Printer Policy Settings Overview

Introduction

The latest release of the Workforce Experience Print Fleet Proxy supports the following HP Web Jetadmin settings to ensure your print infrastructure remains optimized and synchronized.

Supported HP Web Jetadmin settings

Target Audience

Printer Administrators who define and manage policies for enforcement.

Certificate Settings

Certificates are a critical aspect of maintaining printer security, used ensure secure communication between the printer and other network resources. The Certificate settings let you configure and deploy CA and ID certificates to your printer fleet.

Setting	Description
CA Certificate	Installs a CA Certificate on printers in a fleet. CA Certificates allow printers to trust other devices and services by validating their identity through a trusted CA. Inversely, these certificates also validate the ID certificates installed on each printer. In WXP, CA certificates are used to securely connect printers to cloud services and encrypt network communication. This is essential for secure protocols like HTTPS, LDAP over SSL, and 802.1X network authentication. For more information about configuring CA Certificate, see Installing and Managing Certificates with Printer Policies.
Identity Certificate	Installs ID certificates on printers in the fleet. ID certificates are issued by a certificate authority (CA) and are installed on individual printers to prove their identity to other devices, enabling trusted communication. Note: During remediation, WXP will verify that existing certificates are valid and up to date. If a certificate is not already installed on a printer, the platform will request and install a valid certificate. For more information about configuring CA Certificate, see Installing and Managing Certificates with Printer Policies.

Setting

Description

CA Certificate

Installs a CA Certificate on printers in a fleet.

CA Certificates allow printers to trust other devices and services by validating their identity through a trusted CA. Inversely, these certificates also validate the ID certificates installed on each printer.

In WXP, CA certificates are used to securely connect printers to cloud services and encrypt network communication. This is essential for secure protocols like HTTPS, LDAP over SSL, and 802.1X network authentication.

For more information about configuring CA Certificate, see Installing and Managing Certificates with Printer Policies.

Identity Certificate

Installs ID certificates on printers in the fleet.

ID certificates are issued by a certificate authority (CA) and are installed on individual printers to prove their identity to other devices, enabling trusted communication.

Note: During remediation, WXP will verify that existing certificates are valid and up to date. If a certificate is not already installed on a printer, the platform will request and install a valid certificate.

For more information about configuring CA Certificate, see Installing and Managing Certificates with Printer Policies.

Copier Settings

Use the Copier settings to configure the behavior of the copier features of your printers.

Setting	Description
Copy Background Cleanup	Specifies the default amount of background to be removed from the original document being scanned. For example, if a higher value is set, then more of the background is removed from the original.
Copy Contrast	Specifies the default contrast (brightness) that the device uses to make copies. The device can make copies that are lighter or darker than the original.
Copy Darkness	Specifies the default amount of exposure that is applied to the scanned document. For example, a lower setting will cause the printed output to be lightened; a higher setting will cause the printed output to be darkened.
Copy Optimize Text/Picture	Optimizes the quality of copies based on the most common text or image type used in copy jobs. You can choose to optimize for photographs, printed pictures, text, or a mix of two or more content types.
Copy Paper Tray Selection	Specifies the default input paper tray the device should use for a copy job.
Copy Sharpness	Specifies the default amount of sharpness to be applied to the original document being scanned. A higher value produces sharper copies.
Copy Stamps	Allows you to set up Copy Stamps to display in various positions on a page. These stamps can be placed in six locations using preset or custom content. This setting is only supported on Print Fleet Proxy connected printers. To set up a copy stamp: Select Edit beside the page location you want to place the stamp. Select the Stamp Content. Choose a Text Font, Text Size, and Text Color. Check White Background if you want a white background placed behind the stamp. Select Save.

Device Settings

The Devices Settings let you enable, disable and configure various device-level settings for the printers in fleet.

