Introduction
Secure printer configuration access by setting and enforcing an Embedded Web Server (EWS) administrator password through printer policies to ensure compliance and robust deployment security.
Target Audience
Printer Administrators who define and manage policies for enforcement.
Setting an Embedded Web Server Admin Password on your Printers via Policy
The Embedded Web Server (EWS) Admin Password controls access to the configuration parameters of the HP Embedded Web Server (EWS) on an HP printer. If no password is set, anyone can access the EWS and modify configuration parameters.
To set an EWS password for a printer, that printer must have an ID certificate. You should also consider installing CA-signed certificates before setting the password. If you assess this item, enter the password and then re-enter it to confirm.
If your network environment has an HP Web Jetadmin installation, this setting can affect its functionality.
Before changing the number of Maximum attempts for logout to a lower value, ensure that the total number of EWS credentials stored in HP Web Jetadmin does not exceed the final value of the Maximum attempts for logout.
Otherwise, HP Web Jetadmin might display a device with a status communication error after discovering new devices.
Note
If you synchronize passwords using the HP Embedded Web Server (EWS), other configuration tools such as Telnet, SNMPv1/v2, and HP Web Jetadmin will use the Admin Password.
This feature is only available on some HP models.
To secure the Embedded Web Server (EWS) using a printer policy:
Create or modify a printer-specific or a printer group policy.
On the Select Policy Settings page, locate and select Embedded Web Server (EWS) Admin Password.
Click Next. The Set Options page appears.
In the Settings list, click Embedded Web Server (EWS) Admin Password to expand it and display its configurable properties.
Modify the Assessment and Remediations options on the left of the panel as necessary. Modify the Assessment and Remediations options on the left of the panel as necessary. The Embedded Web Server (EWS) Admin Password setting supports the following options:
Setting | Description |
Severity | Defines the relative security risk (Low, Medium, or High) should the setting be out of compliance. |
Ignore Unsupported Item | When enabled, this setting is ignored if the device doesn't support the feature, so WXP doesn't assess a setting the printer doesn’t support. |
Remediation | When enabled, this setting is remediated if it is found to be out of compliance. Otherwise, WXP only flags the setting when non-compliant and does not attempt to remediate it. |
Configure the EWS password and password settings:
Setting | Description |
Generate Random Password | Click this button to have WXP automatically generate a unique password for you. |
EWS Admin Password/Confirm EWS Admin Password | A unique password that meets the criteria listed. |
Minimum Password Length | An integer between 8 and 32 inclusive. |
Password Complexity | When checked, enables the password complexity check on the printer. Password complexity requirements can vary across different printer families. |
Account Lockout | When checked, the account is locked when the Maximum Attempts is reached without a successful login. |
Maximum Attempts | An integer between 3 and 30 indicating the maximum number of unsuccessful attempts to log in before the EWS account is locked. |
Reset attempts after (seconds) | The number of seconds (between 0 and 1800) before the account resets. |
Lockout duration (seconds) | The number of seconds (between 5 and 1800) that the account remains locked after the Maximum Attempts value is reached. |
Click Create/Save.
Contact Us
For any assistance, create a support case or email support@wxp.hp.com.