac 10.2, 10.3, 10.4, 10.5, 10.6Â
- Konica Minolta Bizhub 423/363/283/223 Windows Drivers
- Release Notes: bizhub 223, 283, 363, 423 PCL Driver Version 1.2.0.0
- Konica Minolta Bizhub 601/751 Windows Drivers
- Release Notes:Â bizhub 601, 751, IC-208 PCL, PS, FAX, XPS+ Driver Version 2.0.0.0
- Konica Minolta Bizhub C454/C554 PS, PCL Windows DriversÂ
- Release Notes:Â bizhub C454, C554 PS, PCL and FAX Driver Version 1.2.0.0
How-Tos
- How to change default Administrator password
- How to enable NTLMv2 (used for more secure authenication)
- How to enable LDAP (Tufts Directory)
- How to Configure Email SMTP (Scanning to Email)
- How to Enable Scan to SMB (Scaning to Network Shares/Q Drive)
- How to Create a Group Policy Object (GPO) for Mass Deployment of Copiers using a Windows-based Print Server
- Enable Scan to Home Directory (Requires authentication to copier using Active Directory)Â
- Scan to External Memory (USB)
- Secure Printing on Konica Minolta Copiers
Open Questions
- Can we bypass "Track Account" login to login as admin at the touch panel?
- Are there any documents stored locally during scan to usb, e-mail or network share?
- How to reset the admin password if it's lost, without resetting entire system?
- Answer: According to Konica Security Operations Manual, "If the Administrator Password is forgotten, it must be set again by the Service Engineer."
Untested Solution from Old Konica Minolta Copiers To reset the admin password:
1. Enter Service mode by pressing the Utility key then the Details button followed by pressing stop 0, 0, stop 0, 1.
2. Press stop, 0 then Clear to access the admin security mode. This will allow changing the admin password back to the default setting of
12345678 or it can be changed to a unique password
- Answer: According to Konica Security Operations Manual, "If the Administrator Password is forgotten, it must be set again by the Service Engineer."
- Can we use command-lines to deploy the driver silently?
- IfÂ
- How do we program the department code into the printer driver?
- If you are scanning to a shared network drive, a proc account is required. What is the best practice for locking down a proc account?
- Scanners should have their own AD service account so that they
can be audited and the account can be disabled if compromised. - Service account should be denied Interactive Logon. (Can be done through GPO in a separate OU). This prevents service account from being able to log into local computers or through Remote Desktop Connection.
- Account should have least administrative privileges needed perform job. Only change access to folder it needs to scan to or list access to root directory if scanning to specific folder.
- Account should have complex password and set not to expire however password should be changed on all copiers in a cycle.
- Scanners should have their own AD service account so that they
- When and how are firmware updates done?
- Can monitoring of these devices be centrally logged?
- Can be done via Konica PageScope Device Manager software
Known Issues
- When configuring scanning, the scanner picks up tufts.edu as the domain and attempts to authenticate the account using tufts.edu/utln
- tufts.edu must be corrected to Tufts or blank?
- When installing the Universal print driver manually, the driver configures the port to print to the IP address of the printer.
- Best practice is to print to a DNS Hostname in case the printer moves, or the subnet changes.
Potential Additional Services to be documented
- Faxing capabilites
- Page Scope Administration (Ability to look at all copiers through one interface)
Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.