Setting	Description
AutoSend	Enables the device to periodically send usage information about the device’s configurations and supplies to a list of recipients. You can specify the frequency at which this information is sent and a custom list of recipients to send it to. If you have a subscription to an HP service like Instant Ink, you can also enable the Send to HP Using HTTPS subsetting to proactively inform HP about the status of your printer’s supplies. Note: To use this feature, you must also configure one of the Outgoing Servers or the SMTP Server.
Company Name	The name of the organization that owns the device.
Contact Person	The person who should be contacted if there are any problems with the device or if you need support.
Control Panel Language	The language displayed on the printer control panel. If you have a multilingual workforce, set the control panel language to the one language that your employees prefer.
Date/Time Format	Specifies the format for dates and times as displayed on the device, complying with the format used by your organization.
Device Location	The location of the device.
Device Name	A name assigned to the device by the organization.
Duplex Binding	Specifies the default duplex option and orientation that is used when a print job does not specify these settings. Note: This setting is only supported on cloud-connected printers.
Energy Settings	Use this option to change the printer's sleep and shutdown settings: Sleep/Auto Off after inactivity: Specifies the length of time before the printer goes to sleep after inactivity. Shut down after inactivity: Specifies the length of time before the printer shuts down after inactivity. Delay when ports are active: When enabled, delays the printer from going to sleep or shutting down if any ports are being used.
Home Screen Customization – FutureSmart	Specifies a custom application to display on the printer control panel Home screen. Click Import a Reference Device and choose a printer model to use as a reference for available applications. You can also choose to display the default HP application if the custom app does not load.
Manual Feed Prompt	Specifies whether the Manual Feed Prompt will always be displayed or is only displayed if the tray is not loaded.
Online Solutions	Enables the Online Solutions features. When Online Solutions is enabled, it lets users scan a QR code or click a web link in the Event Log and receive access to cloud-based solution pages for device events, such as paper jams. You can choose to enable any or all of the following Online Solutions features: Show QR Codes in Control Panel Event Details Show Links in the Event Log Restrict Online Solutions to the Administrator
Outgoing Servers	Specifies the SMTP server(s) used to send emails. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Override A4/Letter	When enabled, the device prints on letter-size paper when an A4 job is sent but no A4-size paper is loaded in the device, or on A4 paper when a letter-size job is sent but no letter-size paper is loaded.
Retain Print Jobs	Specifies whether print jobs are stored on the device if the device has that ability. This feature is available on some printers that have mass storage capability. This allows you to store print jobs in the flash memory on a printer. This setting allows you to: Store a print job on the printer. You can then call the print job from the printer control panel as needed. This feature is useful for storing forms and other commonly shared documents. Store secure private copies to hold a print job until a user releases it by entering a personal identification number. Print one copy of a multiple-copy print job for proofing. The user can then release the remaining copies for printing or cancel them. Caution: If this feature is disabled, the option appears on the printer driver user interface but does not store the print job on the printer. Note: WJA does not support the Standard Job Retention subsetting of the Retain Jobs setting. As a result, you must enable the Ignore Unsupported Item setting, or the setting will never be compliant. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Retain Temporary Print Jobs after Reboot	Specifies whether to keep print jobs on the printer after it’s restarted. You can choose to keep all print jobs or just personal jobs sent by authenticated users. You can choose one of: Retain, Do Not Retain, or whether to keep print jobs on the printer after it’s restarted. You can choose to keep all print jobs or just personal jobs sent by authenticated users. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Size/Type Enabled	Specifies whether the device control panel displays the message “To change size or type, press check.”
Sleep Schedule	Specifies when the printer sleeps and wakes for printing. You can create a weekly schedule for the printer, as well as define specific schedules for days of the week and holidays.
Sleep Settings	Specifies the printer’s Sleep Mode/Auto Off features. You can configure the following options: Sleep Mode (minutes): The number of minutes the printer is idle before it goes to sleep. Wake/Auto On: lets you select which events cause the printer to wake up. You can choose one of All Events, Network Port, Power Button Only. Auto off after Sleep (minutes): The number of minutes the printer is asleep before the printer shuts off. Caution: Some of these settings may prompt certain printers to enter Deep Sleep mode, which could disable any USB-based solutions that are connected.
Temporary Store Job Retention	Specifies how long the printer holds a print job that has not printed before automatically deleting the print job. Caution: Selecting a value of Never Delete could cause the printer’s hard disk to fill up with print jobs that were held but never released for printing. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Time Zone/Daylight Saving	Specifies which time zone the printer is located in and whether the clock on the printer is automatically adjusted for daylight saving time.
Tray 1 Mode / Manual Feed	Specifies how the printer prioritizes which paper to use. There are two options: Cassette (Manual Feed Disabled): The printer prioritizes by paper size first. First (Manual Feed Enabled): The printer always tries to use paper from that tray regardless of the media type or size specified.
Tray Administration	Assigns page sizes and paper types to certain input trays. To assign which input tray is used to print media of a certain page size and paper type.: Click Select Tray. In the Select Tray dialog, enable a tray and choose the Media Size and/or Media Type from the adjacent dropdowns.
Use Requested Tray	Specifies how the device handles jobs when a specific input tray is requested.

Digital Sending Settings

The Digital Sending settings let you configure the email and scanning, and network storage settings for the printer.

Setting	Description
Allow Access to LDAP Address Book	When enabled, lets users access the LDAP address book at the printer to auto-fill recipients’ names or email addresses when sending scans. To allow users access to the address book, you must specify the LDAP server authentication settings. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Email Address/Message Settings	Specifies the default email address and message settings used when sending a scan to email. You can create a template for outgoing messages or enter instructions for users to create their own. Note: Available settings vary by printer.
Email File Settings	Specifies the default file settings for scanned documents that are sent to email.
Email Notification Settings	Specifies how and when to receive notifications about the status of scans that users send to an email address. Note: If you choose to receive email notifications but don’t provide an email address now, you will be asked to enter one before sending scans.
Email Scan Settings	Specifies the default scan settings that will be automatically applied when someone sends a scan to an email address. Users can adjust these settings manually before sending scans.
Network File Folder Settings	Specifies the default file settings that will be applied when a user sends a scan to a network folder.
Network Folder Notification Settings	Specifies how and when to receive notifications about the status of scans that users send to network folders. Note: If you do not provide an email address for receiving notifications now, you will be asked to enter one before sending scans.
Save to Network Folder	Enables or disables the Save to Network Folder feature on the device. This feature provides the ability to save scanned documents in a shared folder on a network computer or server. If you enable this feature, the device might require additional configuration settings, such as DNS and WINS server settings.
Save to SharePoint	Enables or disables the Save to SharePoint® feature on the device. This feature provides the ability to save scanned documents directly on a Microsoft SharePoint site. If you enable this feature, the user does not need to scan a document to a network folder, USB flash drive, or email message, and then manually upload the file to the SharePoint site.
Send to Email	Enables the device to send scanned documents as an email. The device may require additional configuration settings to send email, such as an outgoing SMTP server or other default email settings. This feature eliminates the need to scan the media remotely, save it to file, and then send it in an email from a computer.

Embedded Web Server Settings

Each HP printer has an Embedded Web Server (EWS) that provides web access to the printer. The Embedded Web Server settings configure this feature on your printers.

Setting	Description
Embedded Web Server Language Settings	Specifies what language the Embedded Web Server uses to display web pages.
Time Services	Specifies another machine on the network that can be accessed to obtain the correct time for an individual printer or printers in a device group. HP printers do not have an internal clock to keep track of the time; therefore, they need to connect to another machine on the network to obtain the current time.

Setting

Description

Embedded Web Server Language Settings

Specifies what language the Embedded Web Server uses to display web pages.

Time Services

Specifies another machine on the network that can be accessed to obtain the correct time for an individual printer or printers in a device group.

HP printers do not have an internal clock to keep track of the time; therefore, they need to connect to another machine on the network to obtain the current time.

Fax Settings

Use the Fax settings to configure the behavior of the fax features of your printers.

Setting	Description
Fax Header Settings	Specifies information about the origin of sent faxes. You can include the Phone Number, Company Name, and Country/Region of origin.
Fax Send Settings	Specifies the most efficient settings for sending faxes from the digital send device. These settings affect how the device dials outbound faxes and how it behaves when the receiving line fails to answer the fax. These settings will ensure that most of the outbound faxes are received successfully while minimizing time spent attempting to send faxes to unreachable recipients. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
IP Fax Settings	Specifies the Fax ID and Company Name included with faxes sent over IP. These settings are required when you select IP Fax as the Fax method in the Fax Send Settings.
PC Fax Send	Specifies whether users can send faxes from their computer.

File System Settings

Use the File System settings to configure how your printers manage the access and security of the built-in file system.

Setting	Description
Certificates are a critical aspect of maintaining printer security, used ensure secure communication between the printer and other network resources.	Specifies the behavior of a secure storage erase operation and the erase operation that a printer automatically performs to make space available on a hard disk drive for incoming print jobs. The erase operations are designed to add available space to a device’s hard disk drive and to prevent unauthorized users from accessing confidential information from a device’s hard disk drive or other erasable storage device. The following are the supported secure file erase modes: Non-secure Fast Erase: Erases the file system references to operations, such as completed print jobs. By erasing the references, space on the hard disk drive is made available. This is the fastest erase mode and the default mode. Secure Fast Erase: Erases the file system references to operations and provides one layer of masking to hide data stored on the hard disk drive or other erasable storage devices. This mode is slower than the Non-secure Fast Erase but more secure. Secure Sanitizing Erase: Erases the file system references to operations and provides multiple layers of masking to hide data stored on the hard disk drive or other erasable storage devices. This mode may introduce a significant performance impact to the device while the process is executing. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Certificates are a critical aspect of maintaining printer security, used ensure secure communication between the printer and other network resources.	Assesses file system access to the external storage device(s) through protocols and ports. Select the access method to assess: PostScript (PS): Used by programs such as Adobe products for printing and access to fonts. Printer Job Language (PJL): HP proprietary protocol used to manage print job configuration.

Setting

Description

Certificates are a critical aspect of maintaining printer security, used ensure secure communication between the printer and other network resources.

Specifies the behavior of a secure storage erase operation and the erase operation that a printer automatically performs to make space available on a hard disk drive for incoming print jobs.

The erase operations are designed to add available space to a device’s hard disk drive and to prevent unauthorized users from accessing confidential information from a device’s hard disk drive or other erasable storage device.

The following are the supported secure file erase modes:

Non-secure Fast Erase: Erases the file system references to operations, such as completed print jobs. By erasing the references, space on the hard disk drive is made available. This is the fastest erase mode and the default mode.
Secure Fast Erase: Erases the file system references to operations and provides one layer of masking to hide data stored on the hard disk drive or other erasable storage devices. This mode is slower than the Non-secure Fast Erase but more secure.
Secure Sanitizing Erase: Erases the file system references to operations and provides multiple layers of masking to hide data stored on the hard disk drive or other erasable storage devices. This mode may introduce a significant performance impact to the device while the process is executing.

Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.

Certificates are a critical aspect of maintaining printer security, used ensure secure communication between the printer and other network resources.

Assesses file system access to the external storage device(s) through protocols and ports.
Select the access method to assess:

PostScript (PS): Used by programs such as Adobe products for printing and access to fonts.
Printer Job Language (PJL): HP proprietary protocol used to manage print job configuration.

Firmware Settings

The Firmware settings let you configure and enforce firmware updates on your printer fleet. Printer security could be compromised if the firmware is not regularly updated.

Setting	Description
Auto Firmware Update	Enables the printer’s ability to automatically receive firmware updates.
Firmware Update	Let’s you update the printer’s firmware with finer granularity. You can: Choose specific firmware versions for specific printer models. Schedule the timing of the firmware update to reduce user impact. For more information, see Configuring Firmware Updates via Printer Policy.

Setting

Description

Auto Firmware Update

Enables the printer’s ability to automatically receive firmware updates.

Firmware Update

Let’s you update the printer’s firmware with finer granularity. You can:

Choose specific firmware versions for specific printer models.
Schedule the timing of the firmware update to reduce user impact.

For more information, see Configuring Firmware Updates via Printer Policy.

Network Settings

Use the Network settings to enable or disable various network features and functionality on your printer fleet.

Setting	Description
AirPrint	Enables instant wireless printing from iPad, iPhone, and iPod touch devices. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
AirPrint Fax	Enables or disables sending faxes from an iPad, iPhone, iPod touch, or Macintosh computer to an AirPrint-enabled printer.
Bonjour	Enables the Bonjour service, which allows the printer to be discovered by iOS devices and macOS computers. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Configuration Precedence	Defines the precedence of network configuration methods. Select a configuration in the list, then use the arrows to move it up (higher precedence) or down (lower precedence) in the list.
DNS Server	Specifies the IP address of a Primary and secondary DNS server for a specified device. You can also specify the name of the domain where the printer resides.
FIPS 140 Compliance Library	Enables FIPS 140 compliance on the printer that supports this security feature. The Federal Information Processing Standards (FIPS 140) establish minimum cryptographic requirements for software and hardware modules. These requirements are designed to improve printer security by blocking the use of less secure protocols. When FIPS 140 is enabled, these are some of the restrictions that are implemented: MD5 or DES can’t be used in SNMPv3 RC4-SHA, RC4-MD5, and DES-CBC-SHA can’t be configured For FIPS 140-2: TLS protocol must be used (SSL 3.0 will be disabled) For FIPS 140-3: Only TLS 1.2 or higher can be used (SSL 3.0, TLS 1.0, and TLS 1.1 will be disabled) Notes: Disabling this setting removes FIPS 140 restrictions but does not change existing security settings. If this setting gets enabled or disabled during a remediation, the printer will restart. This may cause other policy settings to fail an assessment. Run the assessment again after the printer restarts to resolve any issues. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
FTP Printing	Enables printing over the File Transfer Protocol (FTP).
Internet Print Protocol (IPP)	Enables printing over the Internet Printing Protocol (IPP). Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
IPv4 Information	Defines the Subnet Mask and Gateway used by the printer to allow it to communicate over TCP/IP.
IPv4 Multicast	Enables IPv4 Multicast. IPv4 multicast allows a device to transmit IPv4 messages to a group of hosts (multicast group address) on a TCP/IP network. IPv4 multicast allows a printer to be discovered by a client utility that uses Bonjour (also known as mDNS) or service location protocol (SLP) for device discovery. If you disable IPv4 Multicast, other protocols that use multicast, such as Bonjour and SLP, might be disabled without notification. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
IPv6 Information	Enables an IPv6-capable printer to use the IPv6 protocol. IPv6 must be enabled to access other IPv6-capable devices through an IPv6 network.
Lin Printer Daemon/Line Printer Remote (LPD/LPR)	Enables printing through Line Printer Daemon (LPD). Line Printer Daemon (LPD) provides line printer spooling services for TCP/IP systems. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Link-Local Multicast Name Resolution Protocol (LLMNR)	Enables Local Link Multicast Name Resolution, which performs name resolution without requiring a DNS server or DNS client configuration. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Secure Internet Print Protocol (IPPS)	Enables secure IPP Printing over the HTTPS protocol. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Service Location Protocol (SLP)	Enables discovery of the device using the Service Location Protocol, a passive discovery protocol used by some client applications to discover and identify devices. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Standard TCP/IP Printing (P9100)	Enables direct-mode printing over port 9100. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Support Contact	Specifies the name of the person that users can contact for device support.
System Contact	Specifies the name of the person who owns or is responsible for the device. The system contact is useful when you need to dispatch repair personnel, have questions about device settings or usage, or need to report a problem with a device.
System Location	Identifies the system based on its location.
TCP/IP Configuration Method	Specifies how the HP Jetdirect print server obtains its TCP/IP configuration. This is a quick method for resetting the IP stack on the HP Jetdirect print server, forcing it to try and obtain an IP configuration through BOOTP or DHCP. Note: The current HP Jetdirect print server TCP/IP configuration is erased.
Telnet Config	Enables configuration of the device over Telnet, which provides additional access to print server configuration and management web pages.
TFTP Config File	Enables the configuration of the behavior of the TFTP Server. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Web Scan	Allows users to send scanned documents from the printer to a computer using the printer embedded web server (EWS). This can be used as an alternative scanning method if scan software is not installed on a computer. Enable one or both of: Web Scan: Enables the Web Scan feature. Secure Web Scan: Enables a more secure scanning option on printers with enhanced security features. Notes: To send scans from an AirPrint printer to other Apple devices, you must also enable the AirPrint setting. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Web Services Discovery (WS-Discovery)	Enables discovery of the device using the WS-Discovery protocol, a multicast discovery protocol used to discover network-connected and PC-connected devices on both local and remote subnets. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Web Services Print (WS Print)	Enables the Microsoft Web Services for Devices (WSD) Print services supported on the HP Jetdirect print server. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
WINS Port	Enables Windows Internet Name Service (WINS) port configuration. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
WINS Registration	Enables Windows Internet Name Service (WINS) registration. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.

Security Settings

The Security settings let you enable, disable, or configure a wide range of features on your printer fleet.

Many of the Security settings include setting or providing passwords or secrets to gain or prevent access to printer features. For information about how HP secures this sensitive data as it assesses and remediates printers, see Using printer policies to configure and enforce printer security.

Setting	Description
802.1x Authentication (Wired)	Creates a port-based authentication protocol that allows or blocks access to a wired network. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced. For more information on configuring this setting, see Using Printer Policies to Configure 802.1x Authentication.
802.1x Authentication (Wireless)	Creates a port-based authentication protocol that allows or blocks access to a wireless network. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced. For more information on configuring this setting, see Using Printer Policies to Configure 802.1x Authentication.
Access Control for Device Functions – FutureSmart 4	Specifies the sign-in method that is required to access applications from the printer control panel and HP Embedded Web Server. Use the permission sets to enable or disable access to the applications. You can configure this setting to overwrite existing permissions with the set you configure, or to append the permission you configure to permissions on the printer. The applications, sign-in methods, and default permission sets that are available vary depending on the device. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Bootloader Password	Configures the bootloader password for the printer. This password prevents unauthorized access to the printer bootloader settings from the control panel. These settings control system-wide options such as cold resets, NVRAM and disk initialization, and clearing RFU errors. Printer operation and functionality can be severely impacted if bootloader settings are tampered with or set incorrectly. Bootloader passwords that are set and managed in a policy will be continually assessed and remediated. A printer’s bootloader password can only be remediated by the policy if the printer doesn’t have an existing bootloader password configured. On most printers, the bootloader password is not set by default. If a printer already has a bootloader password configured, you’ll need to authorize any updates by entering the current bootloader password. Warning: After you set the bootloader password, it can’t be reset or recovered. If lost, you will permanently lose access to bootloader settings. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Check for Latest Firmware	Determines whether the device has the latest firmware and performs a security assessment of the installed firmware. Having the latest firmware on the printer better protects the printer from security threats. The printer must have web connectivity when the setting is enabled, and Firmware Index File Source is set as "Web (hp.com)". This is because the check for the latest firmware will be done against the version published at hp.com.
Control Panel Timeout	Specifies the timeout value, in seconds, for the printer control panel. Valid timeout values can range from 10 to 300 seconds. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Cross-Origin Resource Sharing (CORS)	Enables Cross-Origin Resource Sharing, which allows the printer to share data and resources with trusted external websites. Once enabled, you can create a list of trusted sites. Warning: If no sites are listed, any external site will be able to access printer resources. This is not recommended for security reasons. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Cross-Site Request Forgery (CSRF) Prevention	Prevents the hijacking of an authenticated user session to send unauthorized requests to a server. For the server receiving the requests, it appears that the action is initiated by an authenticated user. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Device Announcement Agent	Enables the announcement agent, which allows users to automatically configure printer settings without administrator intervention. The agent sends an announcement to the configuration server, which pushes the configuration settings straight to the printer. By default, the Device Announcement Agent uses the DNS hostname “hp-print-mgmt” to locate the configuration server. When using the default DNS hostname, authentication between the printer and configuration server can be enabled, but is not required. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Digital Sending Service	Configures the Digital Sending Service, an independent HP product that allows you to configure digital sending. Select Allow use of digital send service to let the Digital Sending Service manage the printer. Select Allow transfer to new digital send service to let any Digital Sending Service manage the printer, even if another Digital Sending Service is currently managing the printer.
Direct Connect Ports	Enables Direct Connect Ports on the printer. Direct Connect Ports (such as USB or RS232) provide direct hardware connections to the printer. If these ports are active, walk-up users can access a printer through a direct connection. In addition, the printer is open for file access and firmware upgrade through these ports. Notes: This setting is only supported on cloud-connected printers. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Disk Encryption Status	Specifies the Disk Encryption Status as either Active or Inactive. When set to Active, the HP Secure Hard Disk encrypts data stored on its disk. Notes: Remediation is not available for this policy item. This setting is only supported on cloud-connected printers. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Display Color Usage Job Log on Information Tab	Enables the Color Usage Job Log on the Information tab of the device’s Embedded Web Server (EWS) to monitor color print jobs processed by the printer. This log contains specific information about color print jobs processed through the printer, including date/time, the print job user, the print job name, the application the print job came from, and information about the number of sides and sheets for the print job.
Embedded Web Server (EWS) Admin Password	Specifies a password for the device’s embedded web server (EWS), which allows users to access the device configuration in a web browser by navigating to the device IP address. For more information on configuring this setting, see Setting an Embedded Web Server Password on your Printers via Policy.
Embedded Web Server Access	Enables configuration of the printer via the Embedded Web Server (EWS). Because Security Manager requires access to the EWS to perform assessment/remediation, you cannot remediate this policy item. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
EWS Information Protection	Lets you configure what information on the printers Embedded Web Server (EWS) Information tab can be viewed. You can choose to: Require the EWS Admin password to access the tab. Display the Print page. Display the Job Log. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Firmware Downgrade	Enables the printer firmware to be downgraded to an earlier firmware version. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Host USB Plug and Play	Enables the Host USB plug-and-play feature on the printer. This feature is used to perform tasks such as scanning to a USB flash drive. Notes: If this option is disabled, control-panel applications that require the Host USB plug-and-play feature, such as the Save To USB application, are automatically disabled. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
HP Jetdirect XML Services	Enables access to XML-based data on HP Jetdirect print servers. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Intrusion Detection Presence	Enables intrusion detection on the printer. Intrusion detection is a security solution through which an admin can proactively detect and be alerted to malicious code and virus attacks across HP devices to maintain the security, integrity, and uptime of the fleet. Notes: This cannot be turned on/off by user selection on the device. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
LDAP Sign In Setup	Enables the printer to access the LDAP server, authenticate users, and search the LDAP server database. For configuration information, see Configuring LDAP Settings via Policy. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
PostScript Security	Enables the printer to permit special PostScript operations. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Printer Firmware SHA1 Code Signing	Specifies which level of Secure Hash Algorithm (SHA) the device requires the firmware bundle be signed by to be installed on the device. If this setting is disabled, the device can only install firmware bundles that have been signed using the more secure SHA-2. If this setting is enabled, the device will install firmware bundles signed by SHA-1 or SHA2. Notes: There is a known issue with this setting that affects printers running Linux-based firmware. For these printers, the firmware bundles are always signed with SHA-2, never SHA-1. As a result, this setting is not applicable and has therefore been removed entirely on the affected printers. If this setting is enabled in a policy and assessed on a printer that doesn’t support it, WXP erroneously returns a false positive instead of ignoring it as an unsupported setting. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Printer Firmware Update (send as Printjob)	Enables the printer to permit remote firmware updates sent as a print job on port 9100.
Printer Job Language (PJL) Access Commands	Enables the HP Embedded Web Server (EWS) to permit access to PJL commands.
Remote Configuration Password	Configures the Remote Configuration Password for the device, which HP Digital Sending Software (DSS) and other remote configuration tools use to connect to the printer. If the Remote Configuration Password is not set, remote configuration tools must instead connect using the EWS password. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Require HTTPS Redirect	Enables any HTTP requests accessing the device via a Web page to be redirected through a secure port (HTTPS). HTTPS uses identity certificates on the device. Consider installing CA-signed certificates before enabling this setting.
Restrict Color	Specifies your organization’s default color settings. You can choose Color or Grayscale, or choose to Customize Color Settings for specific users and applications.
Secure Boot Presence	Enables the printer to verify device firmware after power-on, before it is executed. This feature (HPSureStart) validates preboot firmware and UEFI applications, including the OS loader. Notes: This cannot be turned on/off by user selection on the device. This setting is only supported on cloud-connected printers. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Service Access Code	Configures a service access code on the device. A service access code provides additional security for the device Service menu. Normally, the factory-default service PIN must be entered to access the System menu. When configured and enabled, the factory-default PIN is disabled, and someone trying to access the Service menu would need to provide the Service Access Code before they are granted permission. Disabling Service Access Code restores the factory-default service PIN as the passcode. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
SMB/CIFS (Shared Folder)	Specifies the protocols, either SMB (Server Message Block) or CIFS (Common Internet File System), that the printer uses to transfer files to and from shared folders on the network. From the printer, users can scan files to network folders and retrieve other shared files to print. You can enable any or all of SMBv1/CIFS, SMBv2, and SMBv3. SMBv3 is the latest version with the most updated security features. For the best security, do not enable any of the protocols. Note: This feature is only available on some HP and Samsung multi-function printer models. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
SNMP	Enables the SNMP manager to communicate with agents on individual printers to send and retrieve data related to status, performance, and more. You can enable and configure one or both of SNMPv1/2 or SNMPv3. SMTPv1/2 is a less secure protocol that uses community passwords to control access to printers and other network devices. For improved security, consider using SNMPv1/v2 in read-only mode and enabling and configuring SNMPv3 for those printers that support it. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Stored Data PIN Protection	Let’s you specify when to require a personal identification number (PIN) when storing, printing, and accessing print or scan jobs. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Verify Certificate for IPP/IPPS Pull Printing	Enables the printer to verify the certificate before allowing IPP/IPPS pull printing. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Web Encryption Settings or Active Ciphers	Specifies the encryption strength and individual protocols used for Web-based communication with the HP Embedded Web Server (EWS. Note: If FIPS 140 is enabled, Web encryption strength is set to High, and SSL 3.0 is disabled. To configure Web encryption: Specify the Web Encryption Strength. To modify the selected ciphers, click Change Ciphers, then alter the list of selected ciphers as necessary. Note: All selected ciphers must be present on the printer, as the full selection will be sent in one command. If one cipher is not available, the assessment will fail with the status “Not supported by the device”. Note: This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.
Whitelisting Presence	Whitelist refers to the list of CA certificates stored in the printer’s certificate store against which digital signatures are validated. DLLs and EXEs are allowed to load if they are signed with a certificate that chains back to a certificate in the whitelist. Notes: This cannot be turned on/off by user selection on the printer. This setting is only supported on cloud-connected printers. This setting can only be managed if the device is entitled to HP Secure Fleet Manager Advanced.

Solutions Settings

The Solutions settings lets you create a list of apps that will be deployed to printers.

Setting	Description
App Deployment	Specifies which applications should be installed on the printer and made available to users on the control panel display. To deploy apps to printers: Select Workpath Enablement. Choose whether to remove any apps that you have not selected for installation from the printer, or to allow unselected apps to remain installed. Choose which apps to deploy. Click Select App, then choose any available apps.

Setting

Description

App Deployment

Specifies which applications should be installed on the printer and made available to users on the control panel display.

To deploy apps to printers:

Select Workpath Enablement.
Choose whether to remove any apps that you have not selected for installation from the printer, or to allow unselected apps to remain installed.
Choose which apps to deploy. Click Select App, then choose any available apps.

Supplies Settings

The supplies settings let you configure printer behavior as the supply levels decrease.

Setting	Description
Cartridge Threshold – Black	Specifies when (percentage of toner remaining) the printer displays a notification about low toner supply levels.
Cartridge Threshold – Cyan	Specifies when (percentage of toner remaining) the printer displays a notification about low toner supply levels.
Cartridge Threshold – Magenta	Specifies when (percentage of toner remaining) the printer displays a notification about low toner supply levels.
Cartridge Threshold – Yellow	Specifies when (percentage of toner remaining) the printer displays a notification about low toner supply levels.
Cartridge Very Low Action – Black	Specifies the action that the printer takes when the supply reaches a low condition. If a print supply becomes low during a print job, the print quality of the job might be unacceptable. You can choose one of Stop, Prompt to Continue, or Continue.
Cartridge Very Low Action - Color	Specifies the action that the printer takes when the supply reaches a low condition. If a print supply becomes low during a print job, the print quality of the job might be unacceptable. You can choose one of Stop, Prompt to Continue, or Continue.

Web Services Settings

Use the Web Services settings to extend the capabilities of the device.

Setting	Description
Proxy Server	Specifies the printer’s web browser proxy settings. Enabling the Proxy Server setting lets you set the Proxy Server address and Proxy Port.
Smart Cloud Print	Enables the Smart Cloud Print feature on the device. If Smart Cloud Print is enabled, users can access web-based applications that extend the capabilities of the device.

Wireless Settings

The Wireless settings allow you to enable and configure a Wi-Fi Direct network for each printer, letting users print to an HP printer without being connected to the Internet through a traditional network.

Setting	Description
Wi-Fi Direct	Enables the printer to create its own Wi-Fi Direct network that computers and mobile devices can connect to. Wi-Fi Direct Name Suffix: Specifies a suffix that is appended to “Wi-Fi Direct” to identify the W-Fi network. If left blank, the printer model name is used. Connection Method: Defines how users connect to Wi-Fi Direct. Choose one of: Auto: Users can connect to the printer without entering a passcode. Manual: Users must enter the specified passcode to connect to the printer. Advanced: Users must enter the specified passcode to connect to the printer. You can also define additional security features. Wireless Band: Specifies whether users connect via 2.4 GHz or 5 GHz, and defines the channel used on the selected band

Setting

Description

Wi-Fi Direct

Enables the printer to create its own Wi-Fi Direct network that computers and mobile devices can connect to.

Wi-Fi Direct Name Suffix: Specifies a suffix that is appended to “Wi-Fi Direct” to identify the W-Fi network. If left blank, the printer model name is used.
Connection Method: Defines how users connect to Wi-Fi Direct. Choose one of:
- Auto: Users can connect to the printer without entering a passcode.
- Manual: Users must enter the specified passcode to connect to the printer.
- Advanced: Users must enter the specified passcode to connect to the printer. You can also define additional security features.
Wireless Band: Specifies whether users connect via 2.4 GHz or 5 GHz, and defines the channel used on the selected band

Contact Us

For any assistance, create a support case or email support@wxp.hp.com